Re: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 20 March 2012 23:59 UTC
Return-Path: <msk@cloudmark.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 301AE21F84B3 for <apps-discuss@ietfa.amsl.com>; Tue, 20 Mar 2012 16:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-cwejRlwxJL for <apps-discuss@ietfa.amsl.com>; Tue, 20 Mar 2012 16:58:59 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.25]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8BC21F8453 for <apps-discuss@ietf.org>; Tue, 20 Mar 2012 16:58:59 -0700 (PDT)
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by EXCH-HTCAS901.corp.cloudmark.com ([fe80::2966:6846:8d89:4681%12]) with mapi id 14.01.0355.002; Tue, 20 Mar 2012 16:58:58 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Thread-Topic: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
Thread-Index: AQHM+zSl3R1Ur6zXPEClJ5AyVkiELpZz6yzQ
Date: Tue, 20 Mar 2012 23:58:57 +0000
Message-ID: <9452079D1A51524AA5749AD23E003928094CEB@exch-mbx901.corp.cloudmark.com>
References: <503575970.11554@cnnic.cn> <4A10020DB6464A0BBA535BF75D21A9D9@LENOVO47E041CF>
In-Reply-To: <4A10020DB6464A0BBA535BF75D21A9D9@LENOVO47E041CF>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.20.2.121]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 23:59:00 -0000
> -----Original Message----- > From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of Jiankang YAO > Sent: Monday, March 05, 2012 5:01 PM > To: apps-discuss@ietf.org > Cc: appsawg-chairs@tools.ietf.org > Subject: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt > > Dear colleagues, > > This message starts a two-week WGLC on the draft draft-ietf-appsawg- > about-uri-scheme-03.txt. > > Please help to review this draft. If you support publication, please > state as much on the list. If you are opposed to publication, please > state that on the list as well. It is more/only helpful if you give > your reasons for your position as part of your statement. > > Pls send your comments to apps-discuss@ietf.org or appsawg- > chairs@tools.ietf.org or editors. > > The WGLC will end on March 20, 2012 at 1:00 UTC. This is coming in a bit late, and apologies for that (and shame on me for complaining about other people who come in late on my drafts!), but the points should be easily resolved. [Relatively] Major Issues: In Section 4.2, you talk about the Intended Usage field of the registration being "what they must be resolved to, if resolvable." Why would you allow registration of something that can't resolve to something? Section 4.2 also talks about referencing a document that allows one to create an "interoperable" implementation of the "about" URI being registered. I know we talked about this in the WG, but a new reader might well ask "interoperable with what?" You might want to answer that question before the IESG asks it. :-) [Relatively] Minor Issues: I'm not so sure about use of RFC2119 language in the IANA Considerations section. You're not really describing interoperability requirements with IANA. [Absolutely] Nits: All of these are either reductions of overly-wordy text or fixes to minor grammar nits, or both. Section 1: OLD scheme, that is currently widely used by Web browsers and some other NEW scheme, which is currently widely used by Web browsers and some other Also, I'm not sure that "Web" is a proper noun, so it should probably be "web". OLD The concept of "about" URIs has been formed at the times when the applications did not have the "friendly" user interface, in order to provide an access to the aforementioned resources via typing the URIs in the address bar. Even though the user interface of current Internet-targeted software effectively rescinds the issue, and "about" URIs can be thought to be a rudimentary phenomenon, they are still supported by a variety of Web browsers and are not going to cease to exist. As use of "about" URIs has been quiet long-lasting, and the URIs have been used without any proper registration and absent any proper specification, the necessity for the latter two actions arises. The purpose of this document is to provide a stable specification for "about" URI scheme and correspondingly register it in the IANA registry. Along, several provisions for handling the "about" URIs Are set. NEW The concept of "about" URIs formed when applications did not have a "friendly" user interface, to enable access to the aforementioned resources by typing URIs into an address bar or similar feature. They have however become commonplace in modern user applications. Given their current ubiquity, their absence from the URI scheme registry and lack of a defining document is conspicuous. Therefore, this document provides a stable specification for the "about" URI scheme and registers it with IANA. Section 2.2: OLD Generally speaking, the resource a particular "about" URI resolves to is denoted by <about-token> part of the URI, and <about-query> specifies additional information concerning its handling and/or the information that should be returned in the resource a URI is resolved to. However, it is impossible to specify binding between all the possible tokens and the semantics of "about" URIs that would contain such tokens, which this document does not attempt to do. Therefore, any application resolving an "about" URI MAY choose the resource it is resolved to at its own discretion, with the exception of those defined below as 'special-purpose "about" URIs'. They MAY use internal redirection to accomplish this (for instance, Opera redirects all "about" URIs except "about:blank" to its internal "opera" URIs). NEW Generally