IETF Logo Mail Archive

Re: Adding user@ to HTTP[S] URIs

Rick van Rein <rick@openfortress.nl> Sat, 25 January 2020 11:05 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C15B120099 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 25 Jan 2020 03:05:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=openfortress.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujLyG6ylffKZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 25 Jan 2020 03:05:36 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FB66120089 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 25 Jan 2020 03:05:36 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ivJD8-00035x-Aj for ietf-http-wg-dist@listhub.w3.org; Sat, 25 Jan 2020 11:02:42 +0000
Resent-Date: Sat, 25 Jan 2020 11:02:42 +0000
Resent-Message-Id: <E1ivJD8-00035x-Aj@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <rick@openfortress.nl>) id 1ivJD6-00035B-Jq for ietf-http-wg@listhub.w3.org; Sat, 25 Jan 2020 11:02:40 +0000
Received: from lb2-smtp-cloud9.xs4all.net ([194.109.24.26]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <rick@openfortress.nl>) id 1ivJD2-0006LQ-7L for ietf-http-wg@w3.org; Sat, 25 Jan 2020 11:02:40 +0000
Received: from popmini.vanrein.org ([83.161.146.46]) by smtp-cloud9.xs4all.net with ESMTP id vJCvi9qzeT6sRvJCwi3RFY; Sat, 25 Jan 2020 12:02:30 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openfortress.nl; i=rick@openfortress.nl; q=dns/txt; s=fame; t=1579950143; h=message-id : date : from : mime-version : to : cc : subject : references : in-reply-to : content-type : content-transfer-encoding : date : from : subject; bh=qs9PeNTUefZGcdiIeosPKJRdb915pIw7fe5JA7FggZI=; b=fkZF/Js8aSIxc/4crL//zEMdsDObjGduGsahhZBUxkI+YJYheiYgKhRG 2gJJXnaMYvyt7CjiyTk4jDPYdCnbx72oa0CsMlKKPs/sMbmVuhK4oH/zNO rbC4voZduiX5vzsm99WTPQQspWknX++dWy8VAYC7+oHLt3yy9MbLyDN/s=
Received: by fame.vanrein.org (Postfix, from userid 1006) id 18BF2250EE; Sat, 25 Jan 2020 11:02:23 +0000 (UTC)
Received: from airhead.local (phantom.vanrein.org [83.161.146.46]) by fame.vanrein.org (Postfix) with ESMTPA id 76972254A0; Sat, 25 Jan 2020 11:02:19 +0000 (UTC)
Message-ID: <5E2C2039.7080303@openfortress.nl>
Date: Sat, 25 Jan 2020 12:02:17 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Michael Toomim <toomim@gmail.com>
CC: "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
References: <5E2B76EC.5000300@openfortress.nl> <BB50C7B7-3861-4054-AFB7-6F1C287AFEE6@gmail.com>
In-Reply-To: <BB50C7B7-3861-4054-AFB7-6F1C287AFEE6@gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=1.2.4
X-CMAE-Envelope: MS4wfOwoOWKB5Bvy/AXKpiZMZGA/ozrcL0O+Jzyj31ZTHqd4tPWIwx6aG6c4EC8MxLDIaF80XFOCPQ1C3wVS8PG2/NMnzfzujZ3F8cHj5vOnrn5jaDa410p3 /Ym24jxr0fauGOG38yjZufEeH0wqzJjq0ohh/Uce01Yn4UoPLf9li37L8p4QgiLF+ey8bSeHKnRZFA==
Received-SPF: pass client-ip=194.109.24.26; envelope-from=rick@openfortress.nl; helo=lb2-smtp-cloud9.xs4all.net
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1ivJD2-0006LQ-7L eb7a746ec1c7ac95bb7485da0b5da683
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adding user@ to HTTP[S] URIs
Archived-At: <https://www.w3.org/mid/5E2C2039.7080303@openfortress.nl>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37277
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Michael,

Thanks for your positive response.

>> Most protocols support users under domain names, but HTTP does not.
> 
> Well, it *does* support users within the "path" part of the URL.  For instance, here's a page I just made for you, that's scoped to my user account:
> 
>     https://invisible.college/@toomim/hello-rick

These patterns are common, examples below, and that's why I believe that
we should support mapping users into the HTTP space.  It is useful if
the pattern can be consistent among servers, and in comparison with
other protocols, I think.  HTTP is missing that part of URL syntax.

Having a place to specify user name syntax and semantics is a good
example.  This can help to squash numerous attacks that may be tried
with the generic path-based format that you are showing.  We can then
restrict the grammar to that of a utf8-username in RFC 7542 and thus
exclude spaces, ":" and "@" and other junk and have it enforced (!) at
the HTTP level instead of in scripted applications of varying quality.

>> Usage patterns in the wild do suggest a desire to have this facility.
> 
> I didn't see any example usage patterns in the internet draft.  Can you provide some of them, so that we know what we are working with?

There are many examples of the URL-mapped form like you proposed, and
they seem to be telling that people (or groups) want to represent their
online identity in an HTTP URL.  They cannot be interpreted as user
names, and code to access it ends up with in-situ coding.

Conventionally structured mapping,
	https://www.cabrillo.edu/~rnolthenius/

Site-specific structure,
	https://nlnet.nl/people/leenaars.html
	https://people.utwente.nl/m.vankeulen
	https://www.facebook.com/dssvtartaros/

Unstructured mappings,
	http://catb.org/esr/
	http://rick.vanrein.org

These could be consistently represented as
	https://rnothenius@www.cabrillo.edu
	https://leenaars@nlnet.nl
	https://m.vankeulen@people.utwente.nl
	https://dssvtartaros@www.facebook.com
	http://esr@catb.org/esr
	http://rick@vanrein.org

I pioneered this idea with a crude hack based on Basic authentication,
which is highly inconsistent across browsers because Basic and Digegst
have always misinterpreted the URL userinfo as authentication names,
	http://cook@vanrein.org
	http://writer@vanrein.org
	http://rick@vanrein.org

I can include some examples in the next draft, no problem.


Thanks,
 -Rick

v2.23.0 | Report a Bug | By Email