IETF Logo Mail Archive

[Dime] Would realm-based redirection be a protocol error or an application error?

Tom Taylor <tom.taylor.stds@gmail.com> Sun, 08 January 2012 20:20 UTC

Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DA121F85F2 for <dime@ietfa.amsl.com>; Sun, 8 Jan 2012 12:20:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGDN+WlB+utP for <dime@ietfa.amsl.com>; Sun, 8 Jan 2012 12:20:09 -0800 (PST)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2203E21F85FA for <dime@ietf.org>; Sun, 8 Jan 2012 12:20:09 -0800 (PST)
Received: by yenl8 with SMTP id l8so850420yen.31 for <dime@ietf.org>; Sun, 08 Jan 2012 12:20:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=+KW6Nqm9Zs5lvPMCa20XVo7e4FFCbh9XVu1R9tIIcRw=; b=eTeMPjnK0cSaeqAdvMB7CaNt9vYyrMjTPjtlG23t7+xfsk5oZM4aGvQ2isbl+8v1G1 ZXD7cKeEGO8xTO12xXIOL/fSU8kOfKATG3PSQ7p6Iuqs+UWzRGKJkl/eqQg0x2dC6YDI vI3/W/uYx5IXqv9bVbU85KTm0xc8Di2w/x0ec=
Received: by 10.236.78.228 with SMTP id g64mr17123051yhe.81.1326054008615; Sun, 08 Jan 2012 12:20:08 -0800 (PST)
Received: from [192.168.2.17] ([64.228.211.26]) by mx.google.com with ESMTPS id b36sm62345216yhj.22.2012.01.08.12.20.07 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 08 Jan 2012 12:20:08 -0800 (PST)
Message-ID: <4F09FA77.5020301@gmail.com>
Date: Sun, 08 Jan 2012 15:20:07 -0500
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: "dime@ietf.org" <dime@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [Dime] Would realm-based redirection be a protocol error or an application error?
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jan 2012 20:20:10 -0000

I'm finally updating draft-ietf-dime-realm-based-redirect.

Given that realm-based redirection is defined at an application level, 
maybe the answer is obvious. What I am concerned with is whether the 
redirect server should clear the 'R' bit in the header to ensure that 
the response goes all the way back to the original requesting host 
(i.e., following on Figure 8 in section 7 of RFC 3588). The reason for 
doing this is the issue identified in the Security Considerations 
section of the realm-based-redirection I-D: a change of realm implies a 
change of business relationship that should be noted by the requesting 
host before the request is rerouted.

Tom Taylor

v2.23.0 | Report a Bug | By Email