Re: Op-sec simplification

Patrick McManus <mcmanus@ducksong.com> Mon, 31 October 2016 21:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC23129B50 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 31 Oct 2016 14:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.397
X-Spam-Level:
X-Spam-Status: No, score=-8.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sendgrid.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGcEKTPtuCq1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 31 Oct 2016 14:44:14 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D027E129B49 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 31 Oct 2016 14:44:08 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c1KIA-0002fm-5j for ietf-http-wg-dist@listhub.w3.org; Mon, 31 Oct 2016 21:38:54 +0000
Resent-Date: Mon, 31 Oct 2016 21:38:54 +0000
Resent-Message-Id: <E1c1KIA-0002fm-5j@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1c1KI3-0002er-Qp for ietf-http-wg@listhub.w3.org; Mon, 31 Oct 2016 21:38:47 +0000
Received: from o1.7n.fshared.sendgrid.net ([167.89.55.7]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1c1KHx-0008E5-Hp for ietf-http-wg@w3.org; Mon, 31 Oct 2016 21:38:42 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=mime-version:in-reply-to:references:from:subject:to:cc:content-type; s=smtpapi; bh=OZM6GPi4ddUhw3sQDiCWYMiEDp0=; b=RBvXWd2G/6m8F3hP4n xqAtMyh4RakWODLsWv3flxe+K8vVQ68TMiCiV/ifbPHqISMWCtvXjgAA840ALifz xfFsgfAv7l7T0cW9SJ46iiPcNNAcWmFiICZ+FMcCqSvQtJhUrbuhhC1vrzLzPiDC 3Y3acQQ62JrQuW5nrOlR+xPN0=
Received: by filter0023p1las1.sendgrid.net with SMTP id filter0023p1las1-11225-5817B9C5-7 2016-10-31 21:38:13.302940177 +0000 UTC
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) by ismtpd0010p1las1.sendgrid.net (SG) with ESMTP id 15zR2xabRsqzCTlHeVsd6Q for <ietf-http-wg@w3.org>; Mon, 31 Oct 2016 21:38:13.330 +0000 (UTC)
Received: by mail-oi0-f47.google.com with SMTP id i127so251448896oia.2 for <ietf-http-wg@w3.org>; Mon, 31 Oct 2016 14:38:13 -0700 (PDT)
X-Gm-Message-State: ABUngveWoJo9musKPIIeFvuuJCplEugX96+59VUjvuN9JeKZR2VzKv24CwKcsM1M915JW740eEeuQxrGpF515Q==
X-Received: by 10.107.58.67 with SMTP id h64mr1089063ioa.115.1477949891649; Mon, 31 Oct 2016 14:38:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.228.236 with HTTP; Mon, 31 Oct 2016 14:38:11 -0700 (PDT)
In-Reply-To: <CABkgnnX+Eu6hRnWLRU3D=vUpVmSo8zH4=8zk7d=Y7-CZcGa=nQ@mail.gmail.com>
References: <CABkgnnX+Eu6hRnWLRU3D=vUpVmSo8zH4=8zk7d=Y7-CZcGa=nQ@mail.gmail.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Mon, 31 Oct 2016 17:38:11 -0400
X-Gmail-Original-Message-ID: <CAOdDvNrFw0SR-1vf4tVa9UifZJ+LYme3fVOPKE9YzDZ5BPNhAg@mail.gmail.com>
Message-ID: <CAOdDvNrFw0SR-1vf4tVa9UifZJ+LYme3fVOPKE9YzDZ5BPNhAg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary=001a114ac08249ad79054030068e
X-SG-EID: YLWet4rakcOTMHWvPPwWbcsiUJbN1FCn0PHYd/Uujh6chyV4aaIWBVUNwaE4gncwLORfJ/nB1IgzY1 10a4O+yXD6jkXRu5rNmzdIhpD/cKHvdOMziGsjqne/Jb05k7uApFkqooFBPkfAU5r+PRnAD7nXV8nP qEKtK86N4q+24b2mko0+Qp/ODxbyHXkRS8GD+DYAwUG9z+ZxzNfuSKfnqvzQIaHAMxdC6yFrLOjDnZ s=
Received-SPF: pass client-ip=167.89.55.7; envelope-from=bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net; helo=o1.7n.fshared.sendgrid.net
X-W3C-Hub-Spam-Status: No, score=-6.6
X-W3C-Hub-Spam-Report: AWL=0.311, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-2.505, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c1KHx-0008E5-Hp e0a25f1921db1f2e17b7f15bc9b88322
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Op-sec simplification
Archived-At: <http://www.w3.org/mid/CAOdDvNrFw0SR-1vf4tVa9UifZJ+LYme3fVOPKE9YzDZ5BPNhAg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32761
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

[implementor hat]

this is good. thanks for driving it to the finish line. let's see if we can
cross it this time :)


On Sun, Oct 30, 2016 at 9:04 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> In the spirit of continuing simplification, here's a PR on the
> opportunistic security draft:
>
> https://github.com/httpwg/http-extensions/pull/254
>
> The main changes:
>
>  - the .well-known resource is a flat list of origins
>  - the client only needs to acquire a .wk from the secured server
>  - the draft explicitly allows HTTP/1.1
>
> As before, I apologize for short notice, but I plan to merge this
> fairly soon and submit a draft revision.  Thanks to the magic of git,
> any mistakes I've made - either in reading where consensus was headed,
> or in editing - can be reverted easily.
>
>