[calsify] ReplyTo with HTTP (for development)
Andri Möll <andri@dot.ee> Fri, 25 May 2018 10:44 UTC
Return-Path: <andri@dot.ee>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 942CD124D68 for <calsify@ietfa.amsl.com>; Fri, 25 May 2018 03:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zonevs.eu header.b=ui/mnK8L; dkim=pass (2048-bit key) header.d=srs2.zonevs.eu header.b=xyB4BYWD; dkim=pass (2048-bit key) header.d=dot.ee header.b=WrUStpxv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9NnuKtzr_fe for <calsify@ietfa.amsl.com>; Fri, 25 May 2018 03:44:41 -0700 (PDT)
Received: from srs2.zonevs.eu (srs2.zonevs.eu [217.146.68.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0EFB124BAC for <calsify@ietf.org>; Fri, 25 May 2018 03:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zonevs.eu; q=dns/txt; s=oct2016; bh=LIvvjH3NisfZ0NL4M1cR81pr0tkf6+OE5wxPTz9emtw=; h=from:subject:date:message-id:to:mime-version:content-type; b=ui/mnK8LhhPu43vz6pIyOfXcXxfSSGJCejiv86XfmgWxu4jDWtXL7QNBGipn/98S9D3Pj+UUk 9AX/ANVWHoI8j2HIkWNJ+qCbCfSG3IqZNfbj+X1GW/i+FRAsf8zWDOixzaaYx7B4smFt/va1Lvp eeNQDNdDs4LWToKtz4vRbDf7pFsEEjNGkul2A5gaTuilidi3d6n0v3TvrLR9If1X2nKnqgKEnS0 VNFfhQZnqAmgW77AtYzCAAYZcbQmDoTBaJERt85yek2bPa4ERnKUMAPVsrGEh5BihtjcpDyv7fN +XmeDVXtywFI+kWIH8O/n8TyITciosgskgr4NtJnsa/w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=srs2.zonevs.eu; q=dns/txt; s=oct2016; bh=LIvvjH3NisfZ0NL4M1cR81pr0tkf6+OE5wxPTz9emtw=; h=from:subject:date:message-id:to:mime-version:content-type; b=xyB4BYWD3BVQDbnb7GPrzWWlgnrSB2pS2GMRgGwks52ZIg91e42dy/ykiMxkHmQByA4v3tHK1 tSCpPXPxUqu4QWCxTMaol4EvRfypCHjbejaWpivJ+1q3MXQ820Lc5TrXSIuVxRgbJlNFjMU2xNT J7Hwgjo3ojkqZYAyPf11ibOynDPvgU30f+tNRhaWtrnxRrHxgCHk3B97tm3A0Xn/ueG9pr3ya1x mLu9xP3XLfUPEUgQlnFL5WFibvd+tkLzuFMsfr44x270xNK2A2PTPTx/PjkFy6vhPhejdYH+r8A A4hptkM+9oFYykJqCGY1Va9xLlVfHdzrPcFa8tdKqsLg==
Received: from smtp.zone.eu ([217.146.66.121] smtp.zone.eu) by srs2.zonevs.eu (ZoneMTA Forwarder) with ESMTP id 16396e671da0006747.001 for <calsify@ietf.org>; Fri, 25 May 2018 10:44:34 +0000
X-Zone-Loop: 7df3ef48f0b1e9fe9fc5d67e590e17c9bca8be7478ab
Received: from localhost (43-221-50-195.dyn.estpak.ee [195.50.221.43]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: d3623m47440@@) by smtp.zone.eu (Postfix) with ESMTPSA id 6DE9A18F9C12 for <calsify@ietf.org>; Fri, 25 May 2018 13:44:34 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dot.ee; s=zone; t=1527245074; bh=abWKOnfkOW4mOMxtZLyckKU/Aqy/6EPBmbhSFcR5tyw=; h=To:From:Subject:Date; b=WrUStpxvrlW5D870gn78iiBIk4ARfTNJBWB2+ZwfUL0LcTTdTNpFW7KA1ztDC8/x/ 6f0tp1CGmNDSAVA9lWCp1olOAK3uNG3FCJhguVw/AQGSgz1e5N964Tdy+W4KPTkCVu VihC6Vau6VtA/I8enKuJ3MF0AUTpw8WeVDe7MDJgnWyYI7tL2TqQOqwRTf51k57mkZ /RTEXZKCknRpetZMJ4Ff2C+oLZ6en2Lh9YhGIDqpqZ0xQ9R3K+lO5W0Nfa1yngII47 9tkvIKtrbJyaZfH3YM1u9U4nqiaml5EBt57f0vnKNKWTqInCLL5xUeRu/btebqJ8I5 N+CLmQC1jeOnQ==
To: calsify@ietf.org
