Re: [Trans] Directory instead of .well-known for URL structure
Andrew Ayer <agwa@andrewayer.name> Mon, 01 July 2019 19:37 UTC
Return-Path: <agwa@andrewayer.name>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C077E120177 for <trans@ietfa.amsl.com>; Mon, 1 Jul 2019 12:37:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewayer.name
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRNL6Ifey4lR for <trans@ietfa.amsl.com>; Mon, 1 Jul 2019 12:37:04 -0700 (PDT)
Received: from thomson.beanwood.com (thomson.beanwood.com [IPv6:2600:1f16:719:be00:5c48:f083:d884:d130]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AC9D120170 for <trans@ietf.org>; Mon, 1 Jul 2019 12:37:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=beanwood20160511; t=1562009823; bh=Sy5sjN6+FYQWc9bM4kvIWp10T4wifu2IDYAlCqxnI8U=; h=Date:From:To:Subject:In-Reply-To:References; b=n/2Mqjm3H8NJAFb/SPwey/XrbISZbfxCqXc9YWlYP4kbhqZxI2gLQ96VDZdLENkoN bncQ9k8SLrsFGi0pGNkbENIB8MFlE9MPsmJxGPDNp0L0nAQWL5Zardnj2Nxvf/80Nr aWKXxllclweV3N/WVk2w3CCAg3TK8+lfQgbCfkNleepkVjgSId9ObNRvjBOw1MZn8x RjVLH8ivu1h6icH19D5Y4jXqNVNzdBhQ+OFjPyrfy7WWbLPNIYeNyjIs8+bi7jw9co bH/jwjLxJ5W6WGKTXeiyT38KmFGDElENVmau5bHii/DF85KXUHYHhKsV6x9EZnbmSg CTt6P6yMPncfA==
Date: Mon, 01 Jul 2019 12:37:01 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: "trans@ietf.org" <trans@ietf.org>
Message-Id: <20190701123701.b3ba6b44ef85a74da6209e64@andrewayer.name>
In-Reply-To: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
References: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/gT-u9LXaiz7CiOp-_731SV0xdxQ>
Subject: Re: [Trans] Directory instead of .well-known for URL structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2019 19:37:06 -0000
I also think .well-known URLs are a bad idea, for the same reasons as Jacob. I think directories are even worse. Although they've been used successfully in ACME, CT has different needs which make directories unsuitable. ACME's usage pattern is to make a series of related requests over a short time period to drive a certificate request to issuance, with the client maintaining state between each request. This makes it natural for a client to fetch the directory once at the beginning of an issuance "session" and use it for the duration, since the cost of fetching the directory is amortized over all the requests, and the directory is unlikely to become invalid during the session. However, CT's usage pattern is to make a lot of unrelated one-off requests spread over a long period of time - e.g. submitting a (pre)certificate, fetching an inclusion proof, fetching the latest STH to send to auditors. Clients would have to either fetch a new directory for every request (doubling the number of requests made to the log) or cache directories in long-term state (which requires dealing with cached directories going stale, and requires keeping long-term state which might not otherwise be necessary). ACME's use of directories is underspecified since it doesn't say how long a directory remains valid. It's not a big deal for ACME because ACME servers are presumed to be sane, or people would switch to another CA. However, CT is meant to be an adversarial protocol and has to anticipate logs doing crazy things like constantly changing their directory in an effort to stymie auditing and hide misbehavior. Thus, CT's use of directories would need to be quite well specified. It is not a change that should be rushed at the last minute without a chance for people to carefully examine and poke holes in it. CT clients already need to be configured with a number of parameters for each log - MMD, hash algorithm, public key, log ID, and so on. Adding a directory would bifurcate log metadata between the existing parameter set and the new directory object. I propose satisfying BCP 190 by simply specifying the URL for each endpoint as a separate log parameter. This is a very minimal change to the protocol and avoids the problems above. Regards, Andrew
- [Trans] Directory instead of .well-known for URL … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Martin Thomson
- Re: [Trans] Directory instead of .well-known for … Melinda Shore
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Manger, James
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Tomas Gustavsson
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Rob Percival
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Eran Messeri
- Re: [Trans] Directory instead of .well-known for … Rob Stradling
- Re: [Trans] Directory instead of .well-known for … Jacob Hoffman-Andrews
- Re: [Trans] Directory instead of .well-known for … Andrew Ayer
- Re: [Trans] Directory instead of .well-known for … Ryan Sleevi