Re: Benjamin Kaduk's Discuss on draft-ietf-httpbis-messaging-16: (with DISCUSS and COMMENT)
Martin Thomson <mt@lowentropy.net> Thu, 17 June 2021 02:36 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3DC3A14BE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 16 Jun 2021 19:36:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.749
X-Spam-Level:
X-Spam-Status: No, score=-7.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=BFa6v76I; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=FIhMZxkw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vA616wtVRpwy for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 16 Jun 2021 19:36:35 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA3F33A14B8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 16 Jun 2021 19:36:35 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lthqG-0006UM-RJ for ietf-http-wg-dist@listhub.w3.org; Thu, 17 Jun 2021 02:33:20 +0000
Resent-Date: Thu, 17 Jun 2021 02:33:16 +0000
Resent-Message-Id: <E1lthqG-0006UM-RJ@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lthpu-0006SD-V8 for ietf-http-wg@listhub.w3.org; Thu, 17 Jun 2021 02:33:01 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lthpq-00069D-VA for ietf-http-wg@w3.org; Thu, 17 Jun 2021 02:32:52 +0000
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 1EA955C00B5; Wed, 16 Jun 2021 22:32:40 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Wed, 16 Jun 2021 22:32:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=lXDkeBFE0OHTu3+4kHnHP5EjtZg0 oH9d2CEqUPTM1Rw=; b=BFa6v76IegLZnZvi+eZbdMVql4G+fGK4EkiTdvL55jwu o/PbPTlacQYtohmN/BojNdvXitUD1PPG05lnazsdYul7cbcTHylW6xIHJx5aaSwp v7x8mwE4En6duAGARHXyug7IHnbebr5jQkqYSOz+aaxhlLiME4x3xA/DPkU1Gz3S 6pSny5JQ2hv/MeSncpTYxDnpcxfuC/YHhjZ/ZUq7ogadAt0oLJ1ndPOQ1gcnBqu4 cLc8X05kjx32R+mWgPiukGcBjlcqL5D4pFYuQfeOv5RTfGof9lVAuCR3NmkETrSF 1ss5y5nCCNamgeNE75AV4tBOA94kF8eu/jopr7q6IQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=lXDkeB FE0OHTu3+4kHnHP5EjtZg0oH9d2CEqUPTM1Rw=; b=FIhMZxkwVycosgv++nMZRi 4W41n4ouqAmkjGGrk+8IzoPwO8aXz7vRbaCCizinH03k2bmbll+QEqr1oFDBRst6 I2r+hBB+v42BHs42XjiO3F9ZIa65Zuoq8Vlc91eGKcI79CfhHq2y9DxNWBN2GWwd lEsdiLPEnuzQ5kbbwfdStaEXGXLIDVEpagXPbLA9kzwM8dYTbXLoU/X5DbvHCyAS XWx7a0RP9sbzi5bezcwYCg0dwuTOURkXRVGl2LivEq+QuADw16qfJG5wJRvl38gK /uXaMauz44/py4v44RP0L7w8V286hNPI1QU0V6qAm5l1YFLzI4azua2JTB2eWPfg ==
X-ME-Sender: <xms:R7TKYKUL2s2xuZAo0TkJntkZjYxl2ogsF6cNyRK-WlVvP89RwfyIsA> <xme:R7TKYGlPX6ZfyVUmBB4Gf0Pbh71kmO9K_CB54rgItFREMDZkpBMBuNHhUKn4FCmJt Dy-NPIxT78h7f2PZ3M>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeeftddgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepgfejveefhfevudehgfdtudfghfeggefgleetheejgeegleduueet tddtveejgfeunecuffhomhgrihhnpehhthhtphifghdrohhrghenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophih rdhnvght
X-ME-Proxy: <xmx:R7TKYOZ9GbLC9ZnQxAQz-LsGN-O5pWTjJNNLKMXLt_58lmb4sUZNMA> <xmx:R7TKYBWr4oTsB4fVKIhu4g6Su0wr3pC1hWIvBWiIvxB1wpPmzqVZuw> <xmx:R7TKYEl612Ok4yVTROjzWFLoim-RgzjRByk1OrERQCxvgLSUBiNlkg> <xmx:SLTKYOgOIJbkidu8a51SaMhjm4DyGqu-begJstj-xYhcfoQMFyEGjA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A71F14E0099; Wed, 16 Jun 2021 22:32:39 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-526-gf020ecf851-fm-20210616.001-gf020ecf8
Mime-Version: 1.0
Message-Id: <55f5f91f-da6c-4d13-9c38-42a2ae714bae@www.fastmail.com>
In-Reply-To: <62f4b03f-f5c5-4778-aca9-95b0871a7337@www.fastmail.com>
References: <162389376384.2031.14383558836768559852@ietfa.amsl.com> <83B4B04D-0B2B-4A79-B178-28F08467847C@mnot.net> <62f4b03f-f5c5-4778-aca9-95b0871a7337@www.fastmail.com>
Date: Thu, 17 Jun 2021 12:32:21 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-messaging@ietf.org, httpbis-chairs@ietf.org, tpauly@apple.com, tpauly@apple.com, Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.25; envelope-from=mt@lowentropy.net; helo=out1-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1lthpq-00069D-VA 57eada0ca67c2da71a8ead2bc23b717e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-httpbis-messaging-16: (with DISCUSS and COMMENT)
Archived-At: <https://www.w3.org/mid/55f5f91f-da6c-4d13-9c38-42a2ae714bae@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38905
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Restoring the CC list (sorry about that). On Thu, Jun 17, 2021, at 12:13, Martin Thomson wrote: > On Thu, Jun 17, 2021, at 11:53, Mark Nottingham wrote: > > > On 17 Jun 2021, at 11:36 am, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote: > > > Let's discuss whether the currently specified procedures for > > > reconstructing the target URI > > I think that this question doesn't really read on -messaging, but more > on -semantics. However, I am not seeing any requirement on the server > to ensure that the response it generates is secured. > > s 4.2.2 of semantics -- > https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#https.uri > > > A client MUST ensure that its HTTP requests for an "https" resource are secured, prior to being communicated, and that it only accepts secured responses to those requests. Note that the definition of what cryptographic mechanisms are acceptable to client and server are usually negotiated and can change over time. > > No similar requirement is made of the server. It would be trivial to > impose a similar requirement on servers in that same paragraph. > > s 4.3.3 of semantics is another place you might look for this: > https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#https.origin > >
- Benjamin Kaduk's Discuss on draft-ietf-httpbis-me… Benjamin Kaduk via Datatracker
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Martin Thomson
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Martin Thomson
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Benjamin Kaduk
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Martin Thomson
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Benjamin Kaduk
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Benjamin Kaduk
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Julian Reschke
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Willy Tarreau
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Mark Nottingham
- Re: Benjamin Kaduk's Discuss on draft-ietf-httpbi… Roy T. Fielding