IETF Logo Mail Archive

Re: [art] On BCP 190

Jacob Hoffman-Andrews <jsha@letsencrypt.org> Wed, 24 July 2019 16:52 UTC

Return-Path: <jsha@letsencrypt.org>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9633120112 for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 09:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XD9zJFpfmdYo for <art@ietfa.amsl.com>; Wed, 24 Jul 2019 09:52:12 -0700 (PDT)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98AF212015B for <art@ietf.org>; Wed, 24 Jul 2019 09:52:12 -0700 (PDT)
Received: by mail-qk1-x732.google.com with SMTP id a27so34271616qkk.5 for <art@ietf.org>; Wed, 24 Jul 2019 09:52:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6yFpCSI3L6C6h6sMaGsLS3HaCuuhbkl+T6/JdP9ll1Q=; b=Z63XLLfUNIfF2rYb1tqNiYHXV/0vd1Lehcnjj9FUNkodUmK4u5p8zhQWIoitnp2xbc tx2162FwZIxeYFK+0y72DGH0GR5TgeOTGv3F+DXHKmQk2Sw+vEG6/Pia66gu3pS4eMd+ rPGRhYzdyfJWin2WsYQ2b1n4lpegnWePbsfco=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6yFpCSI3L6C6h6sMaGsLS3HaCuuhbkl+T6/JdP9ll1Q=; b=ZMR9tRZXrKB1tIOi2iP/Owg0bP6AqouXaBZtQoKefcRJeQ471pZpgUbTWH+I02QwTW lo9pRIctxmnvHu/KuWMGmsNy1aLyn5RgaUD4FIhKNNeNbwVT9owYwO0M59xE7eXaMu5G YNgTWX1iIm/x7S3PxojTqldB4e29+gU1k+zIO9Qs9GVxDnOCNOWZqH5KpyT3isuz2v+O yD3JRcyu65SCir6AL7i2kzxzR6VxKd3iZnKohqxQoNZwl/gSdKJJhTmGCTBK943SAyei a2D/BbriIYPQ2rKcYt9Ff1EL37wbFcDlJCaO0GNmC1ywnThm7COjR0FYQer+5bNJum4+ Z0wA==
X-Gm-Message-State: APjAAAWurciGizVneW1QtEDZlw4Gvuej7u8k4FX1PWvEJ7HWCaBPwT4q z59rJwYW84tjysRBZzprB3QSbH3j5PkRAuOsxJ5wIw==
X-Google-Smtp-Source: APXvYqzi/obEf9Hnxh+F5aXAHFQMW2k101cRAl8YOTWk//lPlkwJNevu2aY982gHsUUwjVqqrzJCH0BrXgSIe5UiXtk=
X-Received: by 2002:ae9:f010:: with SMTP id l16mr54204122qkg.292.1563987131702; Wed, 24 Jul 2019 09:52:11 -0700 (PDT)
MIME-Version: 1.0
References: <58BF6171-03BB-4F83-940F-3A101EFDD67F@mnot.net>
In-Reply-To: <58BF6171-03BB-4F83-940F-3A101EFDD67F@mnot.net>
From: Jacob Hoffman-Andrews <jsha@letsencrypt.org>
Date: Wed, 24 Jul 2019 09:51:45 -0700
Message-ID: <CAN3x4Q=Jo1uBvfCG6CSrociYgdG+E4jq+4cB1txPjgboth2q9g@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: ART Area <art@ietf.org>, Devon O'Brien <devon.obrien@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000006b32a1058e7021a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/TCwPOBiQCJ0IhnsBZqIOGFFDYmw>
Subject: Re: [art] On BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 16:52:17 -0000

I'd like to reiterate that CT does not squat on namespace elements, like
favicon or robots.txt. CT logs are specified by origin *and path prefix*:

https://www.ietf.org/archive/id/draft-ietf-trans-rfc6962-bis-31.txt
>   The <log server> prefix, which is one of the log's parameters, MAY
>   include a path as well as a server name and a port.

So CT is totally fine with regards to this part of BCP 190 Section 2.3
<https://tools.ietf.org/html/bcp190#section-2.3>:

>    For example, an application ought not specify a fixed URI path
>   "/myapp", since this usurps the host's control of that space.

It's this part of BCP 190 Section 2.3 that is causing the issue:

>  Specifying a fixed path relative to another (e.g., {whatever}/myapp)
>  is also bad practice (even if "whatever" is discovered as suggested
>   in Section 3); while doing so might prevent collisions, it does not
>   avoid the potential for operational difficulties (for example, an
>   implementation that prefers to use query processing instead, because
>   of implementation constraints).

To be clear, the "whatever" in this case is referred to as <log server> in
CT, and is discovered via the known logs list (
https://www.certificate-transparency.org/known-logs) and browser CT
programs.

On Tue, Jul 23, 2019 at 11:14 AM Mark Nottingham <mnot@mnot.net> wrote:

> common practices for an API that's implemented once and deployed on one
> server that's under the control of the designer (e.g., api.twitter.com)
> are often not appropriate for an API that is implemented many times,
> deployed on many servers owned by different people, and sometimes evolved
> independently
>

This is a valuable and subtle point, and I think the crux of the matter.
It's actually surprisingly rare to see an HTTP API that is designed to be
implemented many times. But if you look at those that are (RFC 7482, RFC
7808, RFC 8040, Mastodon, and Git, for example), what they have in common
is that they are all organized around a hostname and path prefix, just like
CT.

v2.23.0 | Report a Bug | By Email