IETF Logo Mail Archive

Re: [apps-discuss] Kathleen Moriarty's Discuss on draft-ietf-appsawg-json-merge-patch-06: (with DISCUSS)

James M Snell <jasnell@gmail.com> Mon, 18 August 2014 21:02 UTC

Return-Path: <jasnell@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F621A6F7A; Mon, 18 Aug 2014 14:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jebLah1mrZ8C; Mon, 18 Aug 2014 14:02:32 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A66B81A0194; Mon, 18 Aug 2014 14:02:31 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id pi18so5073754lab.23 for <multiple recipients>; Mon, 18 Aug 2014 14:02:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=2u6WH9jI8KasR00lmBZxIC/Ji/Dx47ITOuTDfRiLjFw=; b=TcTiQA/SFOwKU2HTlhdQ40u/+DkOlg5F1lcOHcQNefTkSUJE27REpzaaYt8QApdwAn dLk6M24XBg6cJzh5RFOHjGE8k/g6L2qgLCFgChU9UKuEjwomN9a1QUXW3OYOI8d+SyKU j3ZA5fUUEBKYwagZzyFAAjkgtLDXIhycKzGDBwoYtJNytpp95oAbWlzUzdLDRNfiY26H R0b4kTNTbae55xLEOb1GR1Ynd9CvIYptWsLogp9fs3MePejf/t3rbNETS9o7huXgHr5r AWWcQxo+EpfEXvRLYvQCGu1dPsfjXxbhsRqjJvs2apBw7pjIonlvwM9COS4s0+g1XYKy 7vOg==
X-Received: by 10.152.3.199 with SMTP id e7mr32142090lae.35.1408395749963; Mon, 18 Aug 2014 14:02:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.112.29.166 with HTTP; Mon, 18 Aug 2014 14:02:09 -0700 (PDT)
In-Reply-To: <20140818205813.25342.9189.idtracker@ietfa.amsl.com>
References: <20140818205813.25342.9189.idtracker@ietfa.amsl.com>
From: James M Snell <jasnell@gmail.com>
Date: Mon, 18 Aug 2014 14:02:09 -0700
Message-ID: <CABP7Rberby5wggdUje=XrTFFHGbhE__AL9phuQbnemkDdd5aWw@mail.gmail.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/TCrGlGiwsecfw_zGIS-CmLaNEPQ
Cc: draft-ietf-appsawg-json-merge-patch@tools.ietf.org, "appsawg-chairs@tools.ietf.org" <appsawg-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Kathleen Moriarty's Discuss on draft-ietf-appsawg-json-merge-patch-06: (with DISCUSS)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 21:02:34 -0000

In the case of using Merge-Patch with the HTTP Patch method,
"validation" would typically occur using the Conditional HTTP Request
Mechanisms (ETags and If-Match/If-None-Match). These aren't fool
proof, of course, but they provide a Good Enough approximation. If
someone needed something more rigorous, they could layer it in.

- James

On Mon, Aug 18, 2014 at 1:58 PM, Kathleen Moriarty
<Kathleen.Moriarty.ietf@gmail.com> wrote:
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-appsawg-json-merge-patch-06: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-appsawg-json-merge-patch/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> The draft looks very good and the security considerations in RFC5789
> cover most of the bases I would be concerned with.  I do have a question
> I'd like to discuss to see if it applies or not.
>
> Normally, in other spaces patches are validated and that might be as
> simple as making sure the hash of the patch provided by the source
> matches the value you calculated (not corrupted, *should* be from the
> source you think it's from).  I don't see any mention of this practice,
> is there a reason for that or should it be added?  Maybe it's not
> possible because of how the patch is delivered over HTTP, but I figured
> it was worth flagging to discuss quickly.
>
>
>
>

v2.23.0 | Report a Bug | By Email