Request for advice

Paul Millar <> Wed, 10 February 2016 12:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id DC1591A2182 for <>; Wed, 10 Feb 2016 04:14:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.349
X-Spam-Status: No, score=0.349 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lNtpBxdcXOFA for <>; Wed, 10 Feb 2016 04:14:47 -0800 (PST)
Received: from ( [IPv6:2001:638:700:1038::1:9c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4E7561A2119 for <>; Wed, 10 Feb 2016 04:14:46 -0800 (PST)
X-Clacks-Overhead: GNU Terry Pratchett
Received: from ( []) by (DESY-O-3) with ESMTP id CEC3A2808A6 for <>; Wed, 10 Feb 2016 13:14:44 +0100 (CET)
Received: from ( []) by (DESY_MAP_3) with ESMTP id C173C2AB3 for <>; Wed, 10 Feb 2016 13:14:44 +0100 (MET)
Received: from ( by (Clearswift SMTPRS 5.5.0) with ESMTP id <> for <>; Wed, 10 Feb 2016 13:14:45 +0100
Received: from [] ( []) by (DESY-INTRA-1) with ESMTP id 673523E903 for <>; Wed, 10 Feb 2016 13:14:44 +0100 (MET)
From: Paul Millar <>
Subject: Request for advice
Message-ID: <>
Date: Wed, 10 Feb 2016 13:14:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Well-Known URI review list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Feb 2016 12:14:50 -0000


I am working within a small team devising a new HTTP-based protocol.  We 
hope to use a /.well-known URI and register this protocol with IANA.

The protocol involves the client issuing a POST request to the server 
and receiving some information back; i.e., this is not a lookup (GET or 
HEAD) request.

As I see it, there are two options:

a.	client issues POST requests directly to a well-known
	endpoint; e.g., /.well-known/<foo>

b.	client issues GET request to /.well-known/<foo-discovery>
	endpoint.  The response describes the location of <foo>.
	The client makes POST request to that URI.

Option a. has some advantages in terms of latency and reduced 
complexity; however, it seems from RFC 5785 that the latter option is 
more in line with the intended use of /.well-known.  Option b. is also 
the approach taken by most other registrants (e.g., OpenID-Configuration)

Would both approach be acceptable, or should we focus on option b. ?