Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
Adam Roach <adam@nostrum.com> Tue, 25 June 2019 17:21 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5966712090A; Tue, 25 Jun 2019 10:21:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmvMhHnf8pZQ; Tue, 25 Jun 2019 10:21:31 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A3F1208E8; Tue, 25 Jun 2019 10:21:17 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x5PHL5f6057012 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 25 Jun 2019 12:21:11 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1561483273; bh=AGgKzNb7Kytl7L7jL0EJoD6CUGOOhT/bpdcUw3QiyxA=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=LkSxS4LBWUgYvSvj6AJPnmMxMgRA3XPdsjRSnfcNjgO43oi4Jei6r5vsVQkTxjx1c lvgHvGdCdLC4U64kOHnoxGSgRZ/4axjPQj97B+P2LsGEnYeskPI0YnvUdYf9RwRZpP TlVsLTk5RsA72hVlnpOGkuLEkBhURTmYj1tJrHr8=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Rob Stradling <rob@sectigo.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Trans <trans@ietf.org>, Alexey Melnikov <aamelnikov@fastmail.fm>, "draft-ietf-trans-rfc6962-bis@ietf.org" <draft-ietf-trans-rfc6962-bis@ietf.org>, "trans-chairs@ietf.org" <trans-chairs@ietf.org>, The IESG <iesg@ietf.org>, Paul Wouters <paul@nohats.ca>
References: <155245900142.5466.15600148045977298644.idtracker@ietfa.amsl.com> <CABcZeBNMt8y7EoFr3PXR84zPgvssp5=B2x7-7sQOb4wM_94RGg@mail.gmail.com> <bd8c65b5-b760-e393-2936-8dfbf6ded1b6@nostrum.com> <cb8b1664-6176-4c62-9651-5922f7d0ae2e@www.fastmail.com> <cd5c5ea3-3b56-fc19-b617-c62166981cb4@sectigo.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <943a0e44-faab-28f0-f677-b41faa870558@nostrum.com>
Date: Tue, 25 Jun 2019 12:21:00 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <cd5c5ea3-3b56-fc19-b617-c62166981cb4@sectigo.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/54KoXfJxUAP3aOi8iIMQg7woPms>
Subject: Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 17:21:34 -0000
On 6/18/19 4:50 AM, Rob Stradling wrote: > Adam, thanks for your review, and I apologize that none of this > document's authors have been available to respond until now. > > I have filed > https://github.com/google/certificate-transparency-rfcs/pull/310, which > I believe addresses all of your concerns. Thanks! This looks good, although you'll also need to register "ct" in the Well-Known URIs registry [1]. See [2] for the registration template, and [3] for an example of it in use. I'll clear my discuss as soon as a new version is available in the internet-drafts repository. /a ____ [1] https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml [2] https://tools.ietf.org/html/rfc5785#section-5.1.1 [3] https://tools.ietf.org/html/rfc7033#section-10.1 > > On 13/03/2019 20:52, Alexey Melnikov wrote: >> On Wed, Mar 13, 2019, at 5:26 PM, Adam Roach wrote: >>> On 3/13/19 8:28 AM, Eric Rescorla wrote: >>>> On Tue, Mar 12, 2019 at 11:36 PM Adam Roach via Datatracker >>>> <noreply@ietf..org <mailto:noreply@ietf.org>> wrote: >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> DISCUSS: >>>> ---------------------------------------------------------------------- >>>> >>>> Thanks to everyone who worked on updating this protocol to >>>> reflect experience >>>> gathered from the initial CT protocol. I have one blocking >>>> comment, and a small >>>> number of editorial suggestions. >>>> >>>> --------------------------------------------------------------------------- >>>> >>>> §5: >>>> >>>> > Clients are configured with a base URL for a log and construct >>>> URLs >>>> > for requests by appending suffixes to this base URL. This >>>> structure >>>> > places some degree of restriction on how log operators can deploy >>>> > these services, as noted in [RFC7320]. However, operational >>>> > experience with version 1 of this protocol has not indicated that >>>> > these restrictions are a problem in practice. >>>> >>>> The synthesis of URLs by a protocol in this fashion is prohibited >>>> by BCP 190: >>>> >>>> Scheme definitions define the presence, format, and semantics of a >>>> path component in URIs; all other specifications MUST NOT >>>> constrain, >>>> or define the structure or the semantics for any path component. >>>> >>>> Unless the intention of this document is to update BCP 190 to >>>> change this >>>> normative requirement, we can't publish it in its current form. >>>> Note that doing >>>> so would require a change of venue, as updates to BCP 190 would >>>> not be covered >>>> by the current TRANS charter. >>>> >>>> Please see BCP 190 section 3 for alternate approaches. All three >>>> approaches >>>> could be made to work for CT, and I would be happy to explain how >>>> to do so if >>>> clarification is desired. >>>> >>>> >>>> While I agree that this is forbidden by BCP 190, this structure is >>>> inherited from >>>> RFC 6962, which predated 7320, so making that change seems like it's >>>> going >>>> to be fairly disruptive. This seems like it is falling into our >>>> discussion the other >>>> day about what must be changed in -bis documents. >>> I think the timing of this document is fortuitous, in that it can help >>> inform that conversation. In particular, this situation helps me >>> better understand why both you and Benjamin raised objections to the >>> high-level proposal that unchanged parts of -bis documents shouldn't >>> be subject to DISCUSS positions. The take-away that I plan to bring to >>> that conversation is that such a decision needs to be informed by (a) >>> scope of changes between a document and its -bis, and (b) scope of >>> changes required to satisfy a potential DISCUSS position. >>> >>> In cases like this one, where a not-even-remotely-backwards-compatible >>> suite of protocol changes is being made to a protocol in a document >>> update whose diff [1] is basically the entire document, I don't think >>> the principle of ignoring existing flaws in a previous document really >>> applies. I get that both of those predicates are somewhat subjective >>> evaluations, and that drawing a line in a process document might be >>> difficult; but I think that any standard, however subjective, that you >>> would be willing to sign on to would place this document outside the >>> category of "bis versions that are making small, incremental changes >>> to existing documents." >>> >>> If the remedy for the flaw were a major overhaul rather than a >>> relatively minor tweak, it would again shift the evaluation a bit; >>> however, the naïve band-aid solution of moving CT endpoints to live >>> under "/.well-known/ct" is a trivial change, both for this document >>> and for implementations (in fact, for implementations, it can >>> generally be accomplished with a configuration tweak rather than >>> writing new code). To be clear, this is a textbook example of the kind >>> of situation URI templates were designed for, but that would require >>> substantially more work than simply moving it into the .well-known >>> tree. Either approach would address the URI ownership issue. >>> >> I am in full agreement with this. >>
- [Trans] Adam Roach's Discuss on draft-ietf-trans-… Adam Roach via Datatracker
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Eric Rescorla
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Mirja Kuehlewind
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Eric Rescorla
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Richard Barnes
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Alissa Cooper
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Eric Rescorla
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Mirja Kuehlewind
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Adam Roach
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Alexey Melnikov
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Rob Stradling
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Adam Roach
- Re: [Trans] Adam Roach's Discuss on draft-ietf-tr… Rob Stradling