IETF Logo Mail Archive

Re: Request for well-known URI: est

Peter Saint-Andre <stpeter@stpeter.im> Thu, 15 August 2013 19:23 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: wellknown-uri-review@ietfa.amsl.com
Delivered-To: wellknown-uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6E4E11E80AD for <wellknown-uri-review@ietfa.amsl.com>; Thu, 15 Aug 2013 12:23:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.188
X-Spam-Level:
X-Spam-Status: No, score=-102.188 tagged_above=-999 required=5 tests=[AWL=0.411, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBk1nclOxw+S for <wellknown-uri-review@ietfa.amsl.com>; Thu, 15 Aug 2013 12:22:57 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 36DCC11E8167 for <wellknown-uri-review@ietf.org>; Thu, 15 Aug 2013 12:22:57 -0700 (PDT)
Received: from ergon.local (unknown [64.101.72.39]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id C831640542; Thu, 15 Aug 2013 13:25:57 -0600 (MDT)
Message-ID: <520D2A8D.3030100@stpeter.im>
Date: Thu, 15 Aug 2013 13:22:53 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Sean Turner <turners@ieca.com>
Subject: Re: Request for well-known URI: est
References: <516D6CC8.6070705@ieca.com>
In-Reply-To: <516D6CC8.6070705@ieca.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: apps-ads@tools.ietf.org, wellknown-uri-review@ietf.org, draft-ietf-pkix-est@tools.ietf.org
X-BeenThere: wellknown-uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Well-Known URI review list <wellknown-uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wellknown-uri-review>, <mailto:wellknown-uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wellknown-uri-review>
List-Post: <mailto:wellknown-uri-review@ietf.org>
List-Help: <mailto:wellknown-uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wellknown-uri-review>, <mailto:wellknown-uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 19:23:01 -0000

On 4/16/13 9:22 AM, Sean Turner wrote:
> Hi wellknown-uri experts!
> 
> I'd like to request a review of registration request for
> .well-known/est, which is found in
> https://datatracker.ietf.org/doc/draft-ietf-pkix-est/.
> 
> Summary: EST (Enrollment over Secure Transport) is a way for clients to
> retrieve PKI-related "stuff" from an EST server.  Think posting
> enrollment requests (i.e., PKCS#10), getting enrollment responses (i.e.,
> PKCS#7 certs-only), re-enrollment, CA certificates, etc.
> 
> 
> A related question, which I'm hoping you might be able to help with:
> when specifying the URI bit below our soon-to-be wellknown URI do we
> need to specify whether they are case sensitive or not?  For example, we
> have:
> 
> /.well-known/est/CACerts
> 
> but would that only be the same as the following if we state that it's
> case insensitive:
> 
> /.well-known/est/cacerts

I know this I-D was just approved for publication, but I have a question
about the well-known URI registration. The document registers only the
"est" suffix. However, the document itself uses a number of well-known
URIs, such as the one that Sean mentioned above:

/.well-known/est/cacerts

And so on:

/.well-known/est/csrattrs
/.well-known/est/simpleenroll
[etc.]

By my reading of RFC 5785, each well-known URI would need to be
registered separately.

However, in a later reply within this thread (which I don't have
archived in my mail client), Mark Nottingham said the following
(seemingly as the designed expert for this registry):

"Each well-known controls the name space "below" it, so you can do what
you like there (within the constraints of URIs)."

http://www.ietf.org/mail-archive/web/wellknown-uri-review/current/msg00082.html

RFC 5785 says:

   Applications that wish to mint new well-known URIs MUST register
   them, following the procedures in Section 5.1.

   For example, if an application registers the name 'example', the
   corresponding well-known URI on 'http://www.example.com/' would be
   'http://www.example.com/.well-known/example'.

RFC 5785 does *not* say:

   For example, if an application registers the name 'example' then the
   corresponding well-known URIs on 'http://www.example.com' would be
   any URI starting with 'http://www.example.com/.well-known/example',
   such as 'http://www.example.com/.well-known/example-foo' or
   'http://www.example.com/.well-known/example/foo' or
   'http://www.example.com/.well-known/example/foo/bar'

IMHO clarification would be helpful here.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email