Re: Alt-Svc WGLC

Kyle Rose <krose@krose.org> Wed, 13 January 2016 03:09 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2405E1B2C7B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jan 2016 19:09:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.381
X-Spam-Level:
X-Spam-Status: No, score=-6.381 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qLA14hHJ1hK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jan 2016 19:09:01 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE43A1B2C77 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Jan 2016 19:09:00 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aJBjW-0001k7-03 for ietf-http-wg-dist@listhub.w3.org; Wed, 13 Jan 2016 03:04:26 +0000
Resent-Date: Wed, 13 Jan 2016 03:04:26 +0000
Resent-Message-Id: <E1aJBjW-0001k7-03@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <krose@krose.org>) id 1aJBjR-0001jJ-UN for ietf-http-wg@listhub.w3.org; Wed, 13 Jan 2016 03:04:21 +0000
Received: from mail-io0-f174.google.com ([209.85.223.174]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <krose@krose.org>) id 1aJBjQ-0007LF-Kl for ietf-http-wg@w3.org; Wed, 13 Jan 2016 03:04:21 +0000
Received: by mail-io0-f174.google.com with SMTP id g73so209794203ioe.3 for <ietf-http-wg@w3.org>; Tue, 12 Jan 2016 19:04:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=B8KbYfCpryXbV6ob7JYJzHU+3X4S7sboVGHyuN2go50=; b=bF+SW+k52nZnPPiwBWzUU7qinDltieqbxIfIXAHy6KAAmO8zGQDTlY6k15hS8RKfEW qC1trPxR1T+KI+G6yJscwHHtRuR5XaRRW+2kZB/Cd2ehsma4uoSyl6R8Mt32m5wEpgHQ ITovMLVfhcb2fqMblSqepLKQBOSjA2L0AtiYw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=B8KbYfCpryXbV6ob7JYJzHU+3X4S7sboVGHyuN2go50=; b=EI0laCRs3qjmoTJnrmyfx23UePCL9kV4awek/3+8/4PhPnENK92t2U/aqHnvcT2891 0wuSiz9GvI7cDr4uerqcZsrqmJuo70QsXGU5gYKFmS5vUjv9PJtycUCzwQWXfzlnvEWO QLVyPdzwW70Z9DIpHpvIbjsmLBfEaiRitEC39sGCUf4Ca2me11tARQgM6qcXBVFai1wC /QdRlkGBGTD9sQ6ztBbFckwkdrvCI3VOcRvR1r4Szu7s+2oyVfbNgQ9dZexexOzAimjw XwWJu6gbXg8jsF37C2F1GWy8b1rtwpu9WmjLakYey4aDYapm3TDJ28tIescdeHsiJIRf HTlQ==
X-Gm-Message-State: ALoCoQl/Jby29PhBuWyBwPU0pX5+Ca7NIKmSnySiLZvYUL+w3kn5fSBiHn8QfeeqCcRP+OYm7MpTVJ8K/Ocbqjr45jFCnQXLoA==
MIME-Version: 1.0
X-Received: by 10.107.41.142 with SMTP id p136mr108464385iop.70.1452654234319; Tue, 12 Jan 2016 19:03:54 -0800 (PST)
Received: by 10.79.83.197 with HTTP; Tue, 12 Jan 2016 19:03:54 -0800 (PST)
X-Originating-IP: [2001:470:1f07:121:1434:c8df:e28a:474]
In-Reply-To: <CABkgnnWj=Xqte-XT1yVUAvLfdKT6HojMDr0SHBe9h_XbA6UAMg@mail.gmail.com>
References: <566EA6AF.60100@gmx.de> <56703332.1000006@crf.canon.fr> <56928545.7010804@gmx.de> <CAJU8_nVkibr4DsUOWjpEYOVTPbTdoWyBsgSFiRr7Rp4=qFKjPA@mail.gmail.com> <CABkgnnWu-oy9Ax1A=E+4GJ47YGKZa3SLHi0a5kendxNX=q5zaQ@mail.gmail.com> <CAJU8_nVyfxjiM1Q-W_CSv=B1auPXbKsDdPNibOR-GHTRjor1GA@mail.gmail.com> <CABkgnnXXGFurjCEb00KAyhyih6F=nww42MKBmYCcz4dS06r38w@mail.gmail.com> <CAJU8_nVQiaGEBtxXtHapOu0eigv=ovQSpT0DuEpkfo6tLQEEkw@mail.gmail.com> <CABkgnnWj=Xqte-XT1yVUAvLfdKT6HojMDr0SHBe9h_XbA6UAMg@mail.gmail.com>
Date: Tue, 12 Jan 2016 22:03:54 -0500
Message-ID: <CAJU8_nXUoOEoXjrCcXYr65XoysYOfp3T2J7N2zoyBSMdAf9dnQ@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.223.174; envelope-from=krose@krose.org; helo=mail-io0-f174.google.com
X-W3C-Hub-Spam-Status: No, score=-4.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aJBjQ-0007LF-Kl 1a27e0536c59b8ec9fa40fe78e53e473
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Alt-Svc WGLC
Archived-At: <http://www.w3.org/mid/CAJU8_nXUoOEoXjrCcXYr65XoysYOfp3T2J7N2zoyBSMdAf9dnQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30911
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Tue, Jan 12, 2016 at 9:13 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On 12 January 2016 at 13:51, Kyle Rose <krose@krose.org> wrote:
>> "Clients MUST NOT use an alternative service with a host that is
>> different from the origin's without the alternative service strongly
>> authenticating with the origin's identity."
>
> There are two rules we need to capture:
>
> 1. the alternative service must be authenticated as the origin host

If this is the case, then we should simply state that "Clients MUST
NOT use an alternative service that does not strongly authenticate
with the origin's identity." I had interpreted the draft to indicate
that only host changes required strong authentication of the
alternative service, but apparently that is not the intent (and I
suppose is what the "Changing Ports" section is all about).

It's very confusing. The "Changing Hosts" section, for instance, says that:

   This is the reason for the requirement in Section 2.1 that any
   alternative service with a host different from the origin's be
   strongly authenticated with the origin's identity

when according to your rule #1 we want to strongly authenticate with
the origin's identity even when the alternative service's host is the
same as the origin's.

If the intent is to *always* strongly authenticate the alternative
service with the origin's identity, the draft should state that
unconditionally.

> 2. if the alt-svc advertisement isn't authenticated, the host can't be
> different to the origin.

We need to cleanly separate these two requirements, because I think
both the "Changing Hosts" language and the "Host Authentication"
language do not capture this. In fact, they seem to conflate the two
issues, as I have apparently been doing.

Your two guidelines, in fact, seem to capture the required precision.
A candidate for the first is above; one for the second might be
"Clients MUST NOT use an alternative service whose host is different
from the origin's if the alternative service advertisement was not
strongly authenticated." Some explanatory language around each
requirement in section 2, or separate subsecitions under "Security
Considerations", could provide context for each of the requirements.

This needs to be made a lot clearer.

Kyle