Re: [dispatch] Murray Kucherawy's No Objection on draft-ietf-dispatch-javascript-mjs-13: (with COMMENT)
John C Klensin <john-ietf@jck.com> Wed, 12 January 2022 04:49 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C8A3A14F8; Tue, 11 Jan 2022 20:49:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHYBzwaH0K2K; Tue, 11 Jan 2022 20:48:58 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AABC3A14F5; Tue, 11 Jan 2022 20:48:55 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1n7VZ6-0001T0-Nl; Tue, 11 Jan 2022 23:48:52 -0500
Date: Tue, 11 Jan 2022 23:48:46 -0500
From: John C Klensin <john-ietf@jck.com>
To: ned+dispatch@mrochek.com, Mathias Bynens <mths=40google.com@dmarc.ietf.org>
cc: Ben Campbell <ben@nostrum.com>, DISPATCH WG <dispatch@ietf.org>, dispatch chairs <dispatch-chairs@ietf.org>, draft-ietf-dispatch-javascript-mjs@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <DD746E43498BFF74BAF61C97@PSB>
In-Reply-To: <01S8F3X371ZE00D1OX@mauve.mrochek.com>
References: <164144481153.28700.9521326921012553920@ietfa.amsl.com> <CADizRgYZhzFrNsoFP0M845zK9DgGi5Ci6pgVGVfcNzPkT31JyQ@mail.gmail.c om> <CAL0qLwYgc13KXriZNPcB-XqC7i_ORDw01C5h2x93U22R3VCnSg@mail.gmail.com> <CADizRgaN9BvLztmJ6Q+kjV8fJM_hhXkQxFSRX2mgaFsP1RaBCA@mail.gmail.c om> <01S8F3X371ZE00D1OX@mauve.mrochek.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/TpM_ZIeynyyCOYsMuQ6mPNi-UNU>
Subject: Re: [dispatch] Murray Kucherawy's No Objection on draft-ietf-dispatch-javascript-mjs-13: (with COMMENT)
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2022 04:49:03 -0000
Warning: this note is long. Those who are not interested in the details can safely skip to the least three paragraphs, beginning with the one that starts "bottom line". --On Tuesday, January 11, 2022 07:53 -0800 ned+dispatch@mrochek.com wrote: > In regards to all these obsolete registrations and x- > registrtions in particular... > >> > What I've observed is that the current media type registry >> > does not at present contain any of the "x-" media types >> > this document is registering. I believe that makes them new >> > registrations, and so I suggest that there should be text >> > explaining why BCP 178 doesn't apply here. >> Thank you. Please take a look at this patch: >> https://github.com/linuxwolf/bmeck-ids/pull/65/files > >> For context, these are historical legacy types that are >> supported in practice: >> https://mathiasbynens.be/demo/javascript-mime-type Although >> they are OBSOLETED, it's important that the document >> specifies them because they are required for Web >> compatibility. > > There seems to be considerable misunderstanding about the > rules regarding obsolete type names, unfaceted types, and type > names beginning with "X-". > > First, RFC 6838 eliminated the special status of type names > beginning with "X-". So nothing prevents you from registering > type names beginning with "X-" as long as the registration is > in the standards tree. Appendix A of RFC 6838 only applies if > the type is being registered in, say, the vendor tree, which > AFAICT is not the case here. > > Of course the fact that you can register names beginning with > "X-" doesn't mean you should. So if you're doing this, a note > explaining why ths makes sense would be a good idea. Let me go a half-step further than Ned. Given the language in RFC 6648/ BCP 178, not explaining why it makes sense would create a situation in which an Informational specification in the IETF Stream was violating an IETF BCP. Without a clear explanation in the document, one which I believe should have been identified in the Last Call, that would create an intolerable situation of the IETF ignoring its one "best practice" specifications. > However, the better question is why are all these obsolete > type names being registered separately. RFC 6838 section 4.2.9 > explains the proper way to handle old names for the same media > type, and the registration form now contains a field for > listing all of these names. > If you're going to register a bunch of separate types for a > bunch of similar things, you need to explain why you're doing > things this way, and more importantly, why they warrant having > different names. > > And since in this case all of these additional registrations > are marked as obsolete, I fail to see why they aren't being > handle as deprecated aliases. Or, to pur this another way, why > not simply list all 15 (!) aliases in the registration for > text/javascript and get rid of section 6.2 entirely? Now, as I see it, that is an introduction to several problems. First, because ECMA-262 has evolved, some of those types may not actually be aliases but pointers to obsolete versions of the specifications (see below). Of course, if that is the case, the document should say so. That relationship is one of the many ways in which it is impossible for the I-D to be the claimed simple update to RFC 4329 (part of the basis for its progressing this far) without _introducing_ errors that 4329 did not have. Looking for a moment only at the IANA registry, Ned is the lead Media type reviewer/ Designated Expert for the registry and under RFC 6838, not just for the Vendor and Personal Trees but for "requests made by other recognized standards organizations". If we have seen a request _From ECMA_, I have not been able to find where that is documented. I would have expected to see it in both the Last Call announcement and in the draft IESG document action announcement as well as the document itself, and it appears in none of those places. Putting those documentation issues aside for the moment, if this was a request from ECMA and Ned does not believe the registration request or documentation meets the requirements, unless Alexey or Murray can convince him otherwise, the document is essentially, as the saying goes, dead in the water: while we give great deference to requests from other recognized standards organizations, we have no rule about overriding the decision of a Designated Expert, even by an IETF