IETF Logo Mail Archive

Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Sat, 31 August 2019 10:46 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C01A9120099; Sat, 31 Aug 2019 03:46:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=rVqa6H9+; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=sABwz4Ud
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_I7U4yl84FY; Sat, 31 Aug 2019 03:46:13 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 442A7120046; Sat, 31 Aug 2019 03:46:13 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 79D3B21FC1; Sat, 31 Aug 2019 06:46:12 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Sat, 31 Aug 2019 06:46:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=a coyygCrz709dOG5KJyq/HdK40UMo8IHMLOk7BeeFYQ=; b=rVqa6H9+z9Oq/wLVs 0LXU6TcyuVhFu103yQf/q2ICpEMFFMCAPouWfDyguvAJwxK66hJ17rbvbCkj/SGd pddNGxS99ytqf7kmsIfypVImyBZyea9hsFcY/x1SEvslFmO92ZT1AR+J2EbsKCkS E7d6Qy8iVceDCs6G9kF5VMOWMovL+G9LFmhNfBXwY9hPa8pezuPAWBhEbqGaEkrh 6LayyxsjkZf99QWD1lNjvisMsrHcg7bHXGWnumzwTjkc8mqAvUTYtOfl3EyDF5aU o0IT4lAT3OCSHKg9leVRjV3q8rWwrNqN1g4d9hURDM2R32HG5dVzHktCvNCeV/PU UpX9w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=acoyygCrz709dOG5KJyq/HdK40UMo8IHMLOk7BeeF YQ=; b=sABwz4Udx4Czzqox/KQGQUqVwmm/fXJj8V4jjvfjUr+9t//mjkCQET5j8 t/8Iq3fvKwAFaeZnNfu2kKkIoteAsUeV7GPjSptmEEgSichX7IKMoSKxOx1lQZu6 p0iWty/dMTcsZOlD/DJ93apkPZtsCqc5yFT6Dw05kA/7Y8XsOwogtlPApWKTyVNe azXQDyi7qE8HkAIUS2GOuD72W9bY6jMApdfPJrOvnsAynYliR4S7glA84HEO8yrS wMrlOWHu5D7NCp7ervAXSvXxsRbb5uML9fMJNn8Njv1Qm+AUrz7jGqwvlwfG/hUP p+ER9NCMqH5MpNAH0H3gsKCavD+nA==
X-ME-Sender: <xms:809qXTV7g03qYhdbTE96Dup0hnfvOBw4Ii1PQqEubHPUEYaRUYiknQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudeiiedgtdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhofgjfffgkfhfvfesrgejmherhhdtjeenucfhrhhomheptehlvgig vgihucfovghlnhhikhhovhcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmh eqnecuffhomhgrihhnpehivghtfhdrohhrghenucfkphepjeejrdeljedrudeghedrheeh necurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshhtmhgrih hlrdhfmhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:809qXeLzPN-DBMG7a64h09YsddQ_-NhA3VqbWGgrD-VJZC0MaelK0Q> <xmx:809qXTC4hifuwOgMwpcshPnAyrmPxknPgb5Lw9yOrTBRqWvNuMED5A> <xmx:809qXedBpFepKXWECdOhWO_NEyey3EBGLG0hrSwXKLJfyGa643YK4Q> <xmx:9E9qXbTrg8Gkq-Unot4h884c6kpsJf9fOXLj-xGieTxdQsGPr_RacQ>
Received: from [192.168.0.12] (cpc121086-nmal24-2-0-cust54.19-2.cable.virginm.net [77.97.145.55]) by mail.messagingengine.com (Postfix) with ESMTPA id AAFB9D6005F; Sat, 31 Aug 2019 06:46:10 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-49FE1651-FA80-44AD-A093-B274B3F7A788"
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPad Mail (16G102)
In-Reply-To: <88A86206-D8D6-4B89-A1D0-A8F530779B59@fastmail.fm>
Date: Sat, 31 Aug 2019 11:46:09 +0100
Cc: Carsten Bormann <cabo@tzi.org>, The IESG <iesg@ietf.org>, draft-ietf-core-multipart-ct@ietf.org, Jaime Jiménez <jaime.jimenez@ericsson.com>, core-chairs@ietf.org, core@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <A98A6DF5-B3F9-4E89-B75B-2CC3BB900B6E@fastmail.fm>
References: <155675554069.2851.9351849772053196736.idtracker@ietfa.amsl.com> <459433ef-5cb5-4c3e-a32e-a5d063b1ccf0@www.fastmail.com> <BE1600FF-FBFB-44F4-A405-9C73ADA6E3FC@tzi.org> <20190504232153.GA19805@kduck.mit.edu> <A6EE5F90-391C-487B-A3DD-2193027022C6@tzi.org> <20190826181801.GJ84368@kduck.mit.edu> <88A86206-D8D6-4B89-A1D0-A8F530779B59@fastmail.fm>
To: Benjamin Kaduk <kaduk@mit.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/m_-Tmu5_0mcifRk7xvGSb_fUHI8>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Aug 2019 10:46:17 -0000

Hi Ben,

> On 31 Aug 2019, at 11:39, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
> 
> Hi Ben,
> 
>> On 26 Aug 2019, at 19:18, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> 
>>> On Wed, Aug 21, 2019 at 09:37:10PM +0200, Carsten Bormann wrote:
>>> Hi Benjamin,
>>> 
>>> it took us a while to better understand the concern and come up with text.
>>> 
>>> We have now submitted -04:
>>> https://tools.ietf.org/html/draft-ietf-core-multipart-ct-04
>>> https://tools.ietf.org/rfcdiff?url2=draft-ietf-core-multipart-ct-04.txt
>> 
>> [replying at the top since what I am trying to say is essentially wrapping
>> all the inline notes together]
>> 
>> I can grudgingly accept the decision to focus solely on a multipart/mixed
>> equivalent, though it remains surpising to me that stopping there is
>> desired.  That is, my reading of RFC 2046 is that the "mixed" subtype is a
>> catchall generic container that is usable as a fallback for when a
>> more-specific subtype is not supported/understood, but that direct use was
>> somewhat discouraged due to the more rich array of semantics available
>> (noting that 2046 itself specifies several additional subtypes with the
>> "more-rich" semantics).
> 
> Having recently spent many hours coding handling of different multipart/* media types in an email client, I don’t think I agree. Yes, multipart/mixed is the fallback, but I don’t believe that any document discourages its use. Certainly observing multipart/* media types used in the wild, I only ever see multipart/mixed (the most common), multipart/alternative, multipart/related, multipart/report and rarely multipart/digest. multipart/report and multipart/digest have special structure and purposes, I don’t think they are relevant to draft-ietf-core-multipart-ct.
> 
>> So it's surprising that we stop with the generic
>> container, and do not mirror RFC 2046 in defining some more-rich subtypes
>> with precise semantics.
>> 
>> That said, within the context of only specifying a multipart/mixed
>> analogue, I still think we need to have some further discussion about the
>> applicability of those semantics to the listed use cases.  RFC 2046 is
>> quite clear that "mixed" is used when the body parts "need to be bundled in
>> a particular order".  The first use case listed, for audio snippets to be
>> played back in sequence or search results, is a natural fit for
>> multipart/mixed.  The second ("bag of representations"), however, includes
>> a note that "the sequence in which these occur may not be relevant to the
>> application", which does not seem like a good fit for multipart/mixed:
>> depending on the specifics, either multipart/alternative or
>> multipart/parallel seem to be a better match for the stated semantics.  
> 
> As far as I am concerned there is zero use of multipart/parallel in email or web. Even if it was a good idea at the time, the market decided against it.
> 
> I think multipart/mixed is used for both as an ordered sequence and as an unordered collection. Considering variety of UIs for handling multipart/mixed, I don’t think the difference matters significantly for people to care about differences between 2 cases.
> 
>> The
>> third listed use case (sender-selects from a union) also doesn't feel like
>> a great fit, since there is mostly just one "inner" type in a give
>> response, and thus no ordering to be had; even in the (transient?) case
>> where a resource is represented by multiple of the potential output
>> formats, it's not clear that the ordering will always be important.  This
>> use case in particular feels like a very good match for defining a new
>> subtype with precise, rich, semantics for "sender selects from union".

I am ambivalent on this. It doesn’t match the multipart/alternative semantics (this case effectively just has 1 choice) and it is close enough to other cases that I am not convinced that a new media type would be important to implementors.

