Re: [core] draft-hartke-core-stateless

Christian Amsüss <christian@amsuess.com> Tue, 11 September 2018 13:11 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 984271294D0; Tue, 11 Sep 2018 06:11:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n0cTrsCcjRxv; Tue, 11 Sep 2018 06:11:32 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4809B12785F; Tue, 11 Sep 2018 06:11:31 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id 3B473417B1; Tue, 11 Sep 2018 15:11:27 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 2B8E336; Tue, 11 Sep 2018 15:11:26 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id C389443; Tue, 11 Sep 2018 15:11:25 +0200 (CEST)
Received: (nullmailer pid 13568 invoked by uid 1000); Tue, 11 Sep 2018 13:11:25 -0000
Date: Tue, 11 Sep 2018 15:11:25 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>
To: draft-hartke-core-stateless@ietf.org
Cc: Jim Schaad <ietf@augustcellars.com>, 'Core' <core@ietf.org>
Message-ID: <20180911131124.GA5521@hephaistos.amsuess.com>
References: <009901d4495b$194c4f30$4be4ed90$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
In-Reply-To: <009901d4495b$194c4f30$4be4ed90$@augustcellars.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/knpLvfBEP1XTgrzK_dbAWF9f17o>
Subject: Re: [core] draft-hartke-core-stateless
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 13:11:35 -0000

Hello Klaus,

On Mon, Sep 10, 2018 at 04:07:48PM -0700, Jim Schaad wrote:
> Section 3.1 - I am not sure that I agree that the option should be unsafe to
> forward.  As long as a client and a server agree to deal with the option
> then it does not matter what any intermediate proxies might do.  Changing
> this modifies 3.2.2 as well

I also think that the option can be safe to forward -- as long as the
origin server replies with the "option part" of the token, the proxy
will return the full original request identity (token plus option part)
back.

Either way, one could add that a proxy is free to take responsibility of
the Extended-Token itself, make a note to insert it into the response,
and forward the request without any Extended-Token, relieving the origin
server of the responsibility to deal with the critical option. (I figure
that any non-constrained proxy would want to do that, as it limits the
way a Extended-Token request can fail).

Best regards
Christian`

-- 
I shouldn't have written all those tank programs.
  -- Kevin Flynn