IETF Logo Mail Archive

Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)

Adam Roach <adam@nostrum.com> Wed, 13 March 2019 17:26 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94B1130EF7; Wed, 13 Mar 2019 10:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yi_RouXNiWN2; Wed, 13 Mar 2019 10:26:32 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5B96130F13; Wed, 13 Mar 2019 10:26:09 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x2DHQ6IU027400 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 13 Mar 2019 12:26:07 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1552497969; bh=9W7woJlGs/vsyVrGXlsP+M9V2bYgzDOomcyyIXPf0V0=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=tiWhFBAG/vS1jNaV0DMhJEYHKPpReaPRbZ2BNXgh8psTsr7aIEwS6BCwVibqyRNzg DrRfBl8s3rR2pNRkndf6ux8VQs0Oq66RzJn4QJ32Z4U9JU32aYLvCSldeqWB+kYjxe 8YSu4EQCOLKlPc810xwIkd8slF6DNPhlt06H3VTc=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Eric Rescorla <ekr@rtfm.com>, Adam Roach via Datatracker <noreply@ietf.org>
Cc: draft-ietf-trans-rfc6962-bis@ietf.org, Paul Wouters <paul@nohats.ca>, Trans <trans@ietf.org>, The IESG <iesg@ietf.org>, trans-chairs@ietf.org
References: <155245900142.5466.15600148045977298644.idtracker@ietfa.amsl.com> <CABcZeBNMt8y7EoFr3PXR84zPgvssp5=B2x7-7sQOb4wM_94RGg@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <bd8c65b5-b760-e393-2936-8dfbf6ded1b6@nostrum.com>
Date: Wed, 13 Mar 2019 12:26:01 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <CABcZeBNMt8y7EoFr3PXR84zPgvssp5=B2x7-7sQOb4wM_94RGg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------69EF495B583EFD62848F7D8B"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/gtn3ylODr6z7BfYS6EPkyIXVanA>
Subject: Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 17:26:35 -0000

On 3/13/19 8:28 AM, Eric Rescorla wrote:
>
>
> On Tue, Mar 12, 2019 at 11:36 PM Adam Roach via Datatracker 
> <noreply@ietf..org <mailto:noreply@ietf.org>> wrote:
>
>
>
>     ----------------------------------------------------------------------
>     DISCUSS:
>     ----------------------------------------------------------------------
>
>     Thanks to everyone who worked on updating this protocol to reflect
>     experience
>     gathered from the initial CT protocol. I have one blocking
>     comment, and a small
>     number of editorial suggestions.
>
>     ---------------------------------------------------------------------------
>
>     §5:
>
>     >  Clients are configured with a base URL for a log and construct URLs
>     >  for requests by appending suffixes to this base URL. This structure
>     >  places some degree of restriction on how log operators can deploy
>     >  these services, as noted in [RFC7320].  However, operational
>     >  experience with version 1 of this protocol has not indicated that
>     >  these restrictions are a problem in practice.
>
>     The synthesis of URLs by a protocol in this fashion is prohibited
>     by BCP 190:
>
>        Scheme definitions define the presence, format, and semantics of a
>        path component in URIs; all other specifications MUST NOT
>     constrain,
>        or define the structure or the semantics for any path component.
>
>     Unless the intention of this document is to update BCP 190 to
>     change this
>     normative requirement, we can't publish it in its current form.
>     Note that doing
>     so would require a change of venue, as updates to BCP 190 would
>     not be covered
>     by the current TRANS charter.
>
>     Please see BCP 190 section 3 for alternate approaches. All three
>     approaches
>     could be made to work for CT, and I would be happy to explain how
>     to do so if
>     clarification is desired.
>
>
> While I agree that this is forbidden by BCP 190, this structure is 
> inherited from
> RFC 6962, which predated 7320, so making that change seems like it's going
> to be fairly disruptive. This seems like it is falling into our 
> discussion the other
> day about what must be changed in -bis documents.


I think the timing of this document is fortuitous, in that it can help 
inform that conversation. In particular, this situation helps me better 
understand why both you and Benjamin raised objections to the high-level 
proposal that unchanged parts of -bis documents shouldn't be subject to 
DISCUSS positions. The take-away that I plan to bring to that 
conversation is that such a decision needs to be informed by (a) scope 
of changes between a document and its -bis, and (b) scope of changes 
required to satisfy a potential DISCUSS position.

In cases like this one, where a not-even-remotely-backwards-compatible 
suite of protocol changes is being made to a protocol in a document 
update whose diff [1] is basically the entire document, I don't think 
the principle of ignoring existing flaws in a previous document really 
applies. I get that both of those predicates are somewhat subjective 
evaluations, and that drawing a line in a process document might be 
difficult; but I think that any standard, however subjective, that you 
would be willing to sign on to would place this document outside the 
category of "bis versions that are making small, incremental changes to 
existing documents."

If the remedy for the flaw were a major overhaul rather than a 
relatively minor tweak, it would again shift the evaluation a bit; 
however, the naïve band-aid solution of moving CT endpoints to live 
under "/.well-known/ct" is a trivial change, both for this document and 
for implementations (in fact, for implementations, it can generally be 
accomplished with a configuration tweak rather than writing new code). 
To be clear, this is a textbook example of the kind of situation URI 
templates were designed for, but that would require substantially more 
work than simply moving it into the .well-known tree. Either approach 
would address the URI ownership issue.

/a

____
[1] 
https://www.ietf.org/rfcdiff?url1=rfc6962&url2=draft-ietf-trans-rfc6962-bis-31

v2.23.0 | Report a Bug | By Email