Best Regards,
Alexey
>> 
>> Finally, I would like to continue to push back on the sense that it is good
>> to have the surrounding (request) context play a large role in interpreting
>> the semantics of the response.  While this is of course unavoidable to some
>> extent, I am not sure that encouraging it is wise.  Consider, for example,
>> JWT, which is becoming quite popular, but also is having to react to quite
>> real security threats due to the lack of explicit typing from the start.
>> The mere fact that I have to ask "can my access token be misused as an
>> identity token?" seems like a failure of the context-dependent semantics.
>> Granted, JWT is a cryptographic construct involving a signature from a
>> trusted authority, which is not the case here, but the general question of
>> whether we want to place more weight on the two parties communicating
>> making the same implicit/heuristic-based choices about interpreting content
>> when we can easily make the semantics more explicit and rely less on all
>> implementations making the same choices seems to still apply.
>> 
>> Thanks,
>> 
>> Ben
>> 
>> 
>>>> On May 5, 2019, at 01:21, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>>>> 
>>>> On Thu, May 02, 2019 at 03:11:25PM +0200, Carsten Bormann wrote:
>>>>> Hi Alexey,
>>>>> 
>>>>>> On May 2, 2019, at 14:40, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
>>>>>> 
>>>>>> Hi Benjamin,
>>>>>> 
>>>>>>> On Thu, May 2, 2019, at 1:05 AM, Benjamin Kaduk via Datatracker wrote:
>>>>>>> 
>>>>>>> ----------------------------------------------------------------------
>>>>>>> DISCUSS:
>>>>>>> ----------------------------------------------------------------------
>>>>>>> 
>>>>>>> It's not clear to me that we're really specifying the semantics of a
>>>>>>> single media-type.  The introduction discusses how we may want multiple
>>>>>>> representations to appear in a sequence, potentially representing
>>>>>>> different content.
>>>>>> 
>>>>>> I think this is similar to multipart/mixed.
>>>>> 
>>>>> We were indeed trying to follow the model of multipart/mixed.
>>>>> This offers a number of embedded representations the sequence of which may or may not be important.
>>>>> 
>>>>>>> Or we may have a set of related representations that
>>>>>>> conceptually are the same content (but are they literally the same
>>>>>>> resource, or related content?).
>>>>>> 
>>>>>> My understanding is that they are related contents.
>>>>> 
>>>>> There is no promise that the related items are conceptually the same content.
>>>>> The difference between the first situation and the second one mainly is that the sequence is not important in the second (i.e., we are using the sequence to describe a bag).
>>>>> 
>>>>>>> And there is yet a third option -- one
>>>>>>> that I'm not sure I fully understand -- wherein the representation is
>>>>>>> not important, but rather which format is chosen of the several
>>>>>>> possibilities, to the extent that extreme compression of the
>>>>>>> representation is possible, with the compression just outputting the
>>>>>>> format indicator.
>>>>>> 
>>>>>> Hmm, I missed that. I think this is similar to multipart/alternative
>>>>> 
>>>>> That wasn’t the intention.
>>>> 
>>>> I think that analogies to multipart/mixed and/or multipart/alternative
>>>> would help the reviewer assess whether the document text succeeds at
>>>> describing the intended behavior (though it's not clear that using such a
>>>> reference to attempt to define the behavior by reference is a useful plan).
>>> 
>>> Please have a look at what we did — we made it more explicit that the semantics are indeed refined by the request context, but that multipart/mixed is our model here and multipart/alternative is outside the range that this media type addresses.
>>> 
>>>>> The choice in the third situation mentioned in the introduction is made by the originator of the representation, not the receiver.  The selected representation is still packaged in an application/multipart-core envelope so the media type does not need to diverge — it is essentially used as the (type!) union (a.k.a. choice) of the media types that the application wants to be able to put in the envelope.
>>>>> 
>>>>> We may have painted ourselves into a corner in RFC 7641 with the mandate that the representations provided by an observable resource stay within the same media type (content-format) over time.  This makes it difficult in CoAP to observe a resource that alternates between a “pending” and a “ready” state that have different structures of their representation.  Multipart-core can be used to package either into the same media type.
>>>> 
>>>> So while this may not be quite multipart/alternative, there are still
>>>> alternatives involved; they are just delievered in separate (streamed)
>>>> responses, as opposed to together in the same one.  That is, the
>>>> alternation is over time and not at the choice of the recipient.
>>> 
>>> Multipart/alternative is recipient choice; scenario 3 is originator choice.
>>> The need for the “union type” alluded to in the introduction may be idiosyncratic to CoAP: We expect an observed resource to go through states that all can be described by representations of the same content type.  Maybe that was not such a smart expectation, but the union type mechanism allows us to paper over that.  In any case, there is no “order” or “choice” problem in this scenario.
>>> 
>>>>> I don’t think the third situation has semantics that differ from the first two.
>>>>> You still get a bag with a representation in it (or maybe none).  You still need to look into the bag to see what form it takes this time.  Actually, the second situation might also apply, so you might indeed get a couple representations in certain instances because that’s what best describes the resource at this particular time.
>>>> 
>>>> I think it's important to be clear about whether the sequencing within a
>>>> given content array is or is not semantically relevant,
>>> 
>>> This is very much a function of the semantics that the request had on the resource.  If you get a mail with multipart/mixed in it, is it semantically relevant that the service manual is first, then the user manual next among the attachments?
>>> The ordering may simply be alphabetic by name (and that may actually be what the request originally said).
>>> 
>>>> and under what
>>>> conditions a recipient might only consult a subset of the array
>>>> (multipart/alternative) vs. assembling a conglomerate from components of
>>>> different types (multipart/mixed).
>>> 
>>> That is now addressed.  
>>> 
>>> Grüße, Carsten
>>>

v2.23.0 | Report a Bug | By Email