IETF Logo Mail Archive

Re: Issue #356: Form-encode Expect-CT report bodies?

Martin Thomson <martin.thomson@gmail.com> Sat, 10 June 2017 08:59 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B40B9126C0F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 10 Jun 2017 01:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.502
X-Spam-Level:
X-Spam-Status: No, score=-6.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87SgoxCVkKWC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 10 Jun 2017 01:59:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 151FA127275 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 10 Jun 2017 01:59:40 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.84_2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dJcBv-0002DX-Ka for ietf-http-wg-dist@listhub.w3.org; Sat, 10 Jun 2017 08:56:19 +0000
Resent-Date: Sat, 10 Jun 2017 08:56:19 +0000
Resent-Message-Id: <E1dJcBv-0002DX-Ka@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1dJcBm-0002Ck-Bc for ietf-http-wg@listhub.w3.org; Sat, 10 Jun 2017 08:56:10 +0000
Received: from mail-lf0-f53.google.com ([209.85.215.53]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1dJcBf-0001AQ-Mq for ietf-http-wg@w3.org; Sat, 10 Jun 2017 08:56:05 +0000
Received: by mail-lf0-f53.google.com with SMTP id o83so36867757lff.3 for <ietf-http-wg@w3.org>; Sat, 10 Jun 2017 01:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qsBPIgkqt/ex++iQAFwBp/jeOfThxJYrzjPNtmectoY=; b=nhNhtkbWh1vOO5CS4hu90g4v1ydtFJMvPHJNXCaVv6yos2ImHkokDFtBJQ/0ZA4v4l D6pxpZZj05mCXowb1vLTAqbgGw6beqRiBVLuLtSoXaobzMyLNEjvp/IE7ZCv/EhiX/22 7Wc7j1teZXCUQlLdzjXm+YkstPfZwEv2N1zJjb+4NaBexgfRyShQXPYytrd0Xvz8J6LW LFRqxU2Tpv9MBJKgHDHoIbKwCdNvrEX7MVXsHvpr0lXFtnccWV6NV31IdKUFcsakG3A6 /NQ8r1zoxOrE3Wfau5CuOYojEc8BDSm7w+n2pWzAKGZZDfmg1vxSlAo2vNyCQjm34NF/ szaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qsBPIgkqt/ex++iQAFwBp/jeOfThxJYrzjPNtmectoY=; b=oYZfumI+QBJvSeIs95L/+lPtLmCUOLxYXF5U6Bw2lJVjNpHsqnNqeM/n+kloysmmN/ nq/0g6V0+y2L56Fc1JalD0Oz5ps3Ua6g58tOpcyn2N3OmEVwPSGZX66f2kWITtG/FlSl XqqiM5tBNYsuQvvjS+kWgsvZaX1jOr7mDFX3r0sgX1ARhtV3s9PUjVLXLh/fb1O+6WZi 62gcDVFl9Z+bJ7Mt+2+yAS6usUdYSebAFhnrLZv7WK2T76XEUIxpGP2nC54So2S9q1z7 V91xN1Ufn3iIg6qWobZHQXqTmE2PaX8u8EvXCgvtmVlrP8c1mv7OtZTTgs3TEHV4ywnz 1X/A==
X-Gm-Message-State: AODbwcAgzxBig5F+qzcNjsQWavrwUFxWV57dZx8WXKMOkVBRAY1c/nV+ UjeHmFrxpOmQxml23J3NgnoJP7NSNw==
X-Received: by 10.25.215.198 with SMTP id q67mr12162996lfi.76.1497084936541; Sat, 10 Jun 2017 01:55:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.8.66 with HTTP; Sat, 10 Jun 2017 01:55:35 -0700 (PDT)
In-Reply-To: <CAPP_2SYJGXqLOh_E56Aou5RgO2mLNzUYWVZHmwu9_vN2MsV9XA@mail.gmail.com>
