RE: Last Call: draft-nottingham-site-meta (Defining Well-Known URIs) to Proposed Standard

[Eran Hammer-Lahav <eran at hueniverse.com>]

> -----Original Message-----
> From: apps-discuss-bounces at ietf.org [mailto:apps-discuss-
> bounces at ietf.org] On Behalf Of Barry Leiba
> Sent: Monday, October 19, 2009 6:12 PM
> To: Mark Nottingham
> Cc: apps-discuss at ietf.org
> Subject: Re: Last Call: draft-nottingham-site-meta (Defining Well-Known
> URIs) to Proposed Standard
> 
> > Do people find this interesting? To specify it, we'd just need to
> describe a
> > format (e.g., a space-separated list of tokens).
> >
> >> Depending on how the server is configured a query to
> >> http://example.com/.well-known/ might return the list of files in
> that
> >> directory. It might be nice to actually encourage that. The only
> downside I
> >> see is that it might make it easier for an attacker to find out what
> you run
> >> and know what to exploit, but without that the attacker could still
> play 20
> >> questions and find out.
> 
> I like it.  I understand Eran's issue, but I don't see the point in
> waiting before making the specification.

You can go ahead and do it right now. I personally don't have any use case for it, and I don't think it will be very useful for a while. If anything, I am working on a proposal that will provide a generically useful document for more protocols under /.well-known. I just don't think there is compelling reason to use the directory itself as the way to get the list of documents (considering the deployment challenges).

EHL