Re: [core] Trusting links in .well-known/core
Klaus Hartke <hartke@projectcool.de> Tue, 05 March 2019 16:58 UTC
Return-Path: <hartke@projectcool.de>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3362D13111D for <core@ietfa.amsl.com>; Tue, 5 Mar 2019 08:58:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L-YKCeOQnl58 for <core@ietfa.amsl.com>; Tue, 5 Mar 2019 08:58:24 -0800 (PST)
Received: from wp382.webpack.hosteurope.de (wp382.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8597::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B81C412D4F0 for <core@ietf.org>; Tue, 5 Mar 2019 08:58:13 -0800 (PST)
Received: from mail-qk1-f180.google.com ([209.85.222.180]); authenticated by wp382.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) id 1h1DON-00046D-UO; Tue, 05 Mar 2019 17:58:12 +0100
Received: by mail-qk1-f180.google.com with SMTP id i5so5128324qkd.13 for <core@ietf.org>; Tue, 05 Mar 2019 08:58:11 -0800 (PST)
X-Gm-Message-State: APjAAAXkzYEJWmiH9WTFJVsEylM1T9SsZtqgF6rSIhuoRW4uy+dxZQ3Y xK/UTdEDdWXX/RmOOdLmIpmW+DO7uSY9T2A7pUg=
X-Google-Smtp-Source: APXvYqzYvBbhE1K9F2wcAMrNVFSYfweF/StBV+2mdXIOxuy66zN5himDAib4pRXgvj0Ew3ApE3bqQekde1FWsIEKmos=
X-Received: by 2002:a37:628a:: with SMTP id w132mr2447189qkb.60.1551805090831; Tue, 05 Mar 2019 08:58:10 -0800 (PST)
MIME-Version: 1.0
References: <CAAzbHvZ+6mj6GwywyAxzUf05B9+ArRSDn4XDumR+AF66ATGWzg@mail.gmail.com> <76EA5546-A02C-41B6-81D9-A31B4EE1F630@tzi.org>
In-Reply-To: <76EA5546-A02C-41B6-81D9-A31B4EE1F630@tzi.org>
From: Klaus Hartke <hartke@projectcool.de>
Date: Tue, 05 Mar 2019 17:57:35 +0100
X-Gmail-Original-Message-ID: <CAAzbHvb3SzJ8rND0iBXT1zyBmVQHwKXe3N8fU=OocfMQQVcO9Q@mail.gmail.com>
Message-ID: <CAAzbHvb3SzJ8rND0iBXT1zyBmVQHwKXe3N8fU=OocfMQQVcO9Q@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: "core@ietf.org WG" <core@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-bounce-key: webpack.hosteurope.de; hartke@projectcool.de; 1551805094; 2b16c3e8;
X-HE-SMSGID: 1h1DON-00046D-UO
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/OfwMWvaTH3rkT63Z6nLmAHKOPc0>
Subject: Re: [core] Trusting links in .well-known/core
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 16:58:27 -0000
Carsten Bormann wrote: > Well, there is a statement in there: “If you want to discover information about kadse, it may be of interest that kefer hosts that resource over there.” Without additional context, that may be nonsensical, but with an RT, it might point to any kind of resource that is of interest in conjunction with knowing about the current server. There is a difference between kadse.example saying e.g. "my billing server is located at <coap://kefer.example/42/>" and "kefer.example hosts a billing server at <coap://kefer.example/42/>". > This is a nice example of a misuse of the word “trust”. How do you “trust a link”? [...] > Whether that has influence on what you do next depends on your authorization policies. That sounds like a very good definition for "trust". You trust a link if your authorization policies allow you to do something next. > I can’t parse this sentence. Links associate “contexts” (bad name for the source of a link) to target resources. Section 2.1 only helps you find out what the “context” is (and I agree, it exhibits some weirdness). RFC 8288 suggests that a client discards any link where the actual link context is overridden. This is the case for every link in Link Format. (Because if there is no anchor attribute that overrides it, Section 2.1 overrides it with the "origin" of the link target.) Klaus
- [core] Trusting links in .well-known/core Klaus Hartke
- Re: [core] Trusting links in .well-known/core Carsten Bormann
- Re: [core] Trusting links in .well-known/core Klaus Hartke