References: <CAPP_2Sa+6eSAChgp8KrzabPJUkMmiKBhWp1dFhS0zOVnXrenLw@mail.gmail.com> <CAOdDvNoStrOu=SSZJrKMsQFjG2YVtiLqMdvXP_1PKJ_a+58Mfw@mail.gmail.com> <CABkgnnUVYB1Dqh4efe25bKx=-2iOBXHZg=3fgXjvbRn28b6nuw@mail.gmail.com> <CAOdDvNqquZymrmE3i3DFfdgVUuq-iWxr0+jvO3AF0NymnJK9Zg@mail.gmail.com> <CAPP_2SYNkReoDOjRKdEWtrP=ZGhPO2mKCoQm9Pm7LjcNLyoC+Q@mail.gmail.com> <CAPP_2SYLpKBo-rWV4oMG7V3FeN4aZ7fZEOdFgwFC8ASmFKmvqA@mail.gmail.com> <CABkgnnWU09-kV8gAu6xZV7n-rvrmL6R98EzA7O7nxTjBMFntpQ@mail.gmail.com> <CAPP_2Sa7b3XTgFE0VcF7-ffxYMOuhR8vHTROL88RDus4foP8CA@mail.gmail.com> <CABkgnnU-c4FbBNGz4V-jpO-Rwc5Evy7DFzmBdsT0xkZFv+Drxg@mail.gmail.com> <CAPP_2SY8h-ymtTubY0GMLqWctP4MXXu9nSiUU228gJ5drzZZQg@mail.gmail.com> <CABkgnnXEUdZ9M=911wGcNVqL+=qpwfvnE+3rNu1g3ApepyCKFA@mail.gmail.com> <CAPP_2SYJGXqLOh_E56Aou5RgO2mLNzUYWVZHmwu9_vN2MsV9XA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Sat, 10 Jun 2017 09:55:35 +0100
Message-ID: <CABkgnnVBNHUoSHud88PJGNziA3BMRU7Sd5jhkqVtKfdrGxJHZQ@mail.gmail.com>
To: Emily Stark <estark@google.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, httpbis <ietf-http-wg@w3.org>, Anne van Kesteren <annevk@annevk.nl>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.215.53; envelope-from=martin.thomson@gmail.com; helo=mail-lf0-f53.google.com
X-W3C-Hub-Spam-Status: No, score=-6.0
X-W3C-Hub-Spam-Report: AWL=0.045, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1dJcBf-0001AQ-Mq 05bb00461b13d40e7189d374e8ecefdd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Issue #356: Form-encode Expect-CT report bodies?
Archived-At: <http://www.w3.org/mid/CABkgnnVBNHUoSHud88PJGNziA3BMRU7Sd5jhkqVtKfdrGxJHZQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33977
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

For those who are reading this and eating popcorn, this is probably
worth reading also... <https://github.com/whatwg/fetch/issues/530>

On 9 June 2017 at 16:42, Emily Stark <estark@google.com> wrote:
> As I said in my first message, implementing true preflights would violate
> very core architectural principles in Chrome, and would jeopardize our
> ability to ship an implementation. Maybe there are other implementors who
> would like to chime in to the contrary, but as of now I'm not very inclined
> to specify something that can't realistically be implemented.

I wanted to poke at that a little.  Expect-CT is a header field, sent
by a particular origin.  You store the tuple of origin, the expect CT
mode (none, report, require), and the report URI somewhere.  Then when
you connect to an origin you retrieve any stored tuple and compare
what you get with what you expect.  I don't see how a stack would be
unable to preflight at that point.  It has the information it needs
for a preflight check.

I recognize that a particular piece of software might be constructed
in a way that makes this difficult, but it can't be impossible.

Question: how do you manage the checks when you are using alternative
services?  I expect that you need to store a target origin for the
connection attempt, rather than using the host and port or SNI and
port that you are connecting to.  (This doesn't complicate things
regarding the question at hand, but I don't see any text on this
point.)

v2.23.0 | Report a Bug | By Email