IETF Logo Mail Archive

Re: [webfinger] Automated Service Configuration now uses webfinger

John Bradley <ve7jtb@ve7jtb.com> Mon, 08 July 2013 20:36 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: webfinger@ietfa.amsl.com
Delivered-To: webfinger@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376AE21F9D7C for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:36:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PO5rw2SpRgrl for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:36:45 -0700 (PDT)
Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com [209.85.220.43]) by ietfa.amsl.com (Postfix) with ESMTP id AFF0221F9C34 for <webfinger@ietf.org>; Mon, 8 Jul 2013 13:36:45 -0700 (PDT)
Received: by mail-pa0-f43.google.com with SMTP id hz11so4739949pad.2 for <webfinger@ietf.org>; Mon, 08 Jul 2013 13:36:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=bMueZGPyo7icovk8eyZZYFm1E+MtGi7R/rA/lEhlov0=; b=MJzuw3QVAyfp719461/V8IDgBBLqP22K6v7xWukioT6d694uzcIwO/alQJcVCple5c tpCmgoHFNMUyrQ2POWsFYTWhx1o5popLkJCskhB3dRAdmEaECjlsgCXLzBs9SFdRSfDT qquRWpBL8hOVzMVmZOieXvTmKYfDjQfqr6PpFoaDNwzjQ1yqkUZrpg0Q8bV+bA09vXsI hB1qd6FTTc99hd2v7wl7YrTLaHi/+U3JR2z17hlHQeFvgogPSmzK84GKbtvN56m0gzml GqCeGL8RxZFN6jxFWKXwZDgWwaiC+w0BcUhEl9rtNsmTYXuy7JsY4D7E3m8eYhMQmsyr 359g==
X-Received: by 10.66.146.105 with SMTP id tb9mr24918155pab.89.1373315805057; Mon, 08 Jul 2013 13:36:45 -0700 (PDT)
Received: from [10.71.223.190] ([12.232.193.126]) by mx.google.com with ESMTPSA id y6sm24153804pbl.23.2013.07.08.13.36.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 08 Jul 2013 13:36:43 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_ADBEEF84-C56B-4249-9CF8-9E4A4E8349D8"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <51DB1B37.9010007@stpeter.im>
Date: Mon, 08 Jul 2013 13:36:42 -0700
Message-Id: <CA73F16B-EBDB-44CD-A199-2ABDD5DE1B59@ve7jtb.com>
References: <F23E5FFF11431C634EC5CA18@caldav.corp.apple.com> <51DABAC6.4090305@doit.wisc.edu> <51DB170A.9070400@stpeter.im> <123e94cf-ce7b-4c38-805e-e18ce0025d5e@email.android.com> <51DB1B37.9010007@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQk+VKQter54KJhCYqA+Yah4yxBmZ0pNFDa2JZOjSN2vcK4g/7tlmYpOsSeXY+1Qg0XcOOQD
Cc: webfinger@ietf.org
Subject: Re: [webfinger] Automated Service Configuration now uses webfinger
X-BeenThere: webfinger@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <webfinger.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webfinger>, <mailto:webfinger-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webfinger>
List-Post: <mailto:webfinger@ietf.org>
List-Help: <mailto:webfinger-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webfinger>, <mailto:webfinger-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 20:36:50 -0000

In Sec 4.2 WF currently allows redirecting requests from a https: uri to another https: uri.

The problem is mostly domains that don't have any sort of secure web hosting to redirect from.

John B.


On 2013-07-08, at 1:04 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:

> On 7/8/13 2:03 PM, Jesse Thompson wrote:
>> 
>> 
>> Peter Saint-Andre <stpeter@stpeter.im> wrote:
>> 
>> On 7/8/13 7:12 AM, Jesse Thompson wrote:
>>>>> On 7/5/13 9:17 AM, Cyrus Daboo wrote:
>>>>>> Hi folks, I have recently posted a new version of the Automated
>>>>>> Service Configuration draft (formerly known as Aggregated Service
>>>>>> Discovery): 
>>>>>> 
>> <https://datatracker.ietf.org/doc/draft-daboo-aggregated-service-discovery/>.
>>>>>> 
>>>>>> 
>>>>>> 
>> This protocol now makes use of webfinger to "bootstrap" discovery of
>> the
>>>>>> config document. Hopefully it will serve as a useful example of
>>>>>> how webfinger can be used by specific applications. I would
>>>>>> appreciate feedback from the webfinger community on how we have
>>>>>> gone about using webfinger, thanks.
>>>>> 
>>>>> Since "the target FQDN is not in the queried domain" will apply to
>>>>> the vast majority of email/calendar domains (hosted by Google,
>>>>> Microsoft, etc):
>>>>> 
>>>>> When it comes to practical implementation, essentially no clients
>>>>> will bother to "verify with the user that the link URI target FQDN
>>>>> is suitable for use before executing any connections to the host", 
>>>>> especially if they already have an auto-config scheme that doesn't 
>>>>> prompt the user (e.g. Thunderbird).
>>>>> 
>>>>> It might be beneficial to the adoption of this standard to bake in
>>>>> a method of secure delegation that could work from day one.
>> 
>> Hi Jesse, do you have anything in mind?
>> 
>> One option might be POSH:
>> 
>> http://datatracker.ietf.org/doc/draft-miller-posh/
>> 
>> However, if the original query to the service domain goes to an HTTPS
>> URI, then following a redirect from there to an HTTPS URI at the
>> target domain seems like a form of secure delegation to me. That's the
>> same model that Matt Miller and I outline in the POSH draft.
>> 
>> If I've misunderstood your comment, please do let me know. :-)
>> 
>>> Yes, I was assuming that would be a good option. 
> 
> OK, so we might want some text about that, which probably could be
> borrowed or adapted from the POSH document.
> 
> Peter
> 
> -- 
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> _______________________________________________
> webfinger mailing list
> webfinger@ietf.org
> https://www.ietf.org/mailman/listinfo/webfinger

v2.23.0 | Report a Bug | By Email