[art] Re: [SPICE] draft-ietf-spice-glue-id-04 ietf last call Artart review
Brent Zundel <brent.zundel@yubico.com> Wed, 11 February 2026 23:56 UTC
Return-Path: <brent.zundel@yubico.com>
X-Original-To: art@mail2.ietf.org
Delivered-To: art@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7E5E9B5DB627 for <art@mail2.ietf.org>; Wed, 11 Feb 2026 15:56:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=yubico.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CRdvQss9k0q for <art@mail2.ietf.org>; Wed, 11 Feb 2026 15:56:40 -0800 (PST)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 6D921B5DB60E for <art@ietf.org>; Wed, 11 Feb 2026 15:56:40 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-59e5bfa4f33so1324694e87.1 for <art@ietf.org>; Wed, 11 Feb 2026 15:56:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1770854199; cv=none; d=google.com; s=arc-20240605; b=KXTzPHLevP21k4IGrao5bAw2u2baqoLc3rVbkMmiQWVDcjpNgZyOEjx30d17qpuyEC uME4YWkZsHPGn6HrN/GBfegpd10lUeEcAjKkR3GKka3WkYKy9ieNivJtwqHVAbleF+Xw jPy59ybzOfQ4yOxHYmr8EeohCCzorVRi47Ldhio68IgOD5EzcNiudCr+W/nl7FIRdPX8 XGfopoxso37hC3kV69EZO9xGGyaV+GDyzBLWOqqPY41undOY3O5psJ1aerZloZLL46OY ByGh4udEty9PmAvRNEaWFOWMEKazIcCjKYNaB5WCQynbRD7FDmq37KGwuj0LykB8IG3b jdAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=LclM9Zkx+V7urxJo8pbNGmmyiJ3+zYSCGZJlvVgdWlQ=; fh=KfdIC3sf4yWVzevw/wegep9z4BX+Ss67bsLWPdyREmg=; b=LRHul46vezFVmClZbUQjodtEFOuBOMYdSEA03qGI6DMt06T7M3JMUYGw6H6i6RrEUB gRH97PgHrWPQ33HrNQSQU13DwgJQSv0ZnapivHIXCQ2OZbRlO/LqeBfT3ZV6zHKEE2V4 3cct2RQ7SRSQ+dgEDUhFfPTj26OH8zeF9NQBvL85EivT86Un8iLFnwBDYYjna356shuo AFivt9zsAdZGLf8XggALgc94gkSGldh9rBOEzUdTtEw4YuLhGubsNpDsSMd3booUNQli BMuTLCwvWkhr/lkwRKgL3RZv+V4b3t4eiQGEbdpejTCdmEDJKKzy5e7yn7rAlQqwqWBt jucg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yubico.com; s=google; t=1770854199; x=1771458999; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LclM9Zkx+V7urxJo8pbNGmmyiJ3+zYSCGZJlvVgdWlQ=; b=cVV9sw0iph5ciBW/8l8eVha27CHHRUc0DgogT/ei+0/LCrsvcGPR20XMegBTkSMmIn 89w9/d9seMjaIbASkCHln92fZwJ+hyCra/ZxcbQnmMfoSyjmdd1+TMa6B4Oq4ejm1yB0 qyv+sp6kl9rIhbHIV1dMWpR9esG4w0bIf4t8WuhIW62lgxVwgxFo0K8keIkzL9D0LEDs Luw3ttPiEqDnhyu/o6V4xAm8/VFNcL0rW53t0Y5XXofx90/HlG2LqscpTw3/nzbB1Bvc whDuYyFP1o312nhrBtEYYLfPrZR0Cx++l7ywD5j3QCUya4jo/cpBd9oyWu9Xyb1X0N8F 9xMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770854199; x=1771458999; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LclM9Zkx+V7urxJo8pbNGmmyiJ3+zYSCGZJlvVgdWlQ=; b=meKYQFR8sWDQgEdZxdBit9huIE9PZRHlhquSbz+T6CdRBweRo2BN4taCwSiTJqJHKh vs834JuSFnsyK8/LFxe5pJ3hc+MZbZ4Svad5ouNGIuaWf1HP8bilIJqeeGp8wCBP/aqL VU1oimsCZ9xFnvMOhnzP3FAmPXsF1MhUjvpQzRugTn6QrL0XvI16vBzm9ofVRoTlor4s IBWGV2AKjMsheU2OFke71xVN0LN0b5M4bQtF6fUQYu58ff6HzQxhtI4GJJR5/Nptg6cT ae8dSnhIntOz+qIV8TLjlFyYM+hWOaBm+mQjMzeZg6qFvkeUevNi/EQ07ke/PbdhMece mJjw==
X-Gm-Message-State: AOJu0YyrfNzBTsS/LuCmaQ3w2IXif32N3LUApk20wozSTrDQDfILUOqg d7KooHWGohwHXaqwVCexn+SvP1I7pRMDRYXxs0yY3tTwvge4dE17chTS958KTR/trJMCyoz5diy ayXS/cLvtr+IBJnSC+zmRNPB/mf8fi7Ish+BUQE3fiw==
X-Gm-Gg: AZuq6aIjpxb+u+uGR/7kASqRunCI8NMgL+jSu8n1noSkzhfMtWbYKE8i8f4t7mOwoNy aUBOFG8+rCkQq5eXNX9oCt2nIuNyBFfgEzK15S7ik8qSXiL2ZnB6Ke9IGhBrng7T5FpBsuCFSYA cfJ+4fIU1aoMnZURxr1NDbNoQObdUU47OyWtuvGhdcBLHhiozosYYnoUeonopGvWpH7u2Iht7D2 QNYB2vL66C25dDDDqurZ8zMMqjLu3LBSokORenZMZcCbXbvMtlm8AHOv2Fs7AYaNyAayhvn5oQU cU3Gpg==
