IETF Logo Mail Archive

Re: [Trans] Directory instead of .well-known for URL structure

Andrew Ayer <agwa@andrewayer.name> Tue, 09 July 2019 00:51 UTC

Return-Path: <agwa@andrewayer.name>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7D6120045 for <trans@ietfa.amsl.com>; Mon, 8 Jul 2019 17:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewayer.name
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NC1T8tAQZoxy for <trans@ietfa.amsl.com>; Mon, 8 Jul 2019 17:51:18 -0700 (PDT)
Received: from thomson.beanwood.com (thomson.beanwood.com [18.220.42.202]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 965FD12023F for <trans@ietf.org>; Mon, 8 Jul 2019 17:51:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=beanwood20160511; t=1562633477; bh=xNccySOVqVm/oGU0UmFIrhhaRU/qAxT/f9ILND7K9w4=; h=Date:From:To:Subject:In-Reply-To:References; b=BxvIoEp3LrU93Ehg6pYM0TQo4HIbY3OzCDmZnJrvUdzs4JE6LBWRj8yy3K7KiFOHB u+3J7KjsUwZIWSjNdLnwv3JTdwmqXIyXyRWOchrK2ytY5uvFqa9JU29NySwLjeM/IL nbHXs7Bx4nZGDnDOLEICUdBC9dcUJCQkUf7uu1dtnnah30D0ggWwWIo8Vhdqcv3/bQ UOjrNRkP22skEXIt46IjXb440tqeTolb/3CgBqUuj5Pxmk3FrnKjdBeucmbSx9s/dD jvwRHLpGEDCmhXCQ9d8wFZnHy/fgutAMWhCNuthUzgagLX6DSukIbA457VJgD4BN6N D6XjlSUbb3irA==
Date: Mon, 08 Jul 2019 17:57:45 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: "trans@ietf.org" <trans@ietf.org>
Message-Id: <20190708175745.563c1e39f82c3b176900043e@andrewayer.name>
In-Reply-To: <8eb2939b-c6b1-a80b-787f-4d3c02b73f8b@sectigo.com>
References: <0d5e05fc-8f1e-54b5-536d-231153e7baf7@eff.org> <20190701123701.b3ba6b44ef85a74da6209e64@andrewayer.name> <2cbff182-7c7a-4c55-b2d2-a67f41dd7436@sectigo.com> <CAPbZxJTvk805WtR6FF8xUR0GS=E9gcEMphJR658GuTN8V0h_qg@mail.gmail.com> <047d5a04-4176-6651-b200-6ce7ce8a8266@sectigo.com> <CALzYgEc_aE+pcB-Y59VsG-s9PHyEW=94vUQdWZ7o-PvOra9PmQ@mail.gmail.com> <20190703092938.a19bf6ad88155f0b82c9fca5@andrewayer.name> <83f686e3-4e15-32a1-5a5f-ffb90822ae89@sectigo.com> <CALzYgEdQg1scqdMkeD3MCXkn_tGWG65U3Kq2ci5J-tfUXp0zSQ@mail.gmail.com> <8eb2939b-c6b1-a80b-787f-4d3c02b73f8b@sectigo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/yB0keo9_GsitXsjUCX5yXcCg-CQ>
Subject: Re: [Trans] Directory instead of .well-known for URL structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 00:51:21 -0000

On Fri, 5 Jul 2019 11:44:38 +0000
Rob Stradling <rob@sectigo.com> wrote:

> James Manager commented on this PR [1]:
> 
> "The log parameters are not URLs, but URL templates.
> The variables that can appear in the templates need to be defined as 
> well. That is, 'first', 'second', 'hash', 'start, and 'end' for
> various templates.
> Otherwise the spec is still forcing URL structure on servers (ie 
> variables MUST be querystring fields with these given names)."
> 
> How do folks feel about this?

I'm opposed to using URL templates, as it would increase client
complexity by forcing them to include template interpolation logic.

This WG has already reached consensus that BCP 190 compliance is
unnecessary for CT, as years of real-world experience with RFC6962
deployment has showed that no log operator needs the additional
flexibility that BCP 190 aims to provide.  I think we should go further
and say that BCP 190 compliance is detrimental to CT, as we've
explored several options to add compliance and they all make CT worse -
by *reducing* flexibility for log operators in a way that actually
causes them problems (well-known), increasing the load on logs
(directories), or by adding complexity to clients (URL templates).  I
doubt that the intent of BCP 190 was to make protocols worse.  I hope
we can move forward without BCP 190 compliance in CT.

Regards,
Andrew

v2.23.0 | Report a Bug | By Email