Re: [Vcon] HTTPS only for externally referenced files
Thomas Howe <ghostofbasho@gmail.com> Mon, 22 April 2024 19:30 UTC
Return-Path: <ghostofbasho@gmail.com>
X-Original-To: vcon@ietfa.amsl.com
Delivered-To: vcon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D035C1930D8 for <vcon@ietfa.amsl.com>; Mon, 22 Apr 2024 12:30:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwbBqpKH_IdV for <vcon@ietfa.amsl.com>; Mon, 22 Apr 2024 12:30:28 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2327DC18DBA6 for <vcon@ietf.org>; Mon, 22 Apr 2024 12:30:28 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id ada2fe7eead31-479d1454cb4so1779205137.2 for <vcon@ietf.org>; Mon, 22 Apr 2024 12:30:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713814226; x=1714419026; darn=ietf.org; h=message-id:date:in-reply-to:cc:to:subject:from:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KLmwehBM5aaZuY/DLi9LiUaZYlKCdA0lUYkupQqhOwQ=; b=TDtk83EIINxQcoZrLvtUlWpQtT+7GMTHqGVvapox9RWd5X6BHSVO+aHwdq3bbA0kPd OWJBo7Dd7+QpJMhpzvqwuB/l0b4LS4tJwZvEudgS9mvEA2glUOMnuVDvWAnV33KmfZCi U5As4CAovw2vnm05jSvmzdHU/RMIaf6GTDh2v5zIw6jpBczE3Em1FMM5wpN3aM6g7ZLT jpIlxd7+PDkVEnODO+35Wkdh21OgYaSc7+qZwmlr3oei6ixDmLHKIl5rGzYL0k8u+jko 8J6823qE6lUCrghl3hqOsPB2WwJB6XlI7TWmWatILQ/eKWkZkLNT2YXhDNYvwr0WoVnl eZ7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713814226; x=1714419026; h=message-id:date:in-reply-to:cc:to:subject:from:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KLmwehBM5aaZuY/DLi9LiUaZYlKCdA0lUYkupQqhOwQ=; b=KaezxAFwWS/SMuFaas6xInVWuor1Rm/F2n5+N6MdjKKcaZxtfvXHCcHHlDiWj+Wu5S 3w6nAQYqfxuEjUXe4C5xssOFdlxhVLo8QjQTu3186T6KnqY6LmqX74KIk8Roy3YO1sgo OsplakKKaY5kDNHMMqs/tUig61sQy5b6fPGrJQB4Kr3KhOFcm6Ly7hWXerdiJLRfUrue ZYudp6pyPTHqzn35x5DLE2h423Gz/xE8nKAKbcU3ZVJstGE7BsLA/dVAG4gF4xPPPHXC pROo7x9wf7uRiQLs9p8MQVz0mG3Kst08X8fhLqRprGNG0ucOeSpvlEkJgoP5DCA/BnDa QRTw==
X-Gm-Message-State: AOJu0Yzir7uhlXIxHErlOfMv+/yID5TJSy1D9i79ZBbQtsTzzS6TM70V 01QzypA89TASQOrcYURziNj5Ra8lbsEmg/Pwick69Bp0HOGzs+cNPPtn7Q==
X-Google-Smtp-Source: AGHT+IHrZ6qdYEel6wpu4uv17QR6wLEEQlxR/lotrfV9sOgQmztVWl1jtNCcme7wMCTHLbKe4bRyTg==
X-Received: by 2002:a05:6102:21db:b0:47b:cc56:7aa8 with SMTP id r27-20020a05610221db00b0047bcc567aa8mr12455818vsg.1.1713814226211; Mon, 22 Apr 2024 12:30:26 -0700 (PDT)
Received: from localhost (0.92.231.35.bc.googleusercontent.com. [35.231.92.0]) by smtp.gmail.com with UTF8SMTPSA id fs2-20020a056130198200b007ee0026399csm162329uab.3.2024.04.22.12.30.25 for <vcon@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 22 Apr 2024 12:30:26 -0700 (PDT)
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2024-04-18T19:05:56Z)
References: <Zh9yCE0MO2J5z15J@laurabook.local>
From: Thomas Howe <ghostofbasho@gmail.com>
To: Laura Orvokki Kursula <lav=40vampires.gay@dmarc.ietf.org>
Cc: vcon@ietf.org
X-Superhuman-ID: lvbcq5zo.7d8fbeaa-3cfb-4bd8-bcce-596191913411
X-Superhuman-Draft-ID: draft003ab4847ee5fc82
In-Reply-To: <Zh9yCE0MO2J5z15J@laurabook.local>
Date: Mon, 22 Apr 2024 19:30:23 +0000
Message-ID: <lvbbt3px.86ed82b2-e8c8-4a67-92f7-68c9278b4061@we.are.superhuman.com>
Content-Type: multipart/alternative; boundary="58d85e232cef50b11387db065196c65429f8e466104a01f03ce8438bb04c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/vcon/zrNYbW_invITHK2LydnH6U2NH2g>
Subject: Re: [Vcon] HTTPS only for externally referenced files
X-BeenThere: vcon@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: container for conversation data <vcon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcon>, <mailto:vcon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vcon/>
