Re: Request for well-known URI: est

Mark Nottingham <> Fri, 23 August 2013 03:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2A22611E8197 for <>; Thu, 22 Aug 2013 20:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -104.279
X-Spam-Status: No, score=-104.279 tagged_above=-999 required=5 tests=[AWL=-1.680, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8--WW6O0VLzh for <>; Thu, 22 Aug 2013 20:10:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 846BB11E81A2 for <>; Thu, 22 Aug 2013 20:10:49 -0700 (PDT)
Received: from (unknown []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 8184B50A86; Thu, 22 Aug 2013 23:10:46 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: Request for well-known URI: est
From: Mark Nottingham <>
In-Reply-To: <>
Date: Fri, 23 Aug 2013 13:10:45 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <>
To: Peter Saint-Andre <>
X-Mailer: Apple Mail (2.1508)
Cc: Dan Harkins <>,, "Max Pritikin \(pritikin\)" <>,, Sean Turner <>,
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Well-Known URI review list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Aug 2013 03:10:58 -0000

On 17/08/2013, at 1:22 PM, Peter Saint-Andre <> wrote:

> I don't think that really helps matters, because it's still unclear
> whether each of the well-known URIs (cacerts, simpleenroll, etc.) needs
> to be added to the registry, whether IANA needs to deny future requests
> that start with "est" (e.g., "/.well-known/estimation") since "the
> syntax of additional path components" (RFC 5785) is not specified, etc.
> If the EST spec is reserving any path component after "est" (as in
> "/.well-known/est/cacerts", "/.well-known/est/arbitraryLabel1/cacerts",
> etc.) then IMHO that needs to be defined in the EST spec. I don't think
> the EST spec is trying to reserve *any* well-known URI that starts with
> "est" but that too isn't clear. I think we all have a sense of what the
> EST spec and RFC 5785 are trying to do in such cases, but it's not
> specified very well in this case or in general.

5785 requires the registered value to "conform to the segment-nz production" defined in the URI specification. It also allows a registration's spec to "contain additional information, such as the syntax of additional path components, query strings and/or fragment identifiers to be appended to the well-known URI".

This means that the registration for "est" controls the path "/.well-known/est/foo" but not ".well-known/estimation".  

I think it'd be a stretch to read it any other way. Could it be more clear? Perhaps, but this is one of the reasons we have expert review.


Mark Nottingham