IETF Logo Mail Archive

Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)

"Alexey Melnikov" <aamelnikov@fastmail.fm> Wed, 13 March 2019 20:53 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C32C81311BD; Wed, 13 Mar 2019 13:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.981
X-Spam-Level:
X-Spam-Status: No, score=-1.981 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=SlOn/q7e; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=npE9fk/x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dLVoODmuzJ4; Wed, 13 Mar 2019 13:53:07 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DC461311B2; Wed, 13 Mar 2019 13:53:07 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id B784821FFD; Wed, 13 Mar 2019 16:53:06 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Wed, 13 Mar 2019 16:53:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= message-id:in-reply-to:references:date:from:to:cc:subject :content-type; s=fm2; bh=/kcGBwyWw1MXfZqueG0qDO5NrU7AHhRzspfFZ3x e/q4=; b=SlOn/q7eZpN2H07fiVjN8g3iNJxsi99KzpoDVXE2jjAu4wmeLmRL0A9 8dST/6xA1KxaA9nDgJavwBvJ10EZgwbIVVJB+9eU6oSGT2GJI1FJOO8EDPmEa5tA Xz24jecMrGDuJMPllMx+oCd1tXkvuIcUYDeg2QK9Jai1vmnccAAMdBDESgwux4BE eBp5r9wAvyhnEBPc9Qt85tD6K3MVj/e3psBp3ad1ozj5IFJTAVXxkw49yUAiv4dq 4xZ6Ii+lhyGzOt7yp/lC3yYJgzwY8oUq7D5xiuGi6REoKTyQhsnbSkbq0wuksOvT 6SfyQdxijzvCwoz6FTINQDdrlcNDP4Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=/kcGBwyWw1MXfZque G0qDO5NrU7AHhRzspfFZ3xe/q4=; b=npE9fk/xHpCuGOrxKVwRcTRbuMAtj9wdF HtbvkDRfHl1pn/rDcufcaso2oHjHYZBPvablJCEDHgWZYFie2XeuP1NsGMVNhHHr r+n1ILLVaNrN6Qmj0ctGRc46APBcWWIz+JzdxzfXETkdrFSqyuSCdmbE5pkDSzx6 QDy3INDKeLMJv1jPsFPbhWvAXACqEVAnm47w7rK8PKmmxiGowXfpZriVrPDuUn98 KWmehOdhjMOpSWvjW39IWxCMQRGrCFT02Yhpt4bA9QR91Bl/1WvSt0Yh/DDNduwb 9Od6SXCW6N5yoYkLOxb4LFcf7YkSIwe316lHO/U1IFZpAyXQkHe7g==
X-ME-Sender: <xms:sW2JXA9VlFjfdV0x7pHYN3PtUtDucM4GDmboeftWUBxBJ5GyMpYx3Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrhedtgddugeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfkfgjfhffhffvufgtsegrtderreerreejnecuhfhrohhmpedftehlvgig vgihucfovghlnhhikhhovhdfuceorggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfh hmqeenucfrrghrrghmpehmrghilhhfrhhomheprggrmhgvlhhnihhkohhvsehfrghsthhm rghilhdrfhhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:sW2JXJcPPmL0JpGgamSbAxaaV1pWkZ0eNO5o8jIE0O5DID5dtTkpMw> <xmx:sW2JXJ2Ml3sCp5cqdDIxjB0Iv8NzPsGzr3AwpPtK_QNjiLDjVc_LuQ> <xmx:sW2JXCCbseiAstahm4A2TgBzSZ_HErFWnPpPCFgZLb3UKltzeqd8_g> <xmx:sm2JXIAYwrDGKF_5UitPd34hXHmQD4FaKn0C7OecL3za9ARY7dNaiw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9995DD4814; Wed, 13 Mar 2019 16:53:05 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-925-g644bf8c-fmstable-20190228v5
X-Me-Personality: 21611513
Message-Id: <cb8b1664-6176-4c62-9651-5922f7d0ae2e@www.fastmail.com>
In-Reply-To: <bd8c65b5-b760-e393-2936-8dfbf6ded1b6@nostrum.com>
References: <155245900142.5466.15600148045977298644.idtracker@ietfa.amsl.com> <CABcZeBNMt8y7EoFr3PXR84zPgvssp5=B2x7-7sQOb4wM_94RGg@mail.gmail.com> <bd8c65b5-b760-e393-2936-8dfbf6ded1b6@nostrum.com>
Date: Wed, 13 Mar 2019 16:52:50 -0400
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Adam Roach <adam@nostrum.com>, Eric Rescorla <ekr@rtfm.com>
Cc: draft-ietf-trans-rfc6962-bis@ietf.org, Paul Wouters <paul@nohats.ca>, Trans <trans@ietf.org>, The IESG <iesg@ietf.org>, trans-chairs@ietf.org
Content-Type: multipart/alternative; boundary="6462d9b790f348a8ad377b6a8f2ec418"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/Se-xNnHrS6CcbHzCI7moCV4xiBw>
Subject: Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 20:53:09 -0000

