[art] Is CT single-use origins or not? (Re: On BCP 190)
Adam Roach <adam@nostrum.com> Wed, 24 July 2019 16:15 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12CE212024D for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 09:15:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOflhty35g2u for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 09:15:11 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DA86120043 for <art@ietf.org>; Wed, 24 Jul 2019 09:15:11 -0700 (PDT)
Received: from Orochi.local ([196.52.21.210]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x6OGF6d9039980 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 24 Jul 2019 11:15:08 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1563984909; bh=Z7/gMlcc/k9EmI5FwgjGcLFUo2KumF90UAeY/e1KBrc=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=GF9dlnjkJFnC+qy/jLYAvip5r6HNVZtlBr54aalirk0Mb388IS1j7+h4/h0ZOyLG0 BS40cjZyJTAeZH1oMfpr4eAEHJNpxJrhkk1vVyEdYhZzTMTi/jfliv+TXOm6BkldNS ni3RhD114kWIGDvs3m4DDD6i0vreT7DxoHlkOZ+M=
X-Authentication-Warning: raven.nostrum.com: Host [196.52.21.210] claimed to be Orochi.local
To: Melinda Shore <melinda.shore@nomountain.net>, Mark Nottingham <mnot@mnot.net>
Cc: art@ietf.org
References: <58BF6171-03BB-4F83-940F-3A101EFDD67F@mnot.net> <2ba63f8c-0f61-bd59-fbca-9d782a0d9818@mnt.se> <F81E44F7-7B51-4C68-9470-E94EFD2D4102@mnot.net> <e9780f61-681f-a5d9-7b06-549a2e652f5f@mnt.se> <42C8475A-6DFE-4DC6-B608-8159B90F9CDB@mnot.net> <55E6A246-4D77-44DA-AF2B-AA9C42FACC2F@mnt.se> <750cb62e-1256-4e3f-a072-438f6d468f2d@nostrum.com> <9847EF63-6BDE-4746-81C7-EA446FC5938E@mnt.se> <14ed2e66-938e-9ffd-7ff4-ef632c95db14@nostrum.com> <78D647A0-9DDF-444E-8FC0-38395892F054@mnot.net> <99D64809-8010-4E4D-B60E-DC7DD12C0F3B@mnt.se> <649DC0E7-513E-4004-BB9D-C94D9DD29AE7@mnot.net> <c2cb630c-1230-57c4-8688-27371eadabac@nomountain.net> <4B9A518C-6E90-444F-924E-4153AA0E27C7@mnot.net> <21f48b82-43b2-40c0-1590-075f05eaf4dc@nomountain.net>
From: Adam Roach <adam@nostrum.com>
Message-ID: <5415fb69-b63c-ec92-5d66-8af730ff6959@nostrum.com>
Date: Wed, 24 Jul 2019 12:15:06 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <21f48b82-43b2-40c0-1590-075f05eaf4dc@nomountain.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/K4l3vca9wogk7JFS1R_CJbmi2TQ>
Subject: [art] Is CT single-use origins or not? (Re: On BCP 190)
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 16:15:12 -0000
On 7/24/19 09:46, Melinda Shore wrote: > In a chat with Adam earlier today he said that there has, in fact, > been squatting on namespace elements like robots.txt and favicon.ico. > That's extremely helpful and the sort of thing that might support > the case for requiring BCP 190. If we have (or have not) actually seen > the same problem in application namespaces or on single-use servers, > that would be be helpful to know, as well. While I think we need to have a broader conversation on BCP 190 that covers this in depth, there is one critically important bit of information that has not been made clear about the way that CT is being deployed, and I don't think there is any hope of quickly processing the CT document until it is clearly answered: Is the mechanism defined in the "Certificate Transparency Version 2.0" document constrained to run on an origin on which no other services are present? The answer to this question *radically* effects the conversation we need to be having to get the document published as quickly as possible. We can try to finish the wide-ranging conversation about BCP 190 in general without an answer to this question, but unless we want to block the TRANS document while we wait for that to happen, we're going to need to understand this fundamental property as soon as possible. /a
- [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- [art] Is CT single-use origins or not? (Re: On BC… Adam Roach
- Re: [art] Is CT single-use origins or not? (Re: O… Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Is CT single-use origins or not? (Re: O… Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Larry Masinter
- Re: [art] On BCP 190 Carsten Bormann
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Call for Consensus: Re: On BCP 190 Carsten Bormann
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Stephen Farrell
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Sayre
- Re: [art] On BCP 190 Tony Finch
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Stradling
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Melinda Shore
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Ben Campbell
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Larry Masinter