Re: [webfinger] Automated Service Configuration now uses webfinger
John Bradley <ve7jtb@ve7jtb.com> Mon, 08 July 2013 20:36 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: webfinger@ietfa.amsl.com
Delivered-To: webfinger@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376AE21F9D7C for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:36:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PO5rw2SpRgrl for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:36:45 -0700 (PDT)
Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com [209.85.220.43]) by ietfa.amsl.com (Postfix) with ESMTP id AFF0221F9C34 for <webfinger@ietf.org>; Mon, 8 Jul 2013 13:36:45 -0700 (PDT)
Received: by mail-pa0-f43.google.com with SMTP id hz11so4739949pad.2 for <webfinger@ietf.org>; Mon, 08 Jul 2013 13:36:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=bMueZGPyo7icovk8eyZZYFm1E+MtGi7R/rA/lEhlov0=; b=MJzuw3QVAyfp719461/V8IDgBBLqP22K6v7xWukioT6d694uzcIwO/alQJcVCple5c tpCmgoHFNMUyrQ2POWsFYTWhx1o5popLkJCskhB3dRAdmEaECjlsgCXLzBs9SFdRSfDT qquRWpBL8hOVzMVmZOieXvTmKYfDjQfqr6PpFoaDNwzjQ1yqkUZrpg0Q8bV+bA09vXsI hB1qd6FTTc99hd2v7wl7YrTLaHi/+U3JR2z17hlHQeFvgogPSmzK84GKbtvN56m0gzml GqCeGL8RxZFN6jxFWKXwZDgWwaiC+w0BcUhEl9rtNsmTYXuy7JsY4D7E3m8eYhMQmsyr 359g==
X-Received: by 10.66.146.105 with SMTP id tb9mr24918155pab.89.1373315805057; Mon, 08 Jul 2013 13:36:45 -0700 (PDT)
Received: from [10.71.223.190] ([12.232.193.126]) by mx.google.com with ESMTPSA id y6sm24153804pbl.23.2013.07.08.13.36.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 08 Jul 2013 13:36:43 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_ADBEEF84-C56B-4249-9CF8-9E4A4E8349D8"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <51DB1B37.9010007@stpeter.im>
Date: Mon, 08 Jul 2013 13:36:42 -0700
Message-Id: <CA73F16B-EBDB-44CD-A199-2ABDD5DE1B59@ve7jtb.com>
References: <F23E5FFF11431C634EC5CA18@caldav.corp.apple.com> <51DABAC6.4090305@doit.wisc.edu> <51DB170A.9070400@stpeter.im> <123e94cf-ce7b-4c38-805e-e18ce0025d5e@email.android.com> <51DB1B37.9010007@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQk+VKQter54KJhCYqA+Yah4yxBmZ0pNFDa2JZOjSN2vcK4g/7tlmYpOsSeXY+1Qg0XcOOQD
Cc: webfinger@ietf.org
Subject: Re: [webfinger] Automated Service Configuration now uses webfinger
X-BeenThere: webfinger@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <webfinger.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webfinger>, <mailto:webfinger-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webfinger>
List-Post: <mailto:webfinger@ietf.org>
List-Help: <mailto:webfinger-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webfinger>, <mailto:webfinger-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 20:36:50 -0000
In Sec 4.2 WF currently allows redirecting requests from a https: uri to another https: uri. The problem is mostly domains that don't have any sort of secure web hosting to redirect from. John B. On 2013-07-08, at 1:04 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote: > On 7/8/13 2:03 PM, Jesse Thompson wrote: >> >> >> Peter Saint-Andre <stpeter@stpeter.im> wrote: >> >> On 7/8/13 7:12 AM, Jesse Thompson wrote: >>>>> On 7/5/13 9:17 AM, Cyrus Daboo wrote: >>>>>> Hi folks, I have recently posted a new version of the Automated >>>>>> Service Configuration draft (formerly known as Aggregated Service >>>>>> Discovery): >>>>>> >> <https://datatracker.ietf.org/doc/draft-daboo-aggregated-service-discovery/>. >>>>>> >>>>>> >>>>>> >> This protocol now makes use of webfinger to "bootstrap" discovery of >> the >>>>>> config document. Hopefully it will serve as a useful example of >>>>>> how webfinger can be used by specific applications. I would >>>>>> appreciate feedback from the webfinger community on how we have >>>>>> gone about using webfinger, thanks. >>>>> >>>>> Since "the target FQDN is not in the queried domain" will apply to >>>>> the vast majority of email/calendar domains (hosted by Google, >>>>> Microsoft, etc): >>>>> >>>>> When it comes to practical implementation, essentially no clients >>>>> will bother to "verify with the user that the link URI target FQDN >>>>> is suitable for use before executing any connections to the host", >>>>> especially if they already have an auto-config scheme that doesn't >>>>> prompt the user (e.g. Thunderbird). >>>>> >>>>> It might be beneficial to the adoption of this standard to bake in >>>>> a method of secure delegation that could work from day one. >> >> Hi Jesse, do you have anything in mind? >> >> One option might be POSH: >> >> http://datatracker.ietf.org/doc/draft-miller-posh/ >> >> However, if the original query to the service domain goes to an HTTPS >> URI, then following a redirect from there to an HTTPS URI at the >> target domain seems like a form of secure delegation to me. That's the >> same model that Matt Miller and I outline in the POSH draft. >> >> If I've misunderstood your comment, please do let me know. :-) >> >>> Yes, I was assuming that would be a good option. > > OK, so we might want some text about that, which probably could be > borrowed or adapted from the POSH document. > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger
- [webfinger] Automated Service Configuration now u… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… John Bradley
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… Paul E. Jones
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Gonzalo Salgueiro
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson