Re: [Trans] Directory instead of .well-known for URL structure
"Martin Thomson" <mt@lowentropy.net> Sun, 23 June 2019 23:28 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 41378120253
for <trans@ietfa.amsl.com>; Sun, 23 Jun 2019 16:28:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=lowentropy.net header.b=GVzfMPdD;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=LEmjZlJD
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IJIbnMoTBAE5 for <trans@ietfa.amsl.com>;
Sun, 23 Jun 2019 16:28:29 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
[66.111.4.25])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 06F4D1200B8
for <trans@ietf.org>; Sun, 23 Jun 2019 16:28:28 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.nyi.internal (Postfix) with ESMTP id 06D6920D7C
for <trans@ietf.org>; Sun, 23 Jun 2019 19:28:28 -0400 (EDT)
Received: from imap2 ([10.202.2.52])
by compute1.internal (MEProxy); Sun, 23 Jun 2019 19:28:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net;
h=mime-version:message-id:in-reply-to:references:date:from:to
:subject:content-type:content-transfer-encoding; s=fm2; bh=gx7hv
iILPjmjQ/ONYTKBGSFfKYb+pRNm3occBRL5tpY=; b=GVzfMPdD1Vce9PJ37KDXa
Kc8RucGgJSZmGgvqJtk3PE3NrMfS8l9j03bjRjBvu/kxVIaenG1KPnyLG49yzxCe
kIoFiLSwXTa8VwYvsoUo5kIYfQJObHmg8ocaGwykJm+BfabBbyBWNUro7E/sNqRJ
F0LOiD8/4Ej9EqxFKubM+L8KdcCl3qy6JyVwKVCmRghI1nU2zQxxVmHKKzVHsyDy
XzN4kAn9X4GovZ/yEIuLJKWd2jkJtbZoe9Dx/E61q5gVcdsBPjV+VYJ5hPGF5QCQ
OD1+vAO2KPrNjwhmfSfv4u2CCmZM/rZZHoAa3q0XZ0A1Xm67yGT28TPtA0FovSD9
g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-transfer-encoding:content-type
:date:from:in-reply-to:message-id:mime-version:references
:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm3; bh=gx7hviILPjmjQ/ONYTKBGSFfKYb+pRNm3occBRL5t
pY=; b=LEmjZlJDHHNvlmLt6pMMvUs9WaJJvaDb/4YIQksHshDJ3W4wzeIgIU4fT
2Gzad/07oZ5J/U+90xmHGysybcejZm7KFXO9nZ1cpT6cy8WNjPo4hDvc7xvak0i1
4XEToUnMvx8kR0bhHLKl7Vz3XCnIQhBPwowbJ2ENsOvlqfj+HECdmWB24xMm45kd
lgW1kN7aNimk7Eb9tj5ym967jYPRJLsf2PewcOaq/tW0TjrorRFij6pOMVYZ58tB
7BnbMlb+TRRFvYYgAK42bs26+yYIJA7+K+b0PhAcYFpJz+o83RSxRRTahElm8Lj4
rV8uFk73/uFXLfRrMAP5qaVN/U//A==
X-ME-Sender: <xms:GwsQXeGY-dKg-eOyEoQ4wN7MGy8wfwG5bBsB1dE84T_N7Ie8LcPbcA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddruddugddvvdcutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh
ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho
figvnhhtrhhophihrdhnvghtqeenucffohhmrghinheplhgvthhsvghntghrhihpthdroh
hrghdpihgvthhfrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigv
nhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:GwsQXbCLD7aSf0y6pnF_N22FWPpG-njXZjgkqAkTooeOrq-4U2TSCg>
<xmx:GwsQXbw3mpye0R_rCXt_0C7KNUyiRVzICOb5sZFMit5dwTmZ3es7vQ>
<xmx:GwsQXYVxDpI96hwA2kFz5a9pt9NTM-nPzgvfruKpY1s8LdI4U4OBSg>
<xmx:GwsQXTc7AKzsOBbIvRXsU6wt6aup94PM1RBDRd6akcN4fujUQHqzdQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 6E0CBE00A1; Sun, 23 Jun 2019 19:28:27 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-730-g63f2c3b-fmstable-20190622v1
Mime-Version: 1.0
Message-Id: <48a31dcd-71d9-42c8-9ec3-6104939a59ab@www.fastmail.com>
In-Reply-To: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
References: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
Date: Mon, 24 Jun 2019 09:28:26 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: trans@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/D-R6ecg6-Sv2zozH3HW5WEvu3tE>
Subject: Re: [Trans] Directory instead of .well-known for URL structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list
<trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>,
<mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>,
<mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jun 2019 23:28:31 -0000
I agree with Jacob here. As I have expressed in the past, I believe that this is a better design than the well-known prefix. On Fri, Jun 21, 2019, at 08:33, Jacob Hoffman-Andrews wrote: > The latest draft adopts a /.well-known/ path for CT as a way to get > around BCP 190 (URI Design and Ownership: > https://tools.ietf.org/html/bcp190#section-3). > > Personally I think BCP 190 makes it needlessly painful to specify > HTTP-based APIs using techniques that are very common among > practitioners. However, given that it is still considered best practice > for IETF documents, I propose that CT should use a different workaround, > one used very successfully by ACME: Directory URLs. > > In ACME, a CA defines one URL, a Directory, which provides a JSON > dictionary showing where to find the other URLs. For instance: > > $ curl https://acme-v01.api.letsencrypt.org/directory > { > "fUKGu3pAntw": > "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", > "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", > "meta": { > "caaIdentities": [ > "letsencrypt.org" > ], > "terms-of-service": > "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", > "website": "https://letsencrypt.org" > }, > "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", > "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", > "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", > "revoke-cert": > "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" > } > > To use an ACME CA, rather than configuring a base URL, an ACME client > configures a directory URL. All other URLs can be found by looking up > fields in the directory. > > Adding a directory to rfc6962-bis provides the most minimally invasive > way to satisfy BCP 190. Well-known URLs aren't really meant for this > type of application. To quote RFC 5785 > (https://tools.ietf.org/html/rfc5785#section-1.1): > > 1.1. Appropriate Use of Well-Known URIs > > There are a number of possible ways that applications could use > Well- > known URIs. However, in keeping with the Architecture of the World- > Wide Web [W3C.REC-webarch-20041215], *well-known URIs are not > intended** > ** for general information retrieval or establishment of large URI** > ** namespaces* on the Web. Rather, they are designed to facilitate > discovery of information on a site when it isn't practical to use > other mechanisms; for example, when discovering policy that needs to > be evaluated before a resource is accessed, or when using multiple > round-trips is judged detrimental to performance. > > As such, the well-known URI space was created with the expectation > that it will be used to make site-wide policy information and other > metadata available directly (if sufficiently concise), or provide > references to other URIs that provide such metadata. > > (emphasis mine) > > Beyond that, requiring log operators to organize their log under > /.well-known/ would pose unnecessary difficulties. Service providers > intentionally restrict the /.well-known/ URL space. Depending on > deployment model, log operators might have to bypass such restrictions > or get special exemptions. > > Thanks, > Jacob > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- [Trans] Directory instead of .well-known for URL … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Martin Thomson
- Re: [Trans] Directory instead of .well-known for … Melinda Shore
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Tomas Gustavsson
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Rob Percival
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Ryan Sleevi