Re: Request for advice

Mark Nottingham <> Thu, 11 February 2016 00:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B93541A8724 for <>; Wed, 10 Feb 2016 16:33:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xoAFqD9J2qxB for <>; Wed, 10 Feb 2016 16:33:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D53D1A8722 for <>; Wed, 10 Feb 2016 16:33:26 -0800 (PST)
Received: from [] (unknown []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 538C822E25F; Wed, 10 Feb 2016 19:33:23 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: Request for advice
From: Mark Nottingham <>
In-Reply-To: <>
Date: Thu, 11 Feb 2016 11:33:21 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Paul Millar <>
X-Mailer: Apple Mail (2.2104)
Archived-At: <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Well-Known URI review list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Feb 2016 00:33:28 -0000

Hi Paul,

> On 10 Feb 2016, at 11:14 pm, Paul Millar <> wrote:
> Hi,
> I am working within a small team devising a new HTTP-based protocol.  We hope to use a /.well-known URI and register this protocol with IANA.
> The protocol involves the client issuing a POST request to the server and receiving some information back; i.e., this is not a lookup (GET or HEAD) request.
> As I see it, there are two options:
> a.	client issues POST requests directly to a well-known
> 	endpoint; e.g., /.well-known/<foo>
> b.	client issues GET request to /.well-known/<foo-discovery>
> 	endpoint.  The response describes the location of <foo>.
> 	The client makes POST request to that URI.
> Option a. has some advantages in terms of latency and reduced complexity; however, it seems from RFC 5785 that the latter option is more in line with the intended use of /.well-known.  Option b. is also the approach taken by most other registrants (e.g., OpenID-Configuration)
> Would both approach be acceptable, or should we focus on option b. ?

(b) gives people who deploy more flexibility, in that they can direct clients to a different server, etc. This is especially helpful when you're expecting a POST, because if you want to redirect them, they'll have to retransmit the request body (unless both sides support expect/continue, which has proven problematic over the years).

It's true that this way requires an extra request, but the response can be cached. 

One question -- are you using a .well-known to enable someone to find out something about the host, or is it just a convenience? 

I.e., is it acceptable for your service to take a full URL as an input instead of a hostname? 


Mark Nottingham