IETF Logo Mail Archive

Re: Adding user@ to HTTP[S] URIs

Rick van Rein <rick@openfortress.nl> Sun, 26 January 2020 10:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F439120020 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 26 Jan 2020 02:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.752
X-Spam-Level:
X-Spam-Status: No, score=-2.752 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=openfortress.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F9krpGWR8nWH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 26 Jan 2020 02:02:57 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B51120019 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 26 Jan 2020 02:02:56 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iveiD-0000Gr-Ov for ietf-http-wg-dist@listhub.w3.org; Sun, 26 Jan 2020 10:00:13 +0000
Resent-Date: Sun, 26 Jan 2020 10:00:13 +0000
Resent-Message-Id: <E1iveiD-0000Gr-Ov@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <rick@openfortress.nl>) id 1iveiB-00009Z-Ox for ietf-http-wg@listhub.w3.org; Sun, 26 Jan 2020 10:00:11 +0000
Received: from lb1-smtp-cloud9.xs4all.net ([194.109.24.22]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <rick@openfortress.nl>) id 1ivei9-0001m5-Fi for ietf-http-wg@w3.org; Sun, 26 Jan 2020 10:00:11 +0000
Received: from popmini.vanrein.org ([83.161.146.46]) by smtp-cloud9.xs4all.net with ESMTP id vei1iEmQiT6sRvei2i51wP; Sun, 26 Jan 2020 11:00:02 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openfortress.nl; i=rick@openfortress.nl; q=dns/txt; s=fame; t=1580032792; h=message-id : date : from : mime-version : to : cc : subject : references : in-reply-to : content-type : content-transfer-encoding : date : from : subject; bh=dg6PQ/C8cFkvi/a3mELJZl3/ARiUSVROUr9ckqebL3Y=; b=DXbQVoaUXuGS02kBhbkvCMZ5UjWIY+tTOmY7BQy6eIf3V+Tho+4N4Wzw Vk+zK73Pu2c974LJvtqe5Oan7EYrJALaC1u4U6OtxR0gl4yOuGstK+8nZp lEeN01bmcuLEw3ECvubNW8mlufkAWE0cN4eF7Z7C6Bgzs2xG5PycVmL6c=
Received: by fame.vanrein.org (Postfix, from userid 1006) id 1D17C25581; Sun, 26 Jan 2020 09:59:45 +0000 (UTC)
Received: from airhead.local (phantom.vanrein.org [83.161.146.46]) by fame.vanrein.org (Postfix) with ESMTPA id CA679251D6; Sun, 26 Jan 2020 09:59:41 +0000 (UTC)
Message-ID: <5E2D630A.604@openfortress.nl>
Date: Sun, 26 Jan 2020 10:59:38 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Austin Wright <aaa@bzfx.net>
CC: "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
References: <5E2B76EC.5000300@openfortress.nl> <BB50C7B7-3861-4054-AFB7-6F1C287AFEE6@gmail.com> <5E2C2039.7080303@openfortress.nl> <0bb7f153-57ea-7cb4-59e2-26ee2e41d928@treenet.co.nz> <5E2C4738.8010609@openfortress.nl> <alpine.DEB.2.20.2001251614520.15685@tvnag.unkk.fr> <5E2C65D7.7030408@openfortress.nl> <4859592D-1B93-49E0-9661-5E24FDAC276F@bzfx.net>
In-Reply-To: <4859592D-1B93-49E0-9661-5E24FDAC276F@bzfx.net>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=1.2.4
Content-Transfer-Encoding: quoted-printable
X-CMAE-Envelope: MS4wfD0edoq1c/u1fknhYPESt6ix9ERgPnbKRbZkGXis7kZ7GDEdXnPsF+A80zW4wPEermD4dlIVqZEREWWGy09NjtIE8jEHEFgWskAsTCPtR1nDwA3fPlNR rA7os6vxDCQ3sogA9iL+eWDeyTJTfrmHUPIbz8ZfoRNanyO23C/aNZkwipeBX//x1wCblYMGCRsnvQ==
Received-SPF: pass client-ip=194.109.24.22; envelope-from=rick@openfortress.nl; helo=lb1-smtp-cloud9.xs4all.net
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ivei9-0001m5-Fi 0a02ef8f45bbec3afaf2238c3a9b1780
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adding user@ to HTTP[S] URIs
Archived-At: <https://www.w3.org/mid/5E2D630A.604@openfortress.nl>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37284
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Austin Wright wrote:

> I think what the http-wg list is saying is, while the feature could be defined and standardized, user-agents cannot be obligated to support it.

I know, but this kind of thinking is always hindering HTTP progress or,
more in general, the development of any client/server protocol in use.
This style of thought is not helpful during innovation, I think.

Note that what I am tackling here is based on misinterpretation of
RFC3986, so it is a bug that ought to be fixed.  Also note that nothing
is breaking by adding this facilty, only enforcing its use could.

Users who do have a compliant user agent can immediately experience the
benefits for their own use, against their own sites.  That might be
their own IDP, but the support might explode when large providers
support it, as in https://godfried.boomans@gmail.com for access to webmail.


Thanks,
 -Rick


> Consider: If a user clicks on your link, some user agents will send:
> 
> GET /index.html HTTP/1.1
> Host: example.com
> User: john
> 
> And others will send (because they choose not to implement the feature):
> 
> GET /index.html HTTP/1.1
> Host: example.com
> 
> So what functionality is this offering, if servers can’t rely on user agents sending the header?
> 
> There’s an easy solution, just put it in the hier-part:
> 
> http://example.com/~john/index.html
> 
> Or maybe define a standard that allows the _server_ to specify: “URIs of this format <http://example.com/~{user}/> belong to the specified user”
> 
> Austin Wright.
> 
> 
>> On Jan 25, 2020, at 08:59, Rick van Rein <rick@openfortress.nl> wrote:
>>
>> Hi Daniel,
>>
>>> You can't fix this simply by saying that setting the name part of the
>>> userinfo in a HTTP URI is OK. HTTP has no established way to send a
>>> user name outside of authentication.
>> Exactly.  That's why I started this thread with an Internet Draft,
>> https://datatracker.ietf.org/doc/draft-vanrein-http-unauth-user/
>>
>> For http://john@example.com/index.html it sends
>>
>> GET /index.html HTTP/1.1
>> Host: example.com
>> User: john
>>
>>
>> Cheers,
>> -Rick
>>
>

v2.23.0 | Report a Bug | By Email