Re: [art] Against BCP 190

Rob Sayre <sayrer@gmail.com> Tue, 23 July 2019 06:59 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D881202CB for <art@ietfa.amsl.com>; Mon, 22 Jul 2019 23:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UnbZdDDvAEQ for <art@ietfa.amsl.com>; Mon, 22 Jul 2019 23:59:07 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0852120155 for <art@ietf.org>; Mon, 22 Jul 2019 23:59:07 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id j6so4447590ioa.5 for <art@ietf.org>; Mon, 22 Jul 2019 23:59:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yF+i4Oyf+lscdxhjkIBQ7lnFHk683GD0QZ1J/M3l5BI=; b=GoEVZHVIYdj2j6aUp1VPFUG/MG/j+/2RIpyA+N1GIeCtT00HT1m0ZSmGW8tQzRXJ83 MyKTR7ES/z7s2WyY7UYDU80U3k317XrQwIi6Cfha0qyV+S7bEgscmJhp7PoG1wTSTEvy QT4tIWVra+HLYHSGyque64cFIGZT49pHKG8pOOk7eubu1Y3T2DaomBTjrpf/iLjmy3CB gjT9G1G1OG06bN42Th+YrNrwvc/NJJzW1+YzpB+NOHW9kjsZ18eQr4cMXK+PknO3trkv LZ1m3bBawr0KrlQsKTrw8fAWo6KwzdMCsDKJxaNTDj4JEwuLKoux4DVYK4CVQc2mRGZN 88Zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yF+i4Oyf+lscdxhjkIBQ7lnFHk683GD0QZ1J/M3l5BI=; b=Moo6DaKk6kcQtMK8c9PzpMKYH5aITOyDE6GmXUAj/04x0BMfLCd2kCI9lSibxoVgEK uwht+5Jz/GNm6ZHAEN2VwdZZt8RIPdqa7Vz8ip4OKiZLtIrCNdTuzYh8n6WEA+Ug9RuB btRPt5qCOz/TynomeXgyX+tr0iuOeEfmUukIlTqFTlCfsWegBNUMBXFucCE3EJP1KIpS PJAQuyTk7czeFy9zOW16cQJh6d/FMdYdzZ9BAmq6zpdRODNWNs8uz7dsCycdMIHWR4z3 R7eRiE5I9OnXHQayTc5iwbH7d6Qu4+S/AIFHJj9DLEGSzR0+zViNR9Oy88cjr/9vtlmG KkNw==
X-Gm-Message-State: APjAAAX63RSDnDv3F7dKTHEqQGHcp1BJGhhyjqnfHJgdkUX2y3Bt1oUQ z6sRq+PD4KEFHwegrj2YaABCj1UmkoA0sD2V8UM=
X-Google-Smtp-Source: APXvYqzwB7yxzylHen/cz0PEL4eiya+teKXUPxXB9oWo+XsxUXTFCWNjYJqCsPAwNSK2cgiA5iC+fCALqGIbXrg0DUI=
X-Received: by 2002:a02:13c3:: with SMTP id 186mr76026881jaz.30.1563865146777; Mon, 22 Jul 2019 23:59:06 -0700 (PDT)
MIME-Version: 1.0
References: <791b33b8-4696-f69c-aca3-8838b2caafd8@sectigo.com> <CAChr6SyYB9mHAx+AQSTVQvb2g5FvAD03KQ_Ta7=RH+6Pt8dKrw@mail.gmail.com>
In-Reply-To: <CAChr6SyYB9mHAx+AQSTVQvb2g5FvAD03KQ_Ta7=RH+6Pt8dKrw@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 22 Jul 2019 23:58:55 -0700
Message-ID: <CAChr6Sza8u8oyCsDUDJzNbRFqMjeoR5zLz5YmoUUMTrXKUgK6w@mail.gmail.com>
To: Rob Stradling <rob@sectigo.com>
Cc: "art@ietf.org" <art@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ce452058e53ba26"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/Fs0rV8zfd5C5QI7oFLdcb1xWyzU>
Subject: Re: [art] Against BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 06:59:14 -0000

On Mon, Jul 22, 2019 at 10:54 PM Rob Sayre <sayrer@gmail.com> wrote:

> On Fri, Jul 12, 2019 at 9:46 AM Rob Stradling <rob@sectigo.com> wrote:
>
>> ...since all modern
>> web servers can trivially rewrite paths to query components and back
>> again.
>>
>
> I don't think this assertion is correct. Query components don't reflect a
> hierarchy, they are unordered, and can be repeated. They can be rewritten
> to and from path segments, but not in a way that preserves their semantics.
>

Trying to be more constructive, I think the issue is that it's true that
you can write a seemingly-simple API that treats an entire host or path
below a certain level as opaque.

Enacting "simple" rules of that sort can cause problems as different HTTP
APIs coexist under one host, each with their own reserved suffixes, paths,
or query parameters. At the very least, you've prevented the host from
delegating its path space (say, for usernames). At worst, you've forced it
into using different hostnames, and taking on all of the associated DNS
latency and confidentiality issues.

It doesn't seem like writing a BCP190-compliant API is complex, but the
evidence does show that it's not the first avenue people think of.

thanks,
Rob