Re: [webfinger] Automated Service Configuration now uses webfinger
Peter Saint-Andre <stpeter@stpeter.im> Mon, 08 July 2013 20:04 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: webfinger@ietfa.amsl.com
Delivered-To: webfinger@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A896E21F9A57 for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:04:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.534
X-Spam-Level:
X-Spam-Status: No, score=-102.534 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ccg7KbLZSpal for <webfinger@ietfa.amsl.com>; Mon, 8 Jul 2013 13:04:10 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB8421F9A29 for <webfinger@ietf.org>; Mon, 8 Jul 2013 13:04:10 -0700 (PDT)
Received: from ergon.local (unknown [128.107.239.233]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 54735413B8; Mon, 8 Jul 2013 14:05:10 -0600 (MDT)
Message-ID: <51DB1B37.9010007@stpeter.im>
Date: Mon, 08 Jul 2013 14:04:07 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: webfinger@ietf.org
References: <F23E5FFF11431C634EC5CA18@caldav.corp.apple.com> <51DABAC6.4090305@doit.wisc.edu> <51DB170A.9070400@stpeter.im> <123e94cf-ce7b-4c38-805e-e18ce0025d5e@email.android.com>
In-Reply-To: <123e94cf-ce7b-4c38-805e-e18ce0025d5e@email.android.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [webfinger] Automated Service Configuration now uses webfinger
X-BeenThere: webfinger@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <webfinger.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webfinger>, <mailto:webfinger-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webfinger>
List-Post: <mailto:webfinger@ietf.org>
List-Help: <mailto:webfinger-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webfinger>, <mailto:webfinger-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 20:04:14 -0000
On 7/8/13 2:03 PM, Jesse Thompson wrote: > > > Peter Saint-Andre <stpeter@stpeter.im> wrote: > > On 7/8/13 7:12 AM, Jesse Thompson wrote: >>>> On 7/5/13 9:17 AM, Cyrus Daboo wrote: >>>>> Hi folks, I have recently posted a new version of the Automated >>>>> Service Configuration draft (formerly known as Aggregated Service >>>>> Discovery): >>>>> > <https://datatracker.ietf.org/doc/draft-daboo-aggregated-service-discovery/>. >>>>> >>>>> >>>>> > This protocol now makes use of webfinger to "bootstrap" discovery of > the >>>>> config document. Hopefully it will serve as a useful example of >>>>> how webfinger can be used by specific applications. I would >>>>> appreciate feedback from the webfinger community on how we have >>>>> gone about using webfinger, thanks. >>>> >>>> Since "the target FQDN is not in the queried domain" will apply to >>>> the vast majority of email/calendar domains (hosted by Google, >>>> Microsoft, etc): >>>> >>>> When it comes to practical implementation, essentially no clients >>>> will bother to "verify with the user that the link URI target FQDN >>>> is suitable for use before executing any connections to the host", >>>> especially if they already have an auto-config scheme that doesn't >>>> prompt the user (e.g. Thunderbird). >>>> >>>> It might be beneficial to the adoption of this standard to bake in >>>> a method of secure delegation that could work from day one. > > Hi Jesse, do you have anything in mind? > > One option might be POSH: > > http://datatracker.ietf.org/doc/draft-miller-posh/ > > However, if the original query to the service domain goes to an HTTPS > URI, then following a redirect from there to an HTTPS URI at the > target domain seems like a form of secure delegation to me. That's the > same model that Matt Miller and I outline in the POSH draft. > > If I've misunderstood your comment, please do let me know. :-) > >> Yes, I was assuming that would be a good option. OK, so we might want some text about that, which probably could be borrowed or adapted from the POSH document. Peter -- Peter Saint-Andre https://stpeter.im/
- [webfinger] Automated Service Configuration now u… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… John Bradley
- Re: [webfinger] Automated Service Configuration n… Peter Saint-Andre
- Re: [webfinger] Automated Service Configuration n… Paul E. Jones
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Cyrus Daboo
- Re: [webfinger] Automated Service Configuration n… Markus Lanthaler
- Re: [webfinger] Automated Service Configuration n… Gonzalo Salgueiro
- Re: [webfinger] Automated Service Configuration n… Jesse Thompson