From: Andri Möll <andri@dot.ee>
Message-ID: <4e5fbfb3-3b6d-954c-9fb7-1fea100c400d@dot.ee>
Date: Fri, 25 May 2018 10:44:33 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------8E5421FD56CA6EA00E724C54"
Content-Language: en-US
X-Zone-Spam-Resolution: no action
X-Zone-Spam-Status: No, score=-2.799173, required=15, tests=[HFILTER_HOSTNAME_5=3, BAYES_HAM=-3, ARC_NA=0, TO_DN_NONE=0, MID_RHS_MATCH_FROM=0, R_DKIM_ALLOW=-0.2, RCVD_VIA_SMTP_AUTH=0, RCVD_TLS_ALL=0, NEURAL_HAM=0, MIME_GOOD=-0.1, PREVIOUSLY_DELIVERED=0, DKIM_TRACE=0, FROM_EQ_ENVFROM=0, RCPT_COUNT_ONE=0, ASN=0, IP_SCORE=-2.599173, FROM_HAS_DN=0, RCVD_COUNT_ONE=0, ONCE_RECEIVED=0.1]
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/1JsvxuUODvDPhqekSdR0m1mNK3s>
Subject: [calsify] ReplyTo with HTTP (for development)
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 10:44:45 -0000
Hey, I'd like to challenge the HTTPS-only requirement of ReplyTo and possibly other future properties in favor of a better development experience. On 05/25/2018 08:26 AM, Robert Stepanek wrote: > *replyTo*: the HTTP path template for the replyTo `web` property must > use HTTPS. Neil Jenkins: >> >> *Section 4.4.4. replyTo* >> >> Method “web”: It’s 2018, can we ditch support for plain, insecure >> “http”, and only support the secure version? A JSCalendar object with >> an insecure replyTo address is invalid and MUST be rejected. >> > > Seems reasonable to me, although in practice I wonder how many > implementations will actually reject the whole object because of an > http: /replyTo/ property. I'm all for strongly suggesting HTTPS for public Internet use, but during development I must say HTTPS is a pain in the ass. I, like a lot of other people, develop and test locally using either .local (if devices support zero conf) or a private domain in the likes of .dev or .test set up in the router. With HTTPS, one would have to migrate to a public [paid] domain; start managing and distributing certificates among team members; give up using .local in networks one doesn't control and with devices you can't change /etc/hosts on; etc. I'd argue HTTPS-only suggested through "SHOULD" combined with shaming of people using HTTP in the public net suffices. People occasionally do weird things that make HTTPS redundant (proxying HTTP directly to the web server over SSH). Let them. I don't think it's wise to corner oneself in a spec like this. Andri
- [calsify] ReplyTo with HTTP (for development) Andri Möll
- Re: [calsify] ReplyTo with HTTP (for development) Neil Jenkins
- Re: [calsify] ReplyTo with HTTP (for development) Andri Möll
- Re: [calsify] ReplyTo with HTTP (for development) Robert Stepanek
- Re: [calsify] ReplyTo with HTTP (for development) Marten Gajda
- Re: [calsify] ReplyTo with HTTP (for development) Andri Möll
- Re: [calsify] ReplyTo with HTTP (for development) Robert Stepanek