IETF Logo Mail Archive

Re: [Trans] Directory instead of .well-known for URL structure

Tomas Gustavsson <tomas.gustavsson@primekey.com> Tue, 02 July 2019 13:18 UTC

Return-Path: <tomas.gustavsson@primekey.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A581412022A for <trans@ietfa.amsl.com>; Tue, 2 Jul 2019 06:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=primekey.com header.b=BE5z5v5y; dkim=pass (1024-bit key) header.d=primekey.com header.b=BE5z5v5y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BcZyiWDF1RuR for <trans@ietfa.amsl.com>; Tue, 2 Jul 2019 06:17:58 -0700 (PDT)
Received: from mail.primekey.com (mail.primekey.com [84.55.121.163]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4E3B1201ED for <trans@ietf.org>; Tue, 2 Jul 2019 06:17:57 -0700 (PDT)
Received: from mail.primekey.com (localhost [127.0.0.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPS id C22C56AA0082 for <trans@ietf.org>; Tue, 2 Jul 2019 15:17:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1562073469; bh=HhqwaeUriuNXeghxwGxtdMKuskVJi57KzYPy5iZGx1Y=; h=Subject:To:References:From:Date:In-Reply-To:From; b=BE5z5v5yk7arAzllnyhNEww7uEe0+8/zGCEDtbyCrRXUSKGHV2XHzGgoTmu5ZgHeF K6jYXm0JwbwkwOrYIMVGeJEF5OFpaNwBbGFD94Pi88YgRFgazZgTZz42iHUyhyiQm7 csHuXy8TxQXcJ1ipYs1a0xpla1FxGnluHcyvmzJU=
Received: from [192.168.1.101] (c-b21f4f25-74736162.cust.telenor.se [178.31.79.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPSA id 97F006AA006D for <trans@ietf.org>; Tue, 2 Jul 2019 15:17:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1562073469; bh=HhqwaeUriuNXeghxwGxtdMKuskVJi57KzYPy5iZGx1Y=; h=Subject:To:References:From:Date:In-Reply-To:From; b=BE5z5v5yk7arAzllnyhNEww7uEe0+8/zGCEDtbyCrRXUSKGHV2XHzGgoTmu5ZgHeF K6jYXm0JwbwkwOrYIMVGeJEF5OFpaNwBbGFD94Pi88YgRFgazZgTZz42iHUyhyiQm7 csHuXy8TxQXcJ1ipYs1a0xpla1FxGnluHcyvmzJU=
To: trans@ietf.org
References: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org> <20190701123701.b3ba6b44ef85a74da6209e64@andrewayer.name>
From: Tomas Gustavsson <tomas.gustavsson@primekey.com>
Openpgp: preference=signencrypt
Autocrypt: addr=tomas.gustavsson@primekey.com; prefer-encrypt=mutual; keydata= mQENBEyuwwYBCAD31Jsxn1lf7rnFc7y3Ol+TE7pU7ohO78kMdoVrZdAMnU9W0P33GedbU+kF 8/RFq7HlXV8a91RkgtdcMAK8tSdtBKDGZCOJZm5qOZ/EHikY8k/7s1wgSQSF4hYSG/IABCCA W139joDFl4L3buWyk2lsYX1HDBpuXGDL5HFyu165T0ZVlt23T04xmAwpIHUViKUWw1QYnlRz s66Desn2WeP+X8/QlqF1zOTUXbgrThB1X/Oh2+wzP08HVoTQCzlrEMeb9x2k+oa8PtVdnflh nZKBtyyBkZxRoHG3tNKcaf7JLoadSXcSKSKvfApcsxpP2JpkQgIhLi3JWik/Z+RR2WD1ABEB AAG0MFRvbWFzIEd1c3RhdnNzb24gPHRvbWFzLmd1c3RhdnNzb25AcHJpbWVrZXkuY29tPokB NwQTAQgAIQUCWX8yTAIbIwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBibcSbAEP+QGAU CAC82dn8XCQ8Ei7gxQAdRSc2imaP/388i/ObDMYhNhg5j4gXs3tkfxuCvhwkzskUFgOtmaEy uz/gIiVjQIsjQrHh5tl9M0q2tqbDHJpWfE6/SkXPUmTqQ0VGyq1MmZ3/zg2jSoll74qBSfdH V7sWugRXeCBxfaPeYo8DdPCGi27yrdL8zb3xkJ3BxPcDGNdkLm+Yza+qAOrssCD7MSLN+6Sd ML5Xcmw6pgRPlQ0aCsM7scrwgBNb7KrwxaqBxqwcuqF0NMgNjeiEHi2Oj3HOZdYU4Blk2GFq 9zHuCzTWumgNOlfksZ9K3ZMJBn6KLPot5bVXIKdnHwWRzoKMDxkSZjM5uQENBEyuwwYBCADZ 98eCFQ64zKo1OKkUgEJHO1JdsiqRO1znu6KyaTcd2vXfOCGkFFVBL+vjzzyyYV7Sg1/AaG4r l9TKJCwvx8mUmTJkKQspTfOj6AY33bmfMB/8LBYj2BjtxXyMucPjNTJqbL2r1HeGPV2nwyof MAyo2qcYuiLs20Ob7U8vooOV3GDDKEkXtJYZzTEU6qabGsepGIvMu770OZwvm4akQiCGe5sQ 4+/UH1pMZQNi+/fGbONFx+TUVMM8EkXD6dQ5WoL+xPabPjqiUmR7EBvg0uocr70Ag93tWk1d 4RgFcicjwMFcPg4TZ8Y/3Y7Nmbyo14+4SMNfNPFLgQMawL+cLLkdABEBAAGJAR8EGAECAAkC GwwFAlYXhXUACgkQYm3EmwBD/kA2igf/QNpPe7sLt3KdRD3x4cStxGjLCWyj7x1YLVnV4Nnu TvaNhC+KHx3uG39y1x3PJQwslpeSQ6JipOUmxeQjjGJGQZLV41L1PCJVhCL98Dinr6dJkYB7 cAVhfmW8PI51jiANExLZu8U5gnthj5CGv4428ODQgSoRI0demG3HmVCNrKdap+orhT8zRkq8 DuHTO01U7PKsfvQ2k8AqSAC/JjMOs1mpFe032IApXxlZkE+33Q3dE5BiJmICYg8hsRXvpKTm ZMCdNZJUQLq+XNpg6RtAPQIPMmCepXrE9M/KuH+jFS2G5+Hx5VBSM644E1G2i+HOPCVdHjof iaNi3V/ItEG3jw==
Message-ID: <232ef21a-7833-e8d2-b24e-4732611eedee@primekey.com>
Date: Tue, 02 Jul 2019 15:17:54 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <20190701123701.b3ba6b44ef85a74da6209e64@andrewayer.name>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/UD2Abgqwjbh9GEIn3IeYy3stLeA>
Subject: Re: [Trans] Directory instead of .well-known for URL structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 13:18:01 -0000

