IETF Logo Mail Archive

Re: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 20 March 2012 23:59 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 301AE21F84B3 for <apps-discuss@ietfa.amsl.com>; Tue, 20 Mar 2012 16:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-cwejRlwxJL for <apps-discuss@ietfa.amsl.com>; Tue, 20 Mar 2012 16:58:59 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.25]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8BC21F8453 for <apps-discuss@ietf.org>; Tue, 20 Mar 2012 16:58:59 -0700 (PDT)
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by EXCH-HTCAS901.corp.cloudmark.com ([fe80::2966:6846:8d89:4681%12]) with mapi id 14.01.0355.002; Tue, 20 Mar 2012 16:58:58 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Thread-Topic: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
Thread-Index: AQHM+zSl3R1Ur6zXPEClJ5AyVkiELpZz6yzQ
Date: Tue, 20 Mar 2012 23:58:57 +0000
Message-ID: <9452079D1A51524AA5749AD23E003928094CEB@exch-mbx901.corp.cloudmark.com>
References: <503575970.11554@cnnic.cn> <4A10020DB6464A0BBA535BF75D21A9D9@LENOVO47E041CF>
In-Reply-To: <4A10020DB6464A0BBA535BF75D21A9D9@LENOVO47E041CF>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.20.2.121]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 23:59:00 -0000

> -----Original Message-----
> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of Jiankang YAO
> Sent: Monday, March 05, 2012 5:01 PM
> To: apps-discuss@ietf.org
> Cc: appsawg-chairs@tools.ietf.org
> Subject: [apps-discuss] WGLC: draft-ietf-appsawg-about-uri-scheme-03.txt
> 
> Dear colleagues,
> 
> This message starts a two-week WGLC on the draft draft-ietf-appsawg-
> about-uri-scheme-03.txt.
> 
> Please help to review this draft.  If you support publication, please
> state as much on the list.  If you are opposed to publication, please
> state that on the list as well.  It is more/only helpful if you give
> your reasons for your position as part of your statement.
> 
> Pls send your comments to apps-discuss@ietf.org or appsawg-
> chairs@tools.ietf.org or editors.
> 
> The WGLC will end on March 20, 2012 at 1:00 UTC.

This is coming in a bit late, and apologies for that (and shame on me for complaining about other people who come in late on my drafts!), but the points should be easily resolved.

[Relatively] Major Issues:

In Section 4.2, you talk about the Intended Usage field of the registration being "what they must be resolved to, if resolvable."  Why would you allow registration of something that can't resolve to something?

Section 4.2 also talks about referencing a document that allows one to create an "interoperable" implementation of the "about" URI being registered.  I know we talked about this in the WG, but a new reader might well ask "interoperable with what?"  You might want to answer that question before the IESG asks it.  :-)

[Relatively] Minor Issues:
I'm not so sure about use of RFC2119 language in the IANA Considerations section.  You're not really describing interoperability requirements with IANA.

[Absolutely] Nits:
All of these are either reductions of overly-wordy text or fixes to minor grammar nits, or both.

Section 1:

	OLD
		scheme, that is currently widely used by Web browsers and some other

	NEW
		scheme, which is currently widely used by Web browsers and some other

Also, I'm not sure that "Web" is a proper noun, so it should probably be "web".

	OLD
		The concept of "about" URIs has been formed at the times when the
		applications did not have the "friendly" user interface, in order to
		provide an access to the aforementioned resources via typing the URIs
		in the address bar.  Even though the user interface of current
		Internet-targeted software effectively rescinds the issue, and
		"about" URIs can be thought to be a rudimentary phenomenon, they are
		still supported by a variety of Web browsers and are not going to cease
		to exist.

		As use of "about" URIs has been quiet long-lasting, and the URIs have
		been used without any proper registration and absent any proper
		specification, the necessity for the latter two actions arises.
		The purpose of this document is to provide a stable specification for
		"about" URI scheme and correspondingly register it in the IANA
		registry.  Along, several provisions for handling the "about" URIs
		Are set.

	NEW
		The concept of "about" URIs formed when applications did not have a
		"friendly" user interface, to enable access to the aforementioned
		resources by typing URIs into an address bar or similar feature.
		They have however become commonplace in modern user applications.

		Given their current ubiquity, their absence from the URI scheme
		registry and lack of a defining document is conspicuous.  Therefore,
		this document provides a stable specification for the "about"
		URI scheme and registers it with IANA.

Section 2.2:

	OLD

		Generally speaking, the resource a particular "about" URI resolves to
		is denoted by <about-token> part of the URI, and <about-query>
		specifies additional information concerning its handling and/or the
		information that should be returned in the resource a URI is resolved
		to.

