Re: [Trans] Directory instead of .well-known for URL structure
"Martin Thomson" <mt@lowentropy.net> Sun, 23 June 2019 23:28 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41378120253 for <trans@ietfa.amsl.com>; Sun, 23 Jun 2019 16:28:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=GVzfMPdD; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LEmjZlJD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJIbnMoTBAE5 for <trans@ietfa.amsl.com>; Sun, 23 Jun 2019 16:28:29 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06F4D1200B8 for <trans@ietf.org>; Sun, 23 Jun 2019 16:28:28 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 06D6920D7C for <trans@ietf.org>; Sun, 23 Jun 2019 19:28:28 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 23 Jun 2019 19:28:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=gx7hv iILPjmjQ/ONYTKBGSFfKYb+pRNm3occBRL5tpY=; b=GVzfMPdD1Vce9PJ37KDXa Kc8RucGgJSZmGgvqJtk3PE3NrMfS8l9j03bjRjBvu/kxVIaenG1KPnyLG49yzxCe kIoFiLSwXTa8VwYvsoUo5kIYfQJObHmg8ocaGwykJm+BfabBbyBWNUro7E/sNqRJ F0LOiD8/4Ej9EqxFKubM+L8KdcCl3qy6JyVwKVCmRghI1nU2zQxxVmHKKzVHsyDy XzN4kAn9X4GovZ/yEIuLJKWd2jkJtbZoe9Dx/E61q5gVcdsBPjV+VYJ5hPGF5QCQ OD1+vAO2KPrNjwhmfSfv4u2CCmZM/rZZHoAa3q0XZ0A1Xm67yGT28TPtA0FovSD9 g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=gx7hviILPjmjQ/ONYTKBGSFfKYb+pRNm3occBRL5t pY=; b=LEmjZlJDHHNvlmLt6pMMvUs9WaJJvaDb/4YIQksHshDJ3W4wzeIgIU4fT 2Gzad/07oZ5J/U+90xmHGysybcejZm7KFXO9nZ1cpT6cy8WNjPo4hDvc7xvak0i1 4XEToUnMvx8kR0bhHLKl7Vz3XCnIQhBPwowbJ2ENsOvlqfj+HECdmWB24xMm45kd lgW1kN7aNimk7Eb9tj5ym967jYPRJLsf2PewcOaq/tW0TjrorRFij6pOMVYZ58tB 7BnbMlb+TRRFvYYgAK42bs26+yYIJA7+K+b0PhAcYFpJz+o83RSxRRTahElm8Lj4 rV8uFk73/uFXLfRrMAP5qaVN/U//A==
X-ME-Sender: <xms:GwsQXeGY-dKg-eOyEoQ4wN7MGy8wfwG5bBsB1dE84T_N7Ie8LcPbcA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddruddugddvvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinheplhgvthhsvghntghrhihpthdroh hrghdpihgvthhfrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigv nhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:GwsQXbCLD7aSf0y6pnF_N22FWPpG-njXZjgkqAkTooeOrq-4U2TSCg> <xmx:GwsQXbw3mpye0R_rCXt_0C7KNUyiRVzICOb5sZFMit5dwTmZ3es7vQ> <xmx:GwsQXYVxDpI96hwA2kFz5a9pt9NTM-nPzgvfruKpY1s8LdI4U4OBSg> <xmx:GwsQXTc7AKzsOBbIvRXsU6wt6aup94PM1RBDRd6akcN4fujUQHqzdQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6E0CBE00A1; Sun, 23 Jun 2019 19:28:27 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-730-g63f2c3b-fmstable-20190622v1
Mime-Version: 1.0
Message-Id: <48a31dcd-71d9-42c8-9ec3-6104939a59ab@www.fastmail.com>
In-Reply-To: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
References: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
Date: Mon, 24 Jun 2019 09:28:26 +1000
From: Martin Thomson <mt@lowentropy.net>
To: trans@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/D-R6ecg6-Sv2zozH3HW5WEvu3tE>
Subject: Re: [Trans] Directory instead of .well-known for URL structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jun 2019 23:28:31 -0000
I agree with Jacob here. As I have expressed in the past, I believe that this is a better design than the well-known prefix. On Fri, Jun 21, 2019, at 08:33, Jacob Hoffman-Andrews wrote: > The latest draft adopts a /.well-known/ path for CT as a way to get > around BCP 190 (URI Design and Ownership: > https://tools.ietf.org/html/bcp190#section-3). > > Personally I think BCP 190 makes it needlessly painful to specify > HTTP-based APIs using techniques that are very common among > practitioners. However, given that it is still considered best practice > for IETF documents, I propose that CT should use a different workaround, > one used very successfully by ACME: Directory URLs. > > In ACME, a CA defines one URL, a Directory, which provides a JSON > dictionary showing where to find the other URLs. For instance: > > $ curl https://acme-v01.api.letsencrypt.org/directory > { > "fUKGu3pAntw": > "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", > "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", > "meta": { > "caaIdentities": [ > "letsencrypt.org" > ], > "terms-of-service": > "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", > "website": "https://letsencrypt.org" > }, > "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", > "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", > "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", > "revoke-cert": > "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" > } > > To use an ACME CA, rather than configuring a base URL, an ACME client > configures a directory URL. All other URLs can be found by looking up > fields in the directory. > > Adding a directory to rfc6962-bis provides the most minimally invasive > way to satisfy BCP 190. Well-known URLs aren't really meant for this > type of application. To quote RFC 5785 > (https://tools.ietf.org/html/rfc5785#section-1.1): > > 1.1. Appropriate Use of Well-Known URIs > > There are a number of possible ways that applications could use > Well- > known URIs. However, in keeping with the Architecture of the World- > Wide Web [W3C.REC-webarch-20041215], *well-known URIs are not > intended** > ** for general information retrieval or establishment of large URI** > ** namespaces* on the Web. Rather, they are designed to facilitate > discovery of information on a site when it isn't practical to use > other mechanisms; for example, when discovering policy that needs to > be evaluated before a resource is accessed, or when using multiple > round-trips is judged detrimental to performance. > > As such, the well-known URI space was created with the expectation > that it will be used to make site-wide policy information and other > metadata available directly (if sufficiently concise), or provide > references to other URIs that provide such metadata. > > (emphasis mine) > > Beyond that, requiring log operators to organize their log under > /.well-known/ would pose unnecessary difficulties. Service providers > intentionally restrict the /.well-known/ URL space. Depending on > deployment model, log operators might have to bypass such restrictions > or get special exemptions. > > Thanks, > Jacob > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- [Trans] Directory instead of .well-known for URL … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Martin Thomson
- Re: [Trans] Directory instead of .well-known for … Melinda Shore
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Tomas Gustavsson
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Rob Percival
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Ryan Sleevi