[Uta] STS directive registry: separate or shared?
Chris Newman <chris.newman@oracle.com> Thu, 14 April 2016 16:54 UTC
Return-Path: <chris.newman@oracle.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4B812DD42 for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 09:54:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.197
X-Spam-Level:
X-Spam-Status: No, score=-5.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OpLs3Yr9qREt for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 09:54:55 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A02C12D74B for <uta@ietf.org>; Thu, 14 Apr 2016 09:54:51 -0700 (PDT)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3EGsndt000551 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <uta@ietf.org>; Thu, 14 Apr 2016 16:54:50 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u3EGsn6X001790 for <uta@ietf.org>; Thu, 14 Apr 2016 16:54:49 GMT
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_77HUo+2/kiRU1ZiuRyAe4A)"
Received: from dhcp-amer-vpn-adc-anyconnect-10-154-168-221.vpn.oracle.com (dhcp-amer-vpn-adc-anyconnect-10-154-168-221.vpn.oracle.com [10.154.168.221]) by gotmail.us.oracle.com (Oracle Communications Messaging Server 8.0.0.0.0 64bit (built Mar 19 2015)) with ESMTPSA id <0O5M00A2JUZAO200@gotmail.us.oracle.com> for uta@ietf.org; Thu, 14 Apr 2016 09:54:48 -0700 (PDT)
Date: Thu, 14 Apr 2016 09:54:41 -0700
From: Chris Newman <chris.newman@oracle.com>
To: "uta@ietf.org" <uta@ietf.org>
Message-id: <etPan.570fcb56.1b83edb9.17026@dhcp-amer-vpn-adc-anyconnect-10-154-168-221.vpn.oracle.com>
X-Mailer: Airmail (351)
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/uof7KZ72cqWKN_bsp56PleEQH0k>
Subject: [Uta] STS directive registry: separate or shared?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 16:54:57 -0000
Right now we have 3 STS proposals: HSTS, SMTP relay STS and MUA STS (DEEP). HSTS described its extensibility model, but punted on actually creating a registry. A registry covering HSTS would be useful because there’s at least one limited-use directive in the wild in addition to those in the HSTS base spec. MUA STS currently describes an extensibility model and creates a registry just for itself. SMTP relay STS is missing both an extensibility model and registry, although Viktor has made a compelling case that we we want to be minimal on SMTP relay STS directives (at least initially). There are two ways to move forward: 1. Each protocol is responsible for it’s own extension model and registry. This has the advantage of getting MUA STS done sooner, but we’ll probably end up with 2 or 3 separate registries with some redundancy and potential for semantic conflicts in STS directives with the same name between protocols. 2. We create a combined STS registry that includes a protocol-applicability field for each directive. Some directives would be multi-protocol (e.g., max-age may be shared between HSTS and SMTP relay STS), most would be single-protocol initially (that could change later). One advantage to this approach is it gives us a place to include some prose about why STS proposals are different and why different applicability is important. But this would take a bit longer and mean the WG would have another draft. This would make life slightly simpler for SMTP relay STS as it would just have to describe its extensibility model and point to the shared registry. If we do this, I am willing to co-author the shared-registry spec and Jeff Hodges (co-author of HSTS spec) is also willing to co-author the spec. I lean slightly towards option 2, but we need a WG rough consensus to pursue that option as it’s a fairly significant change to MUA STS. Comments? - Chris
- [Uta] STS directive registry: separate or shared? Chris Newman
- Re: [Uta] STS directive registry: separate or sha… Alexey Melnikov
- Re: [Uta] STS directive registry: separate or sha… Mark Risher
- Re: [Uta] STS directive registry: separate or sha… Aaron Zauner