X-Received: by 2002:a05:6512:4028:b0:59e:46f3:97d4 with SMTP id 2adb3069b0e04-59e6415360amr258216e87.42.1770854199094; Wed, 11 Feb 2026 15:56:39 -0800 (PST)
MIME-Version: 1.0
References: <176999555082.2258144.15300311588293625134@dt-datatracker-77f8b84995-z4hzn>
In-Reply-To: <176999555082.2258144.15300311588293625134@dt-datatracker-77f8b84995-z4hzn>
From: Brent Zundel <brent.zundel@yubico.com>
Date: Wed, 11 Feb 2026 16:56:28 -0700
X-Gm-Features: AZwV_Qh5DWl6IBMQEOYJix5od35HZE94-Vk3ng-9DDSJkSHSNrwGgWL-PRjiDD8
Message-ID: <CAP5QTG5-hGWm1_u7CZTJW5H56LxXecoKbk3viBfBPdoDOxozhA@mail.gmail.com>
To: Patrik Fältström <paf@paftech.se>
Content-Type: multipart/alternative; boundary="0000000000007c7ea9064a951f63"
Message-ID-Hash: QECKSGY2ND5BURFRBI3F75VCMAAGX4EV
X-Message-ID-Hash: QECKSGY2ND5BURFRBI3F75VCMAAGX4EV
X-MailFrom: brent.zundel@yubico.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: art@ietf.org, draft-ietf-spice-glue-id.all@ietf.org, last-call@ietf.org, spice@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: [SPICE] draft-ietf-spice-glue-id-04 ietf last call Artart review
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/uzFiNYEaeBqB8DCTa9_XL7J39wg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>
Patrik, Thank you for your review. We have raised a PR in response and invite your comments there: https://github.com/ietf-wg-spice/draft-ietf-spice-glue-id/pull/60 On Sun, Feb 1, 2026 at 6:25 PM Patrik Fältström via Datatracker < noreply@ietf.org> wrote: > Document: draft-ietf-spice-glue-id > Title: GLobal Unique Enterprise (GLUE) Identifiers > Reviewer: Patrik Fältström > Review result: Ready with Nits > > I have two related architectural clarity concerns that I believe would > benefit > from explicit treatment in the document. > > 1. Internationalisation and character set constraints > > In Sections 3.1 (Authority Identifier) and 3.2 (External Identifier), the > ABNF > restricts both components to a limited US-ASCII character set (ALPHA / > DIGIT / > "+" / "-" / ".") and does not permit percent-encoding. As a result, GLUE > URNs > cannot represent identifiers that contain non-ASCII characters, even via > encoding. > > This may be intentional given the currently listed identifier schemes, but > the > document does not state that non-ASCII identifiers are out of scope. As > written, the syntax prevents future use with identifier systems whose > canonical > representations include non-ASCII characters. > > Suggested clarification text (for Section 2 or Section 3): > > "A GLUE URN is defined over the restricted US-ASCII syntax specified in > Sections 3.1 and 3.2. Percent-encoding is not permitted. Consequently, GLUE > does not support representation of external identifiers whose canonical > form > includes non-ASCII characters. This specification is therefore limited to > identifier systems whose canonical representations are fully within the > permitted character set." > > Alternatively, if non-ASCII identifiers are expected to be supported in the > future, the document would need to specify encoding and canonicalization > rules. > > 2. Relationship between GLUE URNs and other URN namespaces > > The document defines GLUE URNs of the form: > > urn:glue:authority:external-id > > The document also provides at least one explicit example (Section 4.1) > where a > GLUE URN is stated to be equivalent to a URN defined in another namespace > (for > LEI). However, the document