On Wed, Mar 13, 2019, at 5:26 PM, Adam Roach wrote:
> On 3/13/19 8:28 AM, Eric Rescorla wrote:
>> 
>> On Tue, Mar 12, 2019 at 11:36 PM Adam Roach via Datatracker <noreply@ietf..org <mailto:noreply@ietf.org>> wrote:
>>> 
>>> ----------------------------------------------------------------------
>>>  DISCUSS:
>>>  ----------------------------------------------------------------------
>>> 
>>>  Thanks to everyone who worked on updating this protocol to reflect experience
>>>  gathered from the initial CT protocol. I have one blocking comment, and a small
>>>  number of editorial suggestions.
>>> 
>>>  ---------------------------------------------------------------------------
>>> 
>>>  §5:
>>> 
>>>  > Clients are configured with a base URL for a log and construct URLs
>>>  > for requests by appending suffixes to this base URL. This structure
>>>  > places some degree of restriction on how log operators can deploy
>>>  > these services, as noted in [RFC7320]. However, operational
>>>  > experience with version 1 of this protocol has not indicated that
>>>  > these restrictions are a problem in practice.
>>> 
>>>  The synthesis of URLs by a protocol in this fashion is prohibited by BCP 190:
>>> 
>>>  Scheme definitions define the presence, format, and semantics of a
>>>  path component in URIs; all other specifications MUST NOT constrain,
>>>  or define the structure or the semantics for any path component.
>>> 
>>>  Unless the intention of this document is to update BCP 190 to change this
>>>  normative requirement, we can't publish it in its current form. Note that doing
>>>  so would require a change of venue, as updates to BCP 190 would not be covered
>>>  by the current TRANS charter.
>>> 
>>>  Please see BCP 190 section 3 for alternate approaches. All three approaches
>>>  could be made to work for CT, and I would be happy to explain how to do so if
>>>  clarification is desired.
>> 
>> While I agree that this is forbidden by BCP 190, this structure is inherited from
>> RFC 6962, which predated 7320, so making that change seems like it's going
>> to be fairly disruptive. This seems like it is falling into our discussion the other
>> day about what must be changed in -bis documents.
> I think the timing of this document is fortuitous, in that it can help inform that conversation. In particular, this situation helps me better understand why both you and Benjamin raised objections to the high-level proposal that unchanged parts of -bis documents shouldn't be subject to DISCUSS positions. The take-away that I plan to bring to that conversation is that such a decision needs to be informed by (a) scope of changes between a document and its -bis, and (b) scope of changes required to satisfy a potential DISCUSS position.

> In cases like this one, where a not-even-remotely-backwards-compatible suite of protocol changes is being made to a protocol in a document update whose diff [1] is basically the entire document, I don't think the principle of ignoring existing flaws in a previous document really applies. I get that both of those predicates are somewhat subjective evaluations, and that drawing a line in a process document might be difficult; but I think that any standard, however subjective, that you would be willing to sign on to would place this document outside the category of "bis versions that are making small, incremental changes to existing documents."

> If the remedy for the flaw were a major overhaul rather than a relatively minor tweak, it would again shift the evaluation a bit; however, the naïve band-aid solution of moving CT endpoints to live under "/.well-known/ct" is a trivial change, both for this document and for implementations (in fact, for implementations, it can generally be accomplished with a configuration tweak rather than writing new code). To be clear, this is a textbook example of the kind of situation URI templates were designed for, but that would require substantially more work than simply moving it into the .well-known tree. Either approach would address the URI ownership issue.

I am in full agreement with this.

v2.23.0 | Report a Bug | By Email