Re: [art] [Last-Call] Artart last call review of draft-ietf-jmap-contacts-06
Rob Sayre <sayrer@gmail.com> Wed, 03 April 2024 05:06 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBCDC15106E; Tue, 2 Apr 2024 22:06:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0dix3Zmkcch; Tue, 2 Apr 2024 22:05:58 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3440DC14F74A; Tue, 2 Apr 2024 22:05:58 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-56c197d042fso6994480a12.0; Tue, 02 Apr 2024 22:05:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712120756; x=1712725556; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=e2lShhefdMRY9kPrbTMrOPoR5S75+mJUsWt+pdIZVgI=; b=Nod1hK83FktEkxjBl/fX2cZVkm3H5DeGkhX8Wx4YPDtbhrqol8tnUTwIb78jPFr2lY 6cN8iQydOgDTFDQOSRQO9/540zoxaYIK4W8AGeke/JAQ/KU7AgUN1eNRfNbJCW5OCYPY EbFunkdNNKxuQ3bjgyG7NOrbUIhYFXK4hj7Qm9O5dNLgqPm9Om4X9KrGPJ7AW+X0aMWQ ipZlyv4LJIPrD+ldgSjaDDLglkiNfMwQXXAMo1PyR5isN69w7cS3BQGFpjtcB/NJUWC7 ZsenLQet/qJfetaibCXzamUh4hj5ZFADAIH2OF5WTuNRHAc8AVfAI6bJzUTmL808MWMY Mrow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712120756; x=1712725556; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e2lShhefdMRY9kPrbTMrOPoR5S75+mJUsWt+pdIZVgI=; b=tFeO5wjj5Ggkcl1UAQJk6aBOfwybCOTZJFvHde2dOmNQ/TlW7a7QuWJdQp9kls7lQF +gEdgfDHaFAyqZF1b8CWYRzveYo5iZ5+l4v/kHIJK2aC4Oc7ysZeq94/1BqKmsBmq1LO CKEqxXQr2FoQRUq3vHWzAxrPAv4UVNxMcKQA3z88XNzz/BoLb4PXQnVfMQt8eOqjwDr1 pZYafiRx0nFwhrJfyOB0I9bbtdNhZRi3weGFDOyOPPEEm8AjORZKiQZYgjNmv6hn3kde /PBg5IrUEiCc8d2Q0qpNHiK/qa6r6x/CO8w0GBzHzDPa66pSo0dCF0Br9HAa3bd3pDhw df/g==
X-Forwarded-Encrypted: i=1; AJvYcCUn+GXLGs1J6CJKfVE52uw0cw84LnBKLVYICuTbhkEm0aceT8qTPFi6QI6kyVfE0TIYfSmpy6GBSQ8PjKXBdBmI+DUVSPzTDHxpxImeAL8U2B9ERRIacTlmjrSmNdGNCzdhdJ0HkckY8UyE7r1trnyTGPwVRYoJDEv4sCw1OksvC92qFpdPhA==
X-Gm-Message-State: AOJu0YwFHLbz2We4GTqJCkhi3AbFwdUQjLr8iE+T2UI/yd/1M0Yu4M7a fdDgCTFDprwws7r/PMC4hqcNm5XSsG7DGo9mLeV7hIjP1C3fFA3wuxQgolo9n5FXo3I8O9MRisi KaGWoQuR6f+Qg1206o3rxis7JlTs=
X-Google-Smtp-Source: AGHT+IFL4Ph0PXLdu0wnfPhJBKM4c775RjotX3/7VdbOht98ueEXMMs3/BZiNXGRIwjlKwr/ZYemwoa3bPXEFo/6qbE=
X-Received: by 2002:a05:6402:2806:b0:566:4a85:ceba with SMTP id h6-20020a056402280600b005664a85cebamr10283149ede.1.1712120756061; Tue, 02 Apr 2024 22:05:56 -0700 (PDT)
MIME-Version: 1.0
References: <171112316193.8644.5801107423421446407@ietfa.amsl.com> <1C02FE5D-624B-4BBE-A7F3-91EDF54CDE4F@tzi.org> <b5fac088-9eb3-4ede-a266-f943aeaab076@stpeter.im> <4E9A8148-9EFE-4448-B94E-96FBDB6A2B9A@tzi.org> <06c317c8-8d14-4d78-a4c9-9c44cfc3ec31@stpeter.im> <03ef2b74-19d2-43c1-9c5b-b0aa315c8738@dogfoodapp.fastmail.com> <5c10be7c-8913-46f5-a0bd-e28102624d88@stpeter.im> <C42C278BC5CB8F3EE2920E99@PSB> <CAChr6SxAv6EcQdx5Gn3ZCS_Rp9xZ2tfMwibwsy3-zd8ggYLSwA@mail.gmail.com> <F231847593275FB912D1FD6E@PSB>
In-Reply-To: <F231847593275FB912D1FD6E@PSB>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 02 Apr 2024 22:05:44 -0700
Message-ID: <CAChr6SxV9fahgH_BYkhRQxDPSdR3PME1vbiCux2Lk6bGSG=ttw@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: Peter Saint-Andre <stpeter@stpeter.im>, Neil Jenkins <neilj@fastmailteam.com>, Carsten Bormann <cabo@tzi.org>, Tim Bray <tbray@textuality.com>, art@ietf.org, draft-ietf-jmap-contacts.all@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>, last-call@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007a4ecb06152a2dde"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/jIk0PUD9yPk-xvkBrpnpblFKQR0>
Subject: Re: [art] [Last-Call] Artart last call review of draft-ietf-jmap-contacts-06
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 05:06:02 -0000
Oops. just a quick top-quote: RFC 8264 and the older version it obsoletes are what I looked at. That's what I get for waiting too long between the research and the message. Even still, these two: https://datatracker.ietf.org/doc/rfc8264/ https://datatracker.ietf.org/doc/rfc7564/ are not normatively referenced by very many RFCs. That doesn't mean it's bad, but it might not apply here. thanks, Rob On Tue, Apr 2, 2024 at 8:13 PM John C Klensin <john-ietf@jck.com> wrote: > > > --On Tuesday, April 2, 2024 18:21 -0700 Rob Sayre > <sayrer@gmail.com> wrote: > > > On Tue, Apr 2, 2024 at 5:44 PM John C Klensin > > <john-ietf@jck.com> wrote: > > > >> It seems to me that your conclusion depends on an assumption > >> about "the JMAP community" that might be questionable. An > >> analysis of the JMAP specification leads me to a slightly > >> different conclusion; inline below. > > > At the risk of repeating myself, I don't think PRECIS really > > does the trick here, even though it's easy to see it does work > > sometimes (I went and looked at the "Referenced By" stuff in > > the datatracker). The document is "Preparation, Enforcement, > > and Comparison of Internationalized Strings Representing > > Usernames and Passwords". > > Rob, I didn't mean to say "require PRECIS", only that we are > under some obligation to do better than saying "UTF-8" and > giving length boundaries. If PRECIS is a good answer, fine. If > not, that is fine too, as long as we are clear about the > alternative. > > Beyond that as far as PRECIS is concerned, I'm not sure what you > are talking about because both RFC 7564 and 8264 are > "Preparation, Enforcement, and Comparison of Internationalized > Strings in Application Protocols". RFC 8265 is about > "...Representing Usernames and Passwords", but that is > appreciably more restrictive. > > > But there are other problems that will come up, like writing > > street addresses in Japanese, Thai, etc., as written here: > > > > https://datatracker.ietf.org/doc/draft-ietf-calext-jscontact/ > > > > So, while PRECIS might apply cleanly to this draft, I think > > the JSON implementations will be facing much more varied > > content. > > Ok. But this is a Last Call on this document. It isn't even > about "JSON implementations", it is about a very specific > application of JMAP. > > > That's why I prefer the approach here: > > > > https://datatracker.ietf.org/doc/draft-bray-unichars/ > > > > It's also realistic about the fact you will get the so-called > > "toxic waste" from whatever JavaScript's JSON.parse and > > JSON.stringify do. This way is even better as it relates to > > "any UTF-8 string", because the Unichars draft covers escape > > sequences. The issue in JSON or XML is that you can send > > perfectly valid UTF-8, but there might be escape sequences > > that represent total garbage from a Unicode perspective. The > > Unichars draft provides some usefully adversarial examples. > > Understood. I'm reluctantly going to respond briefly on this > thread but then think the discussion should go elsewhere since > we are not, AFAICT, even close to a Last Call on, e.g., > draft-bray-unichars. > > I suggest that there is something of a spectrum with "just use > valid UTF-8" at one extreme and very restrictive, > application-specific and application-tuned, models like IDNA2008 > at the other. In between lie specifications that try to avoid > the worst problems one can get into with Unicode, including, in > no particular order, draft-bray-unichars, > draft-bormann-dispatch-modern-network-unicode, the (IMO) badly > outdated RFC 5198, and UTR#36 and/or UTS#39. The PRECIS > framework document (RFC 8264), which is what I've had in mind > when I (and others) have said "just use PRECIS" is somewhat > further out on that spectrum although perhaps not much further > than UTS#39 and UTR#36 with a good choice of options. And > PRECIS in the specific "Usernames and Passwords" (RFC 8265) and > "Nicknames" (RFC 8266) variations are someone further out, but > still not as far as IDNA2008. Now, if we can agree that "just > use a UTF-8 string" is not good enough (whether STD 63/ RFC 3269 > are explicitly referenced or not), the question is how far out > on that spectrum one should go in providing restrictions and/or > advice ... with the understanding that, while > draft-bray-unichars and > draft-bormann-dispatch-modern-network-unicode eliminate > considerable "toxic waste" and other problem-prone > constructions, going further with trash and risk reduction may > be appropriate, at least as advice, in many situations. Those > I-Ds each specific subsets of the possible collection of > strings. The more restrictive specs specify what should be > subset of what those two allow (if they aren't proper subsets, I > think some careful review is in order). > > But, again, as far as this particular draft is concerned, the > issue as I see it is moving back "UTF-8 string" with some length > limits. Something like draft-bray-unichars would be a step in > the right direction with the question of whether it goes far > enough. But, independent of that answer, it suggests that the > current I-D in IETF LC needs some work. > > best, > john > >
- Re: [art] [Last-Call] Artart last call review of … Carsten Bormann
- [art] Artart last call review of draft-ietf-jmap-… Tim Bray via Datatracker
- Re: [art] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [art] [Last-Call] Artart last call review of … Carsten Bormann
- Re: [art] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [art] [Last-Call] Artart last call review of … Neil Jenkins
- Re: [art] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Rob Sayre
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Rob Sayre
- Re: [art] [Last-Call] Artart last call review of … Carsten Bormann
- Re: [art] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Bron Gondwana
- Re: [art] [Last-Call] Artart last call review of … Carsten Bormann
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Bron Gondwana
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Carsten Bormann
- Re: [art] [Last-Call] Artart last call review of … John C Klensin
- Re: [art] [Last-Call] Artart last call review of … Neil Jenkins
- Re: [art] [Last-Call] Artart last call review of … Rob Sayre