Re: Re-WGLC for BCP65bis
Martin Thomson <mt@lowentropy.net> Tue, 06 April 2021 02:51 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BED33A0A29 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Apr 2021 19:51:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.771
X-Spam-Level:
X-Spam-Status: No, score=-2.771 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=VSlZQaME; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=kaTGOTCZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Imm7CrBKdIQ9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Apr 2021 19:51:03 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ECC83A0A21 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 5 Apr 2021 19:51:02 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lTblV-0004Qq-Mj for ietf-http-wg-dist@listhub.w3.org; Tue, 06 Apr 2021 02:48:29 +0000
Resent-Date: Tue, 06 Apr 2021 02:48:29 +0000
Resent-Message-Id: <E1lTblV-0004Qq-Mj@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lTblT-0004Px-DM for ietf-http-wg@listhub.w3.org; Tue, 06 Apr 2021 02:48:28 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lTblR-00008I-AY for ietf-http-wg@w3.org; Tue, 06 Apr 2021 02:48:27 +0000
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 901D15C0060 for <ietf-http-wg@w3.org>; Mon, 5 Apr 2021 22:48:13 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 05 Apr 2021 22:48:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=EakpP Rsc6upnaFe7FiODx59pb5Tc9scg7eV7yfe2qgM=; b=VSlZQaMEFtuMZWMFSEH36 dWw9t02HvX6jxllcmfe0QIffM/av0nL7RX59fGRmMF0u1z4R78LvoiUvLlEq57wg FHVN2mGb5yYmmrZJHaoFoQHiJqHTTbEKUSmmpOYVV6rxnWNKk3lDtwdbJETzNShZ Sq9QGVfaJaMTaiZ/PQ/LJJ8/6RuYQHY2lCm5HMViRr4Y8IQ/63yXgj98uBvjBL/R dw+b6QMyhK5tVws/B6hCKgxdzUaZ1kKU+TXnimCehT/pNo2kX2iLr08lNSqM14YV G56X58RZbT533/YSS0bx9hiOPE95r8mMleMnCRSOW5Q2dmMfAQbppdJGvIvmJCwT Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=EakpPRsc6upnaFe7FiODx59pb5Tc9scg7eV7yfe2q gM=; b=kaTGOTCZXjuYX6Yasjq6IJ8IXE1N0xyomjh1s/iFL5SvvULkT/ztOdlsA HmXMGUDV+ZFYdlIkb9hIUPI2RRelPH6om/GOAuIoTgGxuMsNXNQae4qWXRUJ5J/P z30IN0nwB8KZ7IpwVeOIVQwjBc3Fux4p9LlMKtX1bnn2meDbOdz81BdO0VckKyez fxhbIPOHnF7+R0Y28E7dZq9X+Nhl67pqGaZUHvh64RJ0UzD6QFUgEuRh7yMplA2L 13+aTqpQcxsr9FkWJ7Lk27cqir7nTyvnX1u+YW/7tHznMHgB0+A6MEQbA6bM8I0s clPoeMcwdWfPAdoHYTjrl0F320Q+Q==
X-ME-Sender: <xms:7ctrYKumtMfX9lorY6Q-f3M1kVAOkxDwBGl6Sc1hLeBNhntbPr93jA> <xme:7ctrYPe0Qo2BBA5SJ-EaItJ-OG0vHH4ADv_oKTEJlyGmmP1j38M0QleCU2JYgmtpO kEqZSXx70eLUp37wN0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudejfedgieefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepffetgfevvdfhtdffhe ejudefhffhveehudefhffgleelteeifeegfefggfelhefgnecuffhomhgrihhnpehivght fhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:7ctrYFxPEREsbEHcbLNnSY9O49ax0WAt1LMbAsBd8QnOM57-WxFKnA> <xmx:7ctrYFPeXgdVuM0PvADstM7W7LGLpRx8cysD6pq_YOEf82i2IcwfEA> <xmx:7ctrYK__6ontEzOJUIAY7cYx_YrjKp-F89OYQOwrlbP-dwzgXiuVvw> <xmx:7ctrYNIb1clQ08Gys0ZY6y06kETE_fQvQ7qtJoKdOgnyb7-Bv1-vAw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3CC774E009C; Mon, 5 Apr 2021 22:48:13 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-273-g8500d2492d-fm-20210323.002-g8500d249
Mime-Version: 1.0
Message-Id: <c88944cd-cd75-4050-b95d-4c689ba51106@www.fastmail.com>
In-Reply-To: <3BE0DB7F-1EDD-4953-BEB4-0F1B843C7EEA@apple.com>
References: <3BE0DB7F-1EDD-4953-BEB4-0F1B843C7EEA@apple.com>
