Re: Request for well-known URI: est

Mark Nottingham <mnot@mnot.net> Fri, 23 August 2013 03:10 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: wellknown-uri-review@ietfa.amsl.com
Delivered-To: wellknown-uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A22611E8197 for <wellknown-uri-review@ietfa.amsl.com>; Thu, 22 Aug 2013 20:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.279
X-Spam-Level:
X-Spam-Status: No, score=-104.279 tagged_above=-999 required=5 tests=[AWL=-1.680, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8--WW6O0VLzh for <wellknown-uri-review@ietfa.amsl.com>; Thu, 22 Aug 2013 20:10:52 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) by ietfa.amsl.com (Postfix) with ESMTP id 846BB11E81A2 for <wellknown-uri-review@ietf.org>; Thu, 22 Aug 2013 20:10:49 -0700 (PDT)
Received: from mnot-mini.mnot.net (unknown [118.209.235.39]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 8184B50A86; Thu, 22 Aug 2013 23:10:46 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Request for well-known URI: est
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <520EEC88.8050108@stpeter.im>
Date: Fri, 23 Aug 2013 13:10:45 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <78841B94-DDCB-4B8D-83E9-7693DF29E920@mnot.net>
References: <CE32E9BA.1F636%dharkins@arubanetworks.com> <520EAF60.2010509@stpeter.im> <CALaySJKxr1bxqo554zLQN2ttv=KdBoV4qnOnBaCWVXbX1NrRog@mail.gmail.com> <520EE13B.4020909@stpeter.im> <CALaySJJ6XWH8JNok26C5pv7JM-_6hqBHG1aGxDvKZGdh=erkGw@mail.gmail.com> <520EE500.3080103@stpeter.im> <6.2.5.6.2.20130816200334.0d5a38b0@resistor.net> <520EEC88.8050108@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1508)
Cc: Dan Harkins <dharkins@arubanetworks.com>, draft-ietf-pkix-est@tools.ietf.org, "Max Pritikin \(pritikin\)" <pritikin@cisco.com>, app-ads@tools.ietf.org, Sean Turner <turners@ieca.com>, wellknown-uri-review@ietf.org
X-BeenThere: wellknown-uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Well-Known URI review list <wellknown-uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wellknown-uri-review>, <mailto:wellknown-uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wellknown-uri-review>
List-Post: <mailto:wellknown-uri-review@ietf.org>
List-Help: <mailto:wellknown-uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wellknown-uri-review>, <mailto:wellknown-uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2013 03:10:58 -0000

On 17/08/2013, at 1:22 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:

> I don't think that really helps matters, because it's still unclear
> whether each of the well-known URIs (cacerts, simpleenroll, etc.) needs
> to be added to the registry, whether IANA needs to deny future requests
> that start with "est" (e.g., "/.well-known/estimation") since "the
> syntax of additional path components" (RFC 5785) is not specified, etc.
> If the EST spec is reserving any path component after "est" (as in
> "/.well-known/est/cacerts", "/.well-known/est/arbitraryLabel1/cacerts",
> etc.) then IMHO that needs to be defined in the EST spec. I don't think
> the EST spec is trying to reserve *any* well-known URI that starts with
> "est" but that too isn't clear. I think we all have a sense of what the
> EST spec and RFC 5785 are trying to do in such cases, but it's not
> specified very well in this case or in general.

5785 requires the registered value to "conform to the segment-nz production" defined in the URI specification. It also allows a registration's spec to "contain additional information, such as the syntax of additional path components, query strings and/or fragment identifiers to be appended to the well-known URI".

This means that the registration for "est" controls the path "/.well-known/est/foo" but not ".well-known/estimation".  

I think it'd be a stretch to read it any other way. Could it be more clear? Perhaps, but this is one of the reasons we have expert review.

Cheers,

--
Mark Nottingham   http://www.mnot.net/