speaking, the resource to which a particular "about" URI resolves is denoted by <about-token> part of the URI, and <about-query> specifies additional information concerning its handling and/or the information that should be returned in the resource to which the URI resolves. However, it is impossible to specify a binding between all the possible tokens and the semantics of "about" URIs that would contain such tokens. Therefore, the resource referenced by the URI is application-specific, except for those listed below as 'special-purpose "about" URIs'. Applications MAY use internal redirection to accomplish this (for instance, the Opera web browser redirects all "about" URIs except "about:blank" to its internal "opera" URIs). Section 2.2.1: OLD A small, though expandable, range of <about-token>s are reserved for special purposes ("special-purpose tokens"). NEW A small, though extensible, range of <about-token>s is reserved for Special purposes ("special-purpose tokens"). OLD Additional special-purpose tokens can be defined by registering an registry created in Section 4.2. Special-purpose "about" URIs are intended to be uncommon, and new ones should be defined only when there is a need to strongly connect a particular <about-token> with a particular function in all applications. NEW Additional special-purpose tokens can be defined by updating the registry created in Section 4.2. Special-purpose "about" URIs are intended to be uncommon, and new ones only need to be defined when there is a need to strongly connect a particular <about-token> with a particular function in all applications. Section 3: OLD Generic security considerations for URIs are discussed in Section 7 of RFC 3986 [RFC3986]. However, many of those provisions hardly apply to "about" URI scheme, as they are mainly scoped to schemes used in the Internet, not internally. "about" URIs may sometimes refer to a sensitive information, such as user passwords stored in a cache, or parameter that, if changed, may affect user's data. The application should therefore ensure that user's data is in the safety, and no threats are imposed by "about" URIs. NEW Generic security considerations for URIs are discussed in Section 7 of RFC 3986 [RFC3986]. However, few of those provisions apply to the "about" URI scheme, as they are mainly scoped to schemes used in the Internet, not internally. "about" URIs can sometimes refer to a sensitive information, such as user passwords stored in a cache, or parameters that, if changed, could affect user's data. The application therefore needs to ensure that the user's data is secured, and no threats are imposed by "about" URIs. Section 4.2: OLD o Intended usage: A short description of how "about" URIs with the registered token must be handled; especially, what they must be resolved to, if resolvable. o Handling query component: It should be mentioned whether there are some provisions on handling query components in the "about" URIs with the registered token. o Contact/Change controller: An individual or an organization which (1) should be contacted for more details, and (2) is authorized to change the registration. o Specification. This provides documentation at a level that could be used to create a compliant, interoperable implementation of the registered "about" URI. The reference to a full specification MUST be provided here, and there should be a reasonable expectation that the documentation will remain available. IANA will consult with the IESG or its specified delegate if there is doubt about whether the specification is adequate for the purpose. The following is a template for "blank" token: NEW o Intended usage: A short description of how "about" URIs with the registered token must be handled; especially, to what resource they are to resolve. o Handling query component: Describe any requirements for handling query components in "about" URIs that contain the registered token. o Contact/Change controller: An individual or an organization that (1) should be contacted for more details, and (2) is authorized to change the registration. o Specification. A permanent reference to a specification that can be used to create a compliant, interoperable implementation of the registered "about" URI. IANA will consult with the IESG or its specified delegate if there is doubt about whether the specification is adequate for this purpose. The following is a template for the "blank" token: -MSK
- [apps-discuss] WGLC: draft-ietf-appsawg-about-uri… Jiankang YAO
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… t.petch
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Murray S. Kucherawy
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Barry Leiba
- [apps-discuss] Use of RFC 2119, Re: WGLC: draft-i… Julian Reschke
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Murray S. Kucherawy
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Mykyta Yevstifeyev
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Mykyta Yevstifeyev
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Barry Leiba
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Julian Reschke
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Mykyta Yevstifeyev
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-about… Alexey Melnikov
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Larry Masinter
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Barry Leiba
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Alexey Melnikov
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Barry Leiba
- Re: [apps-discuss] Use of RFC 2119, Re: WGLC: dra… Ned Freed