Date: Tue, 06 Apr 2021 12:47:53 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=66.111.4.25; envelope-from=mt@lowentropy.net; helo=out1-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1lTblR-00008I-AY b70e73a3dc3688025b30817a203e70b6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Re-WGLC for BCP65bis
Archived-At: <https://www.w3.org/mid/c88944cd-cd75-4050-b95d-4c689ba51106@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38683
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Looks good to me. A request: Section 4.4.2 says " "https" is RECOMMENDED". I think that we can make this mandatory. I am not aware of any case today where unsecured HTTP would be appropriate. If non-compliance is necessary, I'm sure that a specification can make that case and directly address this point. A minor note: Section 4.3 talks about certificates as being something special that APIs need to address. I would instead invert this and suggest that an advantage of using HTTP is the ability to rely on the WebPKI (Section 3.3 could say "Integration with TLS and the Web PKI" and be more accurate). For this context, I think that what you want to establish here is the divergence from normal. It's entirely appropriate to establish your own trust anchors here. That would NOT make your protocol a different protocol in quite the same way as other divergences do. However, it does diminish that benefit and requires careful specification. Yes, redirection is just something you need to accept and you probably want to default to not using cookies. However, as it relates to Web PKI, we're now assuming it rather than actively deciding to use it. I think that's consistent with the rest of the advice, which is mostly "use the same HTTP as everyone else unless you are sure that you need something different". On Fri, Apr 2, 2021, at 04:31, Tommy Pauly wrote: > Hello all, > > Now that the core documents have been completed, it’s time for us to > un-park draft-ietf-httpbis-bcp56bis and progress it along towards > publication. > > However, you may note that it’s been a couple years since our last > working group last call on this document, so I’d like to have the WG > take another quick review of the document before moving it along. It > has a few updates, which largely get it inline with the core documents. > > The current version is here: > https://www.ietf.org/archive/id/draft-ietf-httpbis-bcp56bis-11.html > > You can see a diff between the older version here: > https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-httpbis-bcp56bis-11.txt > > Please reply to this email to indicate if you think this document is > ready to progress, or if you have any review comments. We’d like > feedback by *April 12, 2021*. > > Best, > Tommy
- Re-WGLC for BCP65bis Tommy Pauly
- Re: Re-WGLC for BCP65bis Julian Reschke
- Re: Re-WGLC for BCP65bis Tommy Pauly
- Re: Re-WGLC for BCP65bis Martin Thomson
- Re: Re-WGLC for BCP65bis Ryan Sleevi
- Re: Re-WGLC for BCP65bis Mark Nottingham
- Re: Re-WGLC for BCP65bis Willy Tarreau
- Re: Re-WGLC for BCP65bis Martin Thomson
- Re: Re-WGLC for BCP65bis Roy T. Fielding
- ref to draft-ietf-httpbis-rfc6265bis-07, was: Re-… Julian Reschke
- Re: Re-WGLC for BCP65bis Julian Reschke
- Re: ref to draft-ietf-httpbis-rfc6265bis-07, was:… Mark Nottingham