Re: [art] Apps Directorate Review of draft-ietf-core-http-mapping-14
"Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com> Mon, 10 October 2016 16:24 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0DFC129464; Mon, 10 Oct 2016 09:24:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.42
X-Spam-Level:
X-Spam-Status: No, score=-6.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5v43p829jhE; Mon, 10 Oct 2016 09:24:30 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB16912952B; Mon, 10 Oct 2016 09:24:29 -0700 (PDT)
Received: from fr712umx4.dmz.alcatel-lucent.com (unknown [135.245.210.45]) by Websense Email Security Gateway with ESMTPS id BE0B8D43D82A6; Mon, 10 Oct 2016 16:24:24 +0000 (GMT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (fr712usmtp2.zeu.alcatel-lucent.com [135.239.2.42]) by fr712umx4.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u9AGOQYR008283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 10 Oct 2016 16:24:27 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id u9AGOQkj024028 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 10 Oct 2016 18:24:26 +0200
Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.21]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0301.000; Mon, 10 Oct 2016 18:24:26 +0200
From: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
To: Larry Masinter <masinter@adobe.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "draft-ietf-core-http-mapping.all@ietf.org" <draft-ietf-core-http-mapping.all@ietf.org>
Thread-Topic: Apps Directorate Review of draft-ietf-core-http-mapping-14
Thread-Index: AQHSHdY4UNfN6agfHEe9Jv2tK3eWqqCh2REA
Date: Mon, 10 Oct 2016 16:24:26 +0000
Message-ID: <D421160B.723C6%thomas.fossati@alcatel-lucent.com>
References: <A5D2FFC5-F6D8-473A-87D4-7C1EEC3AC7B3@adobe.com>
In-Reply-To: <A5D2FFC5-F6D8-473A-87D4-7C1EEC3AC7B3@adobe.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.8.160830
x-originating-ip: [135.239.27.38]
Content-Type: multipart/alternative; boundary="_000_D421160B723C6thomasfossatialcatellucentcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/_rpYf80ULtvLeIiL-cqYComTMso>
X-Mailman-Approved-At: Tue, 11 Oct 2016 08:24:19 -0700
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [art] Apps Directorate Review of draft-ietf-core-http-mapping-14
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 16:24:34 -0000
Hi Larry, Thanks very much for the review, and sorry for the late reply. I have inlined my replies, prefixed with a "[TF]" tag. Cheers, thanks, t From: Larry Masinter <masinter@adobe.com<mailto:masinter@adobe.com>> Date: Tuesday, 4 October 2016 01:28 To: "apps-discuss@ietf.org<mailto:apps-discuss@ietf.org>" <apps-discuss@ietf.org<mailto:apps-discuss@ietf.org>>, "draft-ietf-core-http-mapping.all@ietf.org<mailto:draft-ietf-core-http-mapping.all@ietf.org>" <draft-ietf-core-http-mapping.all@ietf.org<mailto:draft-ietf-core-http-mapping.all@ietf.org>> Cc: "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>> Subject: Apps Directorate Review of draft-ietf-core-http-mapping-14 Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>> Resent-To: Angelo Castellani <angelo@castellani.net<mailto:angelo@castellani.net>>, Salvatore Loreto <salvatore.loreto@ericsson.com<mailto:salvatore.loreto@ericsson.com>>, Akbar Rahman <Akbar.Rahman@interdigital.com<mailto:Akbar.Rahman@interdigital.com>>, Esko Dijk <esko.dijk@philips.com<mailto:esko.dijk@philips.com>>, <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>>, <cabo@tzi.org<mailto:cabo@tzi.org>>, <jaime.jimenez@ericsson.com<mailto:jaime.jimenez@ericsson.com>>, <ben@nostrum.com<mailto:ben@nostrum.com>>, <alissa@cooperw.in<mailto:alissa@cooperw.in>>, <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>, Jaime Jimenez <jaime.jimenez@ericsson.com<mailto:jaime.jimenez@ericsson.com>> Resent-Date: Tuesday, 4 October 2016 01:28 I have been selected as the Applications Area Directorate reviewer for this draft (for background on appsdir, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-core-http-mapping-14 Title: Guidelines for HTTP-to-CoAP Mapping Implementations Reviewer: Larry Masinter Review Date: 3 October 2016 IETF Last Call Date: (past) IESG Telechat Date: 2016-10-13 Summary: lots of clarifications would be useful; could publish as Informational or Experimental with warnings about the extent of ambiguities. Sorry for the late review; it was more complicated than I expected. There’s a lot that doesn’t seem clear to me, but I did look at cited material Major Issues: I think all of the issues raised are relatively minor but easily fixed and worth fixing. Minor issues; Overall, Intro: · Informational vs. standards track update of RFC 7252: While it contains informative implementation advice, it also seems to set normative requirements. But given the state of the document, “Experimental” might be most appropriate. · A reference to RFC 7228 in the intro for terminology might be helpful. [TF] Done · “Representational State Transfer (REST) based architectures such as the Web” a REST reference might help to clarify which REST you mean? Or