		However, it is impossible to specify binding between all the possible
		tokens and the semantics of "about" URIs that would contain such
		tokens, which this document does not attempt to do.  Therefore, any
		application resolving an "about" URI MAY choose the resource it is
		resolved to at its own discretion, with the exception of those
		defined below as 'special-purpose "about" URIs'.  They MAY use
		internal redirection to accomplish this (for instance, Opera
		redirects all "about" URIs except "about:blank" to its internal
		"opera" URIs).

	NEW

		Generally speaking, the resource to which a particular "about" URI resolves
		is denoted by <about-token> part of the URI, and <about-query>
		specifies additional information concerning its handling and/or the
		information that should be returned in the resource to which the URI
		resolves.

		However, it is impossible to specify a binding between all the possible
		tokens and the semantics of "about" URIs that would contain such
		tokens.  Therefore, the resource referenced by the URI is
		application-specific, except for those listed below as 'special-purpose
		"about" URIs'.  Applications MAY use internal redirection to accomplish
		this (for instance, the Opera web browser redirects all "about" URIs except
		"about:blank" to its internal "opera" URIs).

Section 2.2.1:

	OLD

		A small, though expandable, range of <about-token>s are reserved for
		special purposes ("special-purpose tokens").

	NEW

		A small, though extensible, range of <about-token>s is reserved for
		Special purposes ("special-purpose tokens").

	OLD

		Additional special-purpose tokens can be defined by registering an
		registry created in Section 4.2. Special-purpose "about" URIs are
		intended to be uncommon, and new ones should be defined only when
		there is a need to strongly connect a particular <about-token> with a
		particular function in all applications.

	NEW

		Additional special-purpose tokens can be defined by updating the
		registry created in Section 4.2. Special-purpose "about" URIs are
		intended to be uncommon, and new ones only need to be defined when
		there is a need to strongly connect a particular <about-token> with a
		particular function in all applications.

Section 3:

	OLD

		Generic security considerations for URIs are discussed in Section 7
		of RFC 3986 [RFC3986].  However, many of those provisions hardly
		apply to "about" URI scheme, as they are mainly scoped to schemes
		used in the Internet, not internally.

		"about" URIs may sometimes refer to a sensitive information, such as
		user passwords stored in a cache, or parameter that, if changed, may
		affect user's data.  The application should therefore ensure that
		user's data is in the safety, and no threats are imposed by "about"
		URIs.

	NEW

		Generic security considerations for URIs are discussed in Section 7
		of RFC 3986 [RFC3986].  However, few of those provisions
		apply to the "about" URI scheme, as they are mainly scoped to schemes
		used in the Internet, not internally.

		"about" URIs can sometimes refer to a sensitive information, such as
		user passwords stored in a cache, or parameters that, if changed, could
		affect user's data.  The application therefore needs to ensure that
		the user's data is secured, and no threats are imposed by "about"
		URIs.

Section 4.2:

	OLD

		o Intended usage:  A short description of how "about" URIs with the
		  registered token must be handled; especially, what they must be
		  resolved to, if resolvable.

		o Handling query component:  It should be mentioned whether there are
		  some provisions on handling query components in the "about" URIs
		  with the registered token.

		o Contact/Change controller:  An individual or an organization which
		  (1) should be contacted for more details, and (2) is authorized to
		  change the registration.

		o Specification.  This provides documentation at a level that could
		  be used to create a compliant, interoperable implementation of the
		  registered "about" URI.  The reference to a full specification MUST
		  be provided here, and there should be a reasonable expectation that
		  the documentation will remain available.  IANA will consult with
		  the IESG or its specified delegate if there is doubt about whether
		  the specification is adequate for the purpose.

		The following is a template for "blank" token:

	NEW
		o Intended usage:  A short description of how "about" URIs with the
		  registered token must be handled; especially, to what resource
		  they are to resolve.

		o Handling query component:  Describe any requirements for handling
	        query components in "about" URIs that contain the registered
		  token.

		o Contact/Change controller:  An individual or an organization that
		  (1) should be contacted for more details, and (2) is authorized to
		  change the registration.

		o Specification.  A permanent reference to a specification that can
		  be used to create a compliant, interoperable implementation of the
		  registered "about" URI.  IANA will consult with
		  the IESG or its specified delegate if there is doubt about whether
		  the specification is adequate for this purpose.

		The following is a template for the "blank" token:

-MSK

v2.23.0 | Report a Bug | By Email