Stream Informational RFC. Nor do we have rules that say that, when there are multiple Designed Experts, two of them can outvote the other one. And IANA takes direction from the Designated Experts. Now let's assume there was no request from ECMA and that this document represents the request and opinion of the authors. There are then a few other problems which I didn't catch until I studied the document and the registry over the weekend. First, these registrations started out with the preferred one (in the registry) as application/javascript and application//ecmascript. RFC 4329 establishes that preference, identifying text/javascript and text/ecmascript as obsolete (which is how they are defined in the registry) and asserted that 'Use of the "text" top-level type for this kind of content is known to be problematic.' (see its Section 3, a section that appears to have been dropped from the I-D without comment -- not, at least IMO, a "fairly simple update"). The current I-D apparently proposes to change that, identifying text/javascript as the preferred form and marking application/javascript as obsolete. But it lacks, at least IMO, a clear explanation as to why that change, with the preference reversed a second time, is being made. That also raises the obvious question of whether, in another half-dozen years, the decision will not be reversed again. I can find no explanation if the I-D as to why that is unlikely to be the case, only a preference for the text/ form today. Equally important, RFC 6838, supplemented by RFC 6657, imposes far fewer restrictions on applications/* types than it does on text/* types. For the latter, the discussion in Section 4 of the I-D very strongly implies that these media types are not "Text Media Types" as defined in Section 4.2.1 of RFC 6838 and should therefore be application/* types. It may be that the text in the I-D is just confusing (if Ned is convinced these are appropriate text/* types, I defer to his judgment), but that is more evidence that this document is not ready for prime time... probably to the extent that it never should have been put into Last Call. Or, if that is not the problem, this specification does not get to violate RFC 6838's provisions without either a clear explanation or updating that document (which would presumably require a clear explanation). Assuming text/javascript is appropriate, this I-D also violates Section 4.2.1 of RFC 6838 in another way, where the fourth paragraph of that section starts by saying 'If a "charset" parameter is specified, it SHOULD be a required parameter, eliminating the options of specifying a default value. If there is a strong reason for the parameter to be optional despite this advice, each subtype MAY specify its own default value, or alternatively, it MAY specify that there is no default value.' The subsequent text that talks about "strong reason for the parameter to be optional" strongly implies that there should be an explanation in the relevant document (in retrospect, we should have explicitly required that). I don't see that explanation even attempted unless it is the text about the use of "charset" with one target and not with others (again, confusing at best). Equally or more important, Section 4.1 of the I-D says that the value of the charset parameter "SHOULD be a registered charset" while the second paragraph of Section 4.2.1 of 6838 says "MUST". That is a clear violation of RFC 6838 and as noted above, this I-D does not get to violate or change BCP 13, at least without a very clear explanation that can be reviewed and evaluated by the IETF, not just waived off in passing as repeating the errors of RFC 4329. I don't have the energy to go back and study RFC 4329 carefully but a quick review of parts of it suggests that many of these problems are the legacy of originally using application/* types, which are far more flexible about these things. That implies that a switch (back) from application/* to text/javascript without considerable additional explanation leaves a few too many document deficiencies and loose ends. Coming back to Murray's MUST question, this document and its authors should not be able to say, in essence, that 4239 is so broken that it is necessary to un-deprecate things that it claimed were obsolete and turn them into requirements and then turn around and say that things that are incorrectly represented as requirements should be preserved just because this document does not change them. That isn't all. If the Mozilla piece cited by Mathias at https://mathiasbynens.be/demo/javascript-mime-type is relevant and the reason for registering these dead/ obsoleted documents is because they were in use somewhere, then I don't understand why the "FAIL" "javascript+FOO" media types are not on the list proposed for registration (or treatment as Ned suggests). In addition, the proposed registrations, including the one for text/javascript that is intended to be the one that survive as relevant, invite the user to go on a wild goose chase, sending them to look at the RFC that succeeded the I-D and then to ECMA 262 (without any section numbers or other hints) and back to the present document. That is not, at least IMO, how the media type registry was intended to work, even if the goose is eventually captured. Even more important, but part of the same general problem, the "Interoperability considerations" subsection that is part of each of the registrations (and is new text that cannot be blamed on RFC 4329) appears to say something equivalent to "whatever this media type says it is, treat it as if the current version of 'text/javascript' as specified in ECMA-262 had been specified". If that is the intent, the text should say so _and_ point to the specific section of ECMA-262 that requires strict backward compatibility in the present and all future versions. The material in Section 2 of the I-D (with or without the strange MUST to which Murray objected) does not do that. When I look at the current version of