Re: [Uta] STS directive registry: separate or shared?
Mark Risher <risher@google.com> Fri, 15 April 2016 01:16 UTC
Return-Path: <risher@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0005012DB3F for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 18:16:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wm1vBBKxJF9Z for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 18:16:22 -0700 (PDT)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B549F12D957 for <uta@ietf.org>; Thu, 14 Apr 2016 18:16:21 -0700 (PDT)
Received: by mail-vk0-x233.google.com with SMTP id t129so130715572vkg.2 for <uta@ietf.org>; Thu, 14 Apr 2016 18:16:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=r8nPw4fNDMhMdarPAAVLjBTYss2oA/9uB1cyJ419wqM=; b=MFB2xfaQSFZBLpO7SS4ZyRxs6B9ufHZorD+q7EA6qxVlCz/y5OnWZX0NmVd8nUIn3E HHCaP3DMq5LTVQ+VaRfTIIjppvREHBj8Qi82hI606CU+5BaOW9ieskmACgfNQpbbiwoc x/yHOatF0wNOL+gLtlfbrIO3bBUYxZAiQ2M4PT0Vj8GzUg9X4Q/72cqy1yU50z6p5V9h utbEa/DbPFxFYvR7VVcL0OTd8qvu4IroDLcCUIuKsIoQ09WsTGUlhpESsCIHqyVv7YPe gyZTMVCjxdkUqHqnxKKejtXMBKqK7V3sUOO9n/F09R7q1yxgpKbUJbBAwlIPEAEXG3wk 6ZBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=r8nPw4fNDMhMdarPAAVLjBTYss2oA/9uB1cyJ419wqM=; b=QCjPLCHEBpKPW4vzTnfeluooxBOY/7iF263dDF+mYiwgElhxl9F+xL0gDX4hpbjxU0 ockXvQwpKk0ILvdL5qYLfjw7v5AH29tkVKTOrjTyGegk786LHocLPqkQ57AdB0vWqb1o CXuJwasaqMSYY97iYx4uOSQtGHV6yXv/VNXvhBOyc3+8lpfDJjKp9dUux2+AeQ4yEgsN A1RsIeS8sabnI7KTwZEb4dASfeUnZnpA2zSDfzcPbQNdgppSYwuy6hEiIeS3FLw50HBl ZRl9gXfadR/0agPIlueIdj1i0PH2SsQy1wRDy1jIi1hL7LYodeNH0iEUSyhNIuf2nbed KWZA==
X-Gm-Message-State: AOPr4FWu/DvjE7Zz6A+VZem6byOn4sSXp32vopvzJVcnzVpWDLV8zhbof2GfO5wIe0/WQpbItkUv5eGuwNouUNh9
MIME-Version: 1.0
X-Received: by 10.31.136.65 with SMTP id k62mr9111068vkd.145.1460682980629; Thu, 14 Apr 2016 18:16:20 -0700 (PDT)
Received: by 10.159.39.38 with HTTP; Thu, 14 Apr 2016 18:16:20 -0700 (PDT)
In-Reply-To: <570FCBC3.6030304@isode.com>
References: <etPan.570fcb56.1b83edb9.17026@dhcp-amer-vpn-adc-anyconnect-10-154-168-221.vpn.oracle.com> <570FCBC3.6030304@isode.com>
Date: Thu, 14 Apr 2016 18:16:20 -0700
Message-ID: <CAB0W=GQUxT8fW+mV=HZZRqmE8fz=uri-g_7FG1nvJuz5JtP0eA@mail.gmail.com>
From: Mark Risher <risher@google.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary="001a114418763125cf05307bc212"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/qqMFR3p0Oxbe4ArfJM4AZ4KN9PM>
Cc: "uta@ietf.org" <uta@ietf.org>, Chris Newman <chris.newman@oracle.com>
Subject: Re: [Uta] STS directive registry: separate or shared?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2016 01:16:24 -0000
I like the idea of the shared registry (option 2). Let me know if there's a particular way we should reference it in the SMTP STS draft. /m -- Mark E. Risher | Group Product Manager | risher@google.com | 650-253-3123 On Thu, Apr 14, 2016 at 9:56 AM, Alexey Melnikov <alexey.melnikov@isode.com> wrote: > Hi Chris, > > On 14/04/2016 17:54, Chris Newman wrote: > > Right now we have 3 STS proposals: HSTS, SMTP relay STS and MUA STS (DEEP). > > HSTS described its extensibility model, but punted on actually creating a > registry. A registry covering HSTS would be useful because there’s at least > one limited-use directive in the wild in addition to those in the HSTS base > spec. MUA STS currently describes an extensibility model and creates a > registry just for itself. SMTP relay STS is missing both an extensibility > model and registry, although Viktor has made a compelling case that we we > want to be minimal on SMTP relay STS directives (at least initially). > > There are two ways to move forward: > > 1. Each protocol is responsible for it’s own extension model and registry. > This has the advantage of getting MUA STS done sooner, but we’ll probably > end up with 2 or 3 separate registries with some redundancy and potential > for semantic conflicts in STS directives with the same name between > protocols. > > 2. We create a combined STS registry that includes a > protocol-applicability field for each directive. Some directives would be > multi-protocol (e.g., max-age may be shared between HSTS and SMTP relay > STS), most would be single-protocol initially (that could change later). > One advantage to this approach is it gives us a place to include some prose > about why STS proposals are different and why different applicability is > important. But this would take a bit longer and mean the WG would have > another draft. This would make life slightly simpler for SMTP relay STS as > it would just have to describe its extensibility model and point to the > shared registry. If we do this, I am willing to co-author the > shared-registry spec and Jeff Hodges (co-author of HSTS spec) is also > willing to co-author the spec. > > I lean slightly towards option 2, but we need a WG rough consensus to > pursue that option as it’s a fairly significant change to MUA STS. Comments? > > I think I prefer option 2 or at least I would like to see us try. I am > happy to help with this. > > Best Regards, > Alexey > > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta > >
- [Uta] STS directive registry: separate or shared? Chris Newman
- Re: [Uta] STS directive registry: separate or sha… Alexey Melnikov
- Re: [Uta] STS directive registry: separate or sha… Mark Risher
- Re: [Uta] STS directive registry: separate or sha… Aaron Zauner