+1 for not liking .well-known URIs. From an implementor, .well-known
URIs have been hard, probably badly designed (i.e. RFC 7030), simply
making multi-tenancy, or multi-configuration hard by enforcing a single
end-point for each FQDN. We're actually bypassing .well-known, making it
possible to use normal URLs instead in some cases (in addition to the
specified and limited .well-known of course)

Agree with Andrew, with CT where you need to get and configure
parameters from the log anyhow, and getting the URL as part of that is
the most flexible way. This allows the server operator/implementor full
freedom in their architecture, load balancing, etc.

Regards,
Tomas

On 2019-07-01 21:37, Andrew Ayer wrote:
> I also think .well-known URLs are a bad idea, for the same reasons
> as Jacob.
> 
> I think directories are even worse.  Although they've been used
> successfully in ACME, CT has different needs which make directories
> unsuitable.  ACME's usage pattern is to make a series of related
> requests over a short time period to drive a certificate request to
> issuance, with the client maintaining state between each request.
> This makes it natural for a client to fetch the directory once at the
> beginning of an issuance "session" and use it for the duration, since
> the cost of fetching the directory is amortized over all the requests,
> and the directory is unlikely to become invalid during the session.
> 
> However, CT's usage pattern is to make a lot of unrelated one-off
> requests spread over a long period of time - e.g. submitting a
> (pre)certificate, fetching an inclusion proof, fetching the latest STH
> to send to auditors. Clients would have to either fetch a new directory
> for every request (doubling the number of requests made to the log) or
> cache directories in long-term state (which requires dealing with
> cached directories going stale, and requires keeping long-term state
> which might not otherwise be necessary).
> 
> ACME's use of directories is underspecified since it doesn't say how
> long a directory remains valid.  It's not a big deal for ACME because
> ACME servers are presumed to be sane, or people would switch to another
> CA. However, CT is meant to be an adversarial protocol and has to
> anticipate logs doing crazy things like constantly changing their
> directory in an effort to stymie auditing and hide misbehavior.
> 
> Thus, CT's use of directories would need to be quite well specified.
> It is not a change that should be rushed at the last minute without a
> chance for people to carefully examine and poke holes in it.
> 
> CT clients already need to be configured with a number of parameters
> for each log - MMD, hash algorithm, public key, log ID, and so on.
> Adding a directory would bifurcate log metadata between the existing
> parameter set and the new directory object.
> 
> I propose satisfying BCP 190 by simply specifying the URL for each
> endpoint as a separate log parameter.  This is a very minimal change to
> the protocol and avoids the problems above.
> 
> Regards,
> Andrew
> 
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email