is there anything here for which “REST” matters? [TF] Done · “It is up to CoAP protocol extensions (new methods, response codes, options, content- formats) to describe their own HTTP mappings, if applicable.” -- how are they supposed to do this? [TF] Either in the document where they are specified, or in a separate document. I don't think it is necessary to be specific about how that happens. As long as it happens :-) · Does this spec apply to HTTP/2 as well as HTTP/1.1 ? [TF] Either. The wire format is not important, the only relevant thing is the HTTP semantics. Specifics by section: · 5.2 Nit: “Proprietary” usually has to do with ownership; the mapping here is “unique” or “private” or “unspecified” [TF] Done · 5.3 For this to work, doesn’t the “HC Proxy URI” need to end in a “/” ? [TF] Not necessarily, e.g., it could also end with a '?'. I think the only restriction is that you can't have a HC Proxy URI that does not have at least one char after the authority. · Does “is always syntactically correct” mean “will result in a syntactically valid http URI” ? [TF] Done · “This is the URI that will then be sent by the HTTP client” but HTTP clients will usually send only the path/query part of the request URL. [TF] You are right. Using "Effective Request URI" (https://tools.ietf.org/html/rfc7230#section-5.5) seems more appropriate here. · 5.3.1 “When found in a Hosting HTTP URI…” I think this is ‘When constructing a Hosting HTTP URI by embedding a Target CoAP URI” since “Target CoAP URI” is defined to use “coap” or “coaps” [TF] Done · I think you either need to change it so “Target CoAP URI” has scheme and initial “://” optional, or else they’re there but you can omit them when filling in the template. [TF] I think we did the latter (in Section 5.4.1). · And how do you know which of coap or coaps was intended? [TF] Sender and receiver have a private agreement in place to make that decision. E.g., coaps URIs could go to one HC Proxy URI, whereas coap to another. · Section 5.3.2 seems to imply that Target CoAP URI is percent-encoded before embedding in the Hosting HTTP URI, but 5.3 Default mapping appends the Target CoAP URI “as-is”. Why only the [] in ipv6 addresses? In any case, not “as-is”. [TF] 5.3.2 says the only things that have to be percent-encoded are the square brackets of the IPv6 literal, not the whole Target CoAP URI. They need to be percent-encoded otherwise the produced URI is syntactically invalid. OTOH, you are right that the current "as-is" is imprecise. I've fixed it. · 5.4 “This will then be used by the HTTP client to construct the URI to be sent in the HTTP request to the HC proxy.” Again, it isn’t the URI that is (usually) sent. [TF] Done · 5.4.1.1 these examples are difficult to read because the white space in the ASCII text isn’t enough to convey the boundaries of the examples. Consider ASCII art. [TF] I agree, and I've tried to improve a bit the situation. But the result is still far from brilliant. The problem is that the resulting URI tends to be long and would not fit in a table column, for example… · 5.4.2 “verbatim” doesn’t cover IPv6 addresses, or where the scheme is omitted. [TF] Here verbatim refers to path and query. So it should be OK. · 5.5 talks about “HTTP origin” without reference to what it means (I’m guessing having to do with same-origin policy). [TF] Done · 5.5.1 OK “Req” means “Request” and “Res” means “Response”, and the first two examples are of coap traffic while the rest are HTTP. The Content-Lengths are 1 short: </hc/>;rt=”core.hc” has 19 characters [TF] Well spotted, thanks! · 6.1 why don’t you need “some form of access control” even when strictly mapping content-types? [TF] The idea is that the "[…] access control" is specific to that attack vector. But you are right that as it's written at the moment it is confusing. I guess I could just remove the sentence. · 6.3 table 1 column 1 entries are “Internet media type pattern” since the entries aren’t Internet Media Types. [TF] Done · 6.4 the mapping algorithm uses an IANA-maintained table, “CoAP Content-Formats”, as established by Section 12.3 of …. It doesn’t use the chart from Section 12.3 [TF] Done · Note that “Accept” headers are not simple content-type values yet you’ve not shown how to translate those values or match. [TF] You are right. That aspect is currently under-specified. · The pseudo-code in 6.4 seems like notes and undefined notation. [TF] Is there any established pseudo-code format that I can look at? · 6.5.2 CoRE Link Format seems incomplete. Which agents / nodes are affected by this? What is the purpose of this section? [TF] The discussion about link-format transcoding has popped up more than once in the working group. 6.5.2 should give a bunch of reasons why it's not a good idea. · 10 When content-type is mapped, there is a risk that the content with the destination type would have malware not active in the source type [TF] Right, done.
- [art] Apps Directorate Review of draft-ietf-core-… Larry Masinter
- Re: [art] Apps Directorate Review of draft-ietf-c… Fossati, Thomas (Nokia - GB)