does not explicitly state the general > relationship > between a GLUE URN and a hypothetical native URN defined by the referenced > authority, for example urn:foo:x. > > Under the URN architecture, different namespace identifiers imply different > identifiers by default, even if the namespace-specific strings appear > similar. > Therefore, absent an explicit statement to the contrary, urn:glue:foo:x and > urn:foo:x are distinct identifiers. > > Because the document includes an explicit equivalence in at least one case, > there is a risk that implementers or relying parties will generalize from > that > example and assume equivalence or interchangeability between GLUE URNs and > non-GLUE URNs for other authorities, even when no such equivalence has been > specified. > > Suggested clarification text (for Section 2, Section 4, or a new semantics > subsection): > > "A GLUE URN is an identifier in a distinct URN namespace. By default, a > GLUE > URN is not equivalent to any other URN, including a URN defined by the > referenced authority's own namespace. Equivalence between a GLUE URN and a > non-GLUE URN exists only when explicitly specified for a given Authority > Identifier. Implementations and relying parties MUST NOT assume equivalence > between GLUE URNs and non-GLUE URNs unless such equivalence is explicitly > defined by the authority or documented in the relevant registry entry." > > I believe clarifying this point would reduce the risk of incorrect > assumptions > about identifier equivalence and improve interoperability, without > changing the > core design intent of the document. > > > -- > SPICE mailing list -- spice@ietf.org > To unsubscribe send an email to spice-leave@ietf.org > -- Brent Zundel Standards Architect | Yubico <http://www.yubico.com/>
- [art] draft-ietf-spice-glue-id-04 ietf last call … Patrik Fältström via Datatracker
- [art] Re: [SPICE] draft-ietf-spice-glue-id-04 iet… Brent Zundel
- [art] Re: [SPICE] draft-ietf-spice-glue-id-04 iet… Tim Bray
- [art] Re: [SPICE] Re: Re: draft-ietf-spice-glue-i… Rohan Mahy
- [art] Re: [SPICE] Re: Re: draft-ietf-spice-glue-i… Patrik Fältström
- [art] Re: [SPICE] Re: Re: draft-ietf-spice-glue-i… Rohan Mahy
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-i… John C Klensin
- [art] Re: [Last-Call] [SPICE] Re: Re: draft-ietf-… Patrik Fältström
- [art] Re: [Last-Call] [SPICE] Re: Re: draft-ietf-… Rohan Mahy
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-i… John C Klensin
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-i… Patrik Fältström
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-i… Arnt Gulbrandsen
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Orie
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Arnt Gulbrandsen
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: Re: Re:… John C Klensin
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Rohan Mahy
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Michael Jones
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Rohan Mahy
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Rohan Mahy
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Arnt Gulbrandsen
- [art] Re: [SPICE] Re: Re: [Last-Call] Re: Re: Re:… Rohan Mahy
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: Re: Re:… John C Klensin
- [art] Re: [Last-Call] Re: [SPICE] Re: Re: Re: Re:… Martin Thomson