ECMA-262 itself, I find Appendix E ("Corrections and Clarifications in ECMAScript 2015 with Possible Compatibility Impact") and F ("Additions and Changes That Introduce Incompatibilities with Prior Editions"). They strongly imply that there are no such backward compatibility commitments. Even a single incompatibility that would cause an application to fail or apply a different interpretation of media types tied to earlier versions would be a problem (this is in the category of things that caused the IAB to launch a study of compatibility among versions of a protocol). We might deprecate a once-valid type because there is a newer type with a new definition. But having the definition of a type change out from under it and thereby making an application that assumed the original definition non-conforming... well, it isn't something the IETF should do and, if Ecma International (not just the authors) thinks it is ok, we need to hear from them. That problem with media type stability extends to the RFC Style Guide. References, especially normative references, are expected to be very stable. But, while the reference identified as [ECMA-262] itself is very stable, referring to the 2021, 12th Edition, of that spec, the "Interoperability considerations" text does not actually reference that 2021 version. What it references is, approximately, "whatever the ECMAScript specification is when you happen to read this". Perhaps the authors and the RFC Editor could work out how to do that in a reference, but the I-D is referencing the 2021 version in some places and the current version in others, using the same anchor, and that has not been acceptable at any time in the last 51 1/2 years. In addition, that dual use of the reference anchor means that the statement in Appendix B, "Updated references to ECMA-262 to match the version at time of publication" is not quite accurate because it is also expected to match the version at time of reading. ------ Bottom line: In retrospect, this document never should have been put into Last Call. The IESG's having done so is a symptom of one of the common problems with AD-sponsored documents, especially Informational ones, in today's IETF. That problem is insufficient expert review of potential problems in interactions with other specs and, in this case, with existing IANA registries and the rules for them. That lack of in-depth review is especially likely if something is presented as "just an update" or "just a replacement for an existing document", implying that there are no changes that have broad implications. Maybe it is something we should think about in terms of how DISPATCH works at well: perhaps a document like this should not be recommended for AD Sponsorship until it has been carefully reviewed by a team separate from the authors and with in-depth expertise in both the subject matter and the subtle issues with media types. That is a review that this document received only in the last couple of weeks and it might easily have slipped through. I have read the Shepherd's report and, given the assumptions it documents, it is probably completely correct. However, those assumptions include this "just" being an update to 4329 that does not introduce substantive changes other than those documented in Appendix B. That does not turn out to have been the case, e.g., with the change of "the intended usage of the media type text/javascript from obsolete to common", which has broader implications; with the use of one of the references; and with other issues identified above. Among the specific problems are that the change from a preferred application/* type to a text/* type is not a "simple update of RFC 4329" because it interacts with requirements of RFC 6838; the obsolete, then un-obsolete, then obsolete again actions (and their reverse) require more explanation than simply changing text; and, at least IMO, if 4329 messed up the IANA registries, this should not make them worse and, if it didn't, this I-D should not mess them up, whether intentionally or by being confusing beyond all acceptability. There is, in addition, clearly a more general problem for the IESG and IETF, which is whether replacing an old document that is known to have serious deficiencies with a new one that shares those deficiencies and doing so without even comments about them is a good idea. I note that no errata were filed against those deficiencies in 4239 but, given our treatment of errata (especially of the "hold for document update species), that should not make any difference, especially given that at least some of them were identified in review in DISPATCH. It is my personal view that, if we obsolete a previous document, we take on the responsibility, ideally, to fix its errors and inappropriate or incomprehensible text even if we do not fix other glitches. Even if we don't get to that ideal, we should at least insert a section or appendix that identifies the known problems that are being inherited. However, even if the inherited problems are ignored, the media type definition ones noted by Ned and the need for explanations that several of us have identified (including those in the notes above) will result in very significant changes to this document, changes significant enough that the IESG should return it to DISPATCH and initiate another Last Call when it is actually ready. john
- [dispatch] Murray Kucherawy's No Objection on dra… Murray Kucherawy via Datatracker
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… Murray S. Kucherawy
- Re: [dispatch] Murray Kucherawy's No Objection on… John C Klensin
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… Murray S. Kucherawy
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… Murray S. Kucherawy
- Re: [dispatch] Murray Kucherawy's No Objection on… ned+dispatch
- Re: [dispatch] Murray Kucherawy's No Objection on… John C Klensin
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… Mathias Bynens
- Re: [dispatch] Murray Kucherawy's No Objection on… John C Klensin