List-Post: <mailto:vcon@ietf.org>
List-Help: <mailto:vcon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcon>, <mailto:vcon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2024 19:30:32 -0000
Thank you Laura, and welcome. And that's a great question. I'm pretty new here myself, and here's how I understand it. BTW, for me at least, RFC 3935 ( https://datatracker.ietf.org/doc/rfc3935/ ) "A Mission Statement for the IETF" is invaluable. The killer paragraph that I think addresses this is: Quality: In this context, the ability to express ideas with enough clarity that they can be understood in the same way by all people building systems to conform to them, and the ability (and willingness) to describe the properties of the system well enough to understand important consequences of its design, and to ensure that those consequences are beneficial to the Internet as a whole. It also means that the specifications are designed with adherence to sound network engineering principles, so that use for its intended purpose is likely to be effective and not harmful to the Internet as a whole. Second place: Standard: As used here, the term describes a specification of a protocol, system behaviour or procedure that has a unique identifier, and where the IETF has agreed that "if you want to do this thing, this is the description of how to do it". It does not imply any attempt by the IETF to mandate its use, or any attempt to police its usage - only that "if you say that you are doing this according to this standard, do it this way". The benefit of a standard to the Internet is in interoperability - that multiple products implementing a standard are able to work together in order to deliver valuable functions to the Internet's users. Thus, the choice of HTTPS is an accelerant to quality, and therefore supportive of making the Internet work better. Secondly, the simpler the standard, the faster the interoperability. As a practical matter, we are suggesting the simplest, basest case for vCons for this work group. That said, there are no protocol police. I've looked. ===================== Thomas Howe ( http://www.lightandelectric.com ) +1 (508) 364-9972 Sent via Superhuman ( https://sprh.mn/?vip=ghostofbasho@gmail.com ) On Wed, Apr 17, 2024 at 2:54 AM, Laura Orvokki Kursula < lav=40vampires.gay@dmarc.ietf.org > wrote: > > > > Good day everyone, > > > > I recently came upon this project by chance, and I find it really > interesting! Reading the draft, it caught my attention that it requires > the use of HTTPS for externally referenced files for confidentiality > reasons (as a MUST in section > 2.4.1 and as a SHOULD in section 5). I'm wondering whether there is a > specific reason to require HTTPS over other secure means of transfering > files -- I could imagine that another protocol could be more expedient for > some users. What do others on this list think about this? I hope I am > doing this correctly, since I am new to IETF things. > > > > Kindest regards, > Laura Orvokki Kursula > > > > -- > > > > vCard: > https://vampires.gay/laura.vcf > > > > PGP: > https://vampires.gay/keys/laura.asc > 6710 55FA EFAB B442 44C4 F96F 3537 89E9 466D 09A8 > > > > -- > Vcon mailing list > Vcon@ ietf. org ( Vcon@ietf.org ) > https:/ / www. ietf. org/ mailman/ listinfo/ vcon ( > https://www.ietf.org/mailman/listinfo/vcon ) > > >
- [Vcon] HTTPS only for externally referenced files Laura Orvokki Kursula
- Re: [Vcon] HTTPS only for externally referenced f… Thomas Howe