Re: [art] [saag] Date formats: RFC3339 vs. RFC 5322
Benjamin Kaduk <kaduk@mit.edu> Wed, 14 April 2021 23:55 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF4A03A2539; Wed, 14 Apr 2021 16:55:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_bIKUH474dY; Wed, 14 Apr 2021 16:55:10 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BE3F3A2533; Wed, 14 Apr 2021 16:55:09 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 13ENswHe001894 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Apr 2021 19:55:03 -0400
Date: Wed, 14 Apr 2021 16:54:57 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nico Williams <nico@cryptonector.com>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, art@ietf.org, saag@ietf.org
Message-ID: <20210414235457.GY79563@kduck.mit.edu>
References: <CAAyEnSMBdXCA0EvgR79P_1gi15pAPfeyu_HgGqgMjWxRP8sxKg@mail.gmail.com> <901F4345-91B6-42CA-9F68-27DB4C539F3D@vpnc.org> <20210413200101.GL9612@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20210413200101.GL9612@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/xx8DOca0WupMqVoSS6D-FxxQFFo>
Subject: Re: [art] [saag] Date formats: RFC3339 vs. RFC 5322
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 23:55:13 -0000
On Tue, Apr 13, 2021 at 03:01:02PM -0500, Nico Williams wrote: > On Tue, Apr 13, 2021 at 12:30:21PM -0700, Paul Hoffman wrote: > > Given that the date in that section of that draft is meant to be machine > > parsed, choosing RFC 5322 (neé 822) date formats is a particularly bad idea, > > given the existence of RFC 3339. > > I mean, strptime() can handle both, and since everything is written in C > (which is why we so badly need security.txt!), that's enough. But yes, > ISO 8601 is much easier to parse. And it will be even easier to compare > dates if security.txt ends up using Zulu time, since then plain string > comparison (even memcmp()!) is enough. > > Thinking about implementation... I suddenly wonder why security.txt > should have expiration instead of a TTL. I'm pretty sure what's really > intended is that I not cache security.txt files too long so that they > can be updated. Indeed, sections 3.5.5 and 6.3 make it clear that this > is about caching. > > An optional publication time (ISO 8601), and a required TTL measured in > hours or days would be more than sufficient, and maybe superior to a > notAfter. Unless the point of `Expires` is also to force the publisher > to keep security.txt up to date. Yes, that. We got a lot of LC feedback that (okay, I might be exaggerating for effect) the future Internet would be littered with piles of stale security.txt files to the extent that the mechanism would be rendered useless due to the expectation of stale content. Adding "Expires" serves as something of a "dead-man's switch" that lets stale content age out relatively gracefully. > Implementation-wise, I see a few ways in which I would handle `Expires` > information: > > 1) Comparison. E.g., to determine if a security.txt is stale, or to > sort/index/search archived security.txt files, in which case I'd have > two choices: > > 1a) if the format is ISO 8601 zulu, then format current time then > string compare, > 1b) parse the `Expires` into local time of day form and compare to > current time. > > (1a) is simpler, but only works for ISO 8601 Zulu times. > > 3) Authoring/production of security.txt files, where I only need to > format time, not parse it. > > Clearly it's easier to only have to format time and never have to parse > it. > > That said, strptime() and similar are widely available and easy enough > to use, so I do think there's an readability argument to make. But ISO > 8601 is still easier to read than RFC 5322 time, especially for > non-English speakers. And I think the authors have a clear answer for what to do here. Thanks to everyone for the feedback. -Ben
- [art] Date formats: RFC3339 vs. RFC 5322 Yakov Shafranovich
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Eliot Lear (elear)
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Tim Bray
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Nico Williams
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Nico Williams
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Paul Hoffman
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Julian Reschke
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Nico Williams
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… John C Klensin
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Claudio Allocchio
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Randy Bush
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Ned Freed
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Michael Douglass
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Dave Crocker
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Stian Soiland-Reyes
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Peter Gutmann
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Alan DeKok
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Tony Finch
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… heather flanagan
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… John Levine
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… tom petch
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Steve Allen
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… heather flanagan
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Phillip Hallam-Baker
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Benjamin Kaduk
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… tom petch
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Stian Soiland-Reyes
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Phillip Hallam-Baker
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Steve Allen
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Phillip Hallam-Baker
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Carsten Bormann
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Metapolymath Majordomo
- Re: [art] [saag] Date formats: RFC3339 vs. RFC 53… Yakov Shafranovich