IETF Logo Mail Archive

Re: [Captive-portals] Magnus Westerlund's Discuss on draft-ietf-capport-api-07: (with DISCUSS)

Barry Leiba <barryleiba@computer.org> Thu, 11 June 2020 20:00 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6BB3A0A92; Thu, 11 Jun 2020 13:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUPXK3tyY14R; Thu, 11 Jun 2020 13:00:27 -0700 (PDT)
Received: from mail-io1-f67.google.com (mail-io1-f67.google.com [209.85.166.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23043A0A8D; Thu, 11 Jun 2020 13:00:26 -0700 (PDT)
Received: by mail-io1-f67.google.com with SMTP id m81so7805763ioa.1; Thu, 11 Jun 2020 13:00:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V7OXoRFhtX0BV6yu2iAfwjlMcSDDVmG6iO389yoXqks=; b=hkQ1EzCvwg5djmTv+KU8nw2ePCpBG5asrpj1Va2n6n1Hl4ZFNuhKTwibGoZzyB8n9f 0ma190fnrV3ELb2klf9lhh70av4Tfzoba3yF4yyaU9k7nyV8FlmnwHA41GhC9c4sHDF3 jZTOv9FZ377nayRzo3r+U7Gya6DkIx7tjVSJmRTG4ajB0lKSu1mpfyjD2zfxZqwu9IYn m5cLcYNThIKyA5gAfp6VcIUrFxIVnhWa8r8CC+IV359aJJq5gQpnS6tOICOtLp3a5opn hjTsCJWStUCgtqsFumg4UsMSJHjRVIVbuhEuW83ewgvkv+YiqZjchyRXZW83uY6P/igz 4/PQ==
X-Gm-Message-State: AOAM532ItbhgZbBegUpduz24j5gn2DL4b0/ZjULuXmR+fWzhb6SwPTh4 MT6GAvpHc85CAGUgWJ27uikpRbK7WRotTvUFxjObnf47
X-Google-Smtp-Source: ABdhPJxecBgmXyLuXWVzhj7u84tyc9gO9/zSHMSLOAHurSwP7lw6HjO1cgPfFQFl00eSmS5pLgWP4FLO3gTuj3amqYU=
X-Received: by 2002:a02:134a:: with SMTP id 71mr4807906jaz.118.1591905626083; Thu, 11 Jun 2020 13:00:26 -0700 (PDT)
MIME-Version: 1.0
References: <159188271968.29701.18116271282173494819@ietfa.amsl.com> <C36BF19F-EB7D-45D7-A639-17F1C66BBEF3@apple.com>
In-Reply-To: <C36BF19F-EB7D-45D7-A639-17F1C66BBEF3@apple.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 11 Jun 2020 16:00:15 -0400
Message-ID: <CALaySJ+r6b7DfgzqN90BSYHCczG4qh_c=PNKj7S5o4HEoKFMsA@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, draft-ietf-capport-api@ietf.org, capport-chairs@ietf.org, captive-portals <captive-portals@ietf.org>, The IESG <iesg@ietf.org>, Martin Thomson <mt@lowentropy.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/DfuRBd79zcGXQ1XYoRsEBIUy4GQ>
Subject: Re: [Captive-portals] Magnus Westerlund's Discuss on draft-ietf-capport-api-07: (with DISCUSS)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 20:00:29 -0000

Your suggested rewording works for me, modulo one question:
Might it be better to say, "SHOULD use the default https port", rather
than giving the port number here?  Or perhaps, if you really want to
say "443", make it, "SHOULD use the default https port, 443."

Barry

On Thu, Jun 11, 2020 at 1:12 PM Tommy Pauly
<tpauly=40apple.com@dmarc.ietf.org> wrote:
>
>
>
> On Jun 11, 2020, at 6:38 AM, Magnus Westerlund via Datatracker <noreply@ietf.org> wrote:
>
> Magnus Westerlund has entered the following ballot position for
> draft-ietf-capport-api-07: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-capport-api/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Section 4.1:
>
>   The API server endpoint MUST be accessed using HTTP over TLS (HTTPS)
>   and SHOULD be served on port 443 [RFC2818].
>
> I have another reason than Roman to discuss this particular sentence.
>
> First of all what is the intention of which HTTP version should be supported
> here? And which protocol are the port 443 you are recommending, TCP, UDP or
> SCTP? This also relates to HTTP/3 as it is getting close to being published, we
> can expect that in the future maybe people would like to upgrade to HTTP/3.
> Already now I am wondering if the written allow for HTTP/2 over TLS/TCP? Note,
> that I am mostly commenting from the perspective if you want to be specific
> that it is HTTP/1.1. over TLS/TCP that is the goal. Then this document should
> make certain changes in the formulation. If you want to be unspecific and don't
> think that will hurt interoperability, then another formulation that the
> current is also needed. Likely also a discussion about how a client will figure
> out what versions are supported.
>
>
> This is an interesting point. In my interpretation, this text does apply to HTTP/1.1 over TLS/TCP,
> HTTP/2 over TLS/TCP, and HTTP/3 over QUIC (which uses TLS for encryption, still uses port 443,
> and still maintains the URI scheme of https://).
>
>
> And maybe one of the ART ADs can help untangle if RFC 2818 really is the right
> normative reference here? Or if it should be RFC 7230 and possibly additional
> references for HTTP/2?
>
>
> Looking at RFCs like the one for DoH, https://www.rfc-editor.org/rfc/rfc8484.html, RFC 2818 is still
> the reference for https:
>
> over HTTP
>    [RFC7540] using https [RFC2818] URIs (and therefore TLS [RFC8446]
>    security for integrity and confidentiality).
>
> My suggestion is that we can reword the sentence in question here to:
>
>   The API server endpoint MUST be accessed over HTTP using an https URI [RFC2818],
>   and SHOULD be served on port 443.
>
> Does that work for everyone?
>
> Thanks,
> Tommy
>
>
>
>
>
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>
>

v2.23.0 | Report a Bug | By Email