Re: HTTP2 Expression of Interest
Nico Williams <nico@cryptonector.com> Fri, 13 July 2012 05:18 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDFCF21F86B4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Jul 2012 22:18:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[AWL=2.873, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aJ047sOlwi-a for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Jul 2012 22:18:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 7766B21F86C3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 12 Jul 2012 22:18:30 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SpYFr-0001jO-KU for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Jul 2012 05:17:27 +0000
Resent-Date: Fri, 13 Jul 2012 05:17:27 +0000
Resent-Message-Id: <E1SpYFr-0001jO-KU@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1SpYFj-0001id-WA for ietf-http-wg@listhub.w3.org; Fri, 13 Jul 2012 05:17:20 +0000
Received: from caiajhbdcahe.dreamhost.com ([208.97.132.74] helo=homiemail-a65.g.dreamhost.com) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1SpYFi-00054k-ME for ietf-http-wg@w3.org; Fri, 13 Jul 2012 05:17:19 +0000
Received: from homiemail-a65.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTP id 4B5227E4062 for <ietf-http-wg@w3.org>; Thu, 12 Jul 2012 22:16:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=UJ02V/sGqassoBMG5AY5x whCuhrlFVp3+6cEekwPFhe+8kEJtrkJQjiVy43BPs9anCkPricetaSjThFNsfs66 8PQodBMA0IW10Mor8LQDyzaaVCgsjH+gtnPGqB+33NxlzZHX1Tp37KHWqQ687Oe9 ZgyNwwpbNxB7AThGWtRZpg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=iKw/fMdBpQrlsilhkmzw LPzEVAU=; b=lCQBuxlFxoakWtM0nsCiAr57cKqKrz5zv2llyFDzwjs0N3KTowGh 2GhVrqWHsx4r7OlW0T+OrQC67bMVsodqRSt4xL/vGYo+wEhracTGo3vpzPzzkbId 8wCOvw/p4ZQWO3+NYpNn2onEl1+31qFP9Bzi4XPkuLcX+y5OUf+H2aw=
Received: from mail-gg0-f171.google.com (mail-gg0-f171.google.com [209.85.161.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTPSA id 2C8B47E4056 for <ietf-http-wg@w3.org>; Thu, 12 Jul 2012 22:16:57 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so3286974ggm.2 for <ietf-http-wg@w3.org>; Thu, 12 Jul 2012 22:16:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.66.75.168 with SMTP id d8mr2051835paw.63.1342156616188; Thu, 12 Jul 2012 22:16:56 -0700 (PDT)
Received: by 10.143.29.16 with HTTP; Thu, 12 Jul 2012 22:16:56 -0700 (PDT)
In-Reply-To: <CAPik8ybB-pzn8M3JVJJtpZK-DHEW8amsw_kjbLNQSNQ4dkjeLQ@mail.gmail.com>
References: <CAPik8ybB-pzn8M3JVJJtpZK-DHEW8amsw_kjbLNQSNQ4dkjeLQ@mail.gmail.com>
Date: Fri, 13 Jul 2012 00:16:56 -0500
Message-ID: <CAK3OfOiKSrSLYrq9cSMKf=8ujK5Y5jgCws0HrCY8gO6+Vscf_w@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=208.97.132.74; envelope-from=nico@cryptonector.com; helo=homiemail-a65.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-2.0
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: maggie.w3.org 1SpYFi-00054k-ME 67e5d773ab4abd4124deae02d466bb22
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP2 Expression of Interest
Archived-At: <http://www.w3.org/mid/CAK3OfOiKSrSLYrq9cSMKf=8ujK5Y5jgCws0HrCY8gO6+Vscf_w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/14126
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Thu, Jul 12, 2012 at 9:22 PM, Paul Hoffman <paul.hoffman@gmail.com> wrote: > draft-williams-rest-gss relies on GSSAPI, which has thin adoption even > after many years. [...] If you consider that the SSPI is very similar to the GSS-API, and wire-compatible with it anyways, then that assertion is quite clearly incorrect. SSPI is extremely widely used, both in proprietary application protocols and standard ones (including TLS, since SSPI is the interface to TLS in Windows). The GSS-API has had a dearth of mechanisms for it deployed, but this is beginning to change. We now have all of these standardized and/or deployed: - Kerberos (including IAKERB) - GSS-EAP (see ABFAB WG) - SCRAM - Microsoft's PKU2U (PKI, based on Kerberos w/ PKINIT) - the GSI mechanism that is really just TLS repackaged as GSS (See again how SSPI is the interface to TLS in Windows. It's also the interface to SASL.) - OAuth and SAML-based mechanisms are in the works as well. It's easy enough to add new GSS-API mechanisms, but between GSS-EAP, Kerberos (particularly with trust routing and bootstrapping enhancements), PKU2U, OAuth, and SAML I think we have most needs covered. A ZKPP mechanism or three should be added, but unless that's done in a way that federates then I think it's best to make sure that GSS-EAP can use ZKPP EAP methods and Kerberos can use ZKPP pre-authentication mechanisms. The biggest Internet protocol users of the GSS-API are SSHv2 (yes, really, SSHv2 w/ GSS and Kerberos is widely deployed in corporate networks), LDAP (see again Windows), and NFS. But also IMAP (see Exchange), DNS (GSS-TSIG, see Active Directory and Windows) and others. There's also widely deployed non-Internet standards-track protocols, such as SMB, as well as many proprietary protocols. And then there's HTTP/Negotiate -- how could I forget! (though to be sure I don't really like HTTP/Negotiate, otherwise I might just have proposed that.) Nico --
- HTTP2 Expression of Interest Rob Trace
- HTTP2 Expression of Interest Paul Hoffman
- Re: HTTP2 Expression of Interest Nico Williams
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Nico Williams
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Nico Williams
- RE: HTTP2 Expression of Interest Paul Leach
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- HTTP2 Expression of Interest Jonathan Silvera
- HTTP2 Expression of Interest Doug Beaver
- Re: HTTP2 Expression of Interest Willy Tarreau
- Re: HTTP2 Expression of Interest James M Snell
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- HTTP2 Expression of Interest Sam Johnston
- HTTP2 Expression of Interest James Tucker
- Re: Re[2]: HTTP2 Expression of Interest Rajeev Bector
- RE: HTTP2 Expression of Interest Doug Beaver
- Re: HTTP2 Expression of Interest Tim Bray
- Re: HTTP2 Expression of Interest Grahame Grieve
- Re: HTTP2 Expression of Interest James M Snell
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[2]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: HTTP2 Expression of Interest Martin J. Dürst
- Re: HTTP2 Expression of Interest Martin Thomson
- Re[2]: HTTP2 Expression of Interest Adrien W. de Croy
- Re[4]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: Re[4]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[6]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: Re[4]: HTTP2 Expression of Interest Roberto Peon
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Julian Reschke
- Re[8]: HTTP2 Expression of Interest Adrien de Croy
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- RE: HTTP2 Expression of Interest Henrik Frystyk Nielsen
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[2]: HTTP2 Expression of Interest Adrien de Croy
- Re[2]: HTTP2 Expression of Interest Adrien de Croy
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Nicolas Mailhot
- Re: HTTP2 Expression of Interest Yoav Nir
- Re: HTTP2 Expression of Interest Nicolas Mailhot
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: HTTP2 Expression of Interest Werner Baumann
- Re: HTTP2 Expression of Interest Amos Jeffries