Re: [Extra] Adam Roach's Yes on draft-ietf-extra-imap-objectid-07: (with COMMENT)
Bron Gondwana <brong@fastmailteam.com> Thu, 02 August 2018 12:55 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A0E8130E52; Thu, 2 Aug 2018 05:55:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=GBccqsIJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=q9ImEWm3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DWtW0vWAY1RY; Thu, 2 Aug 2018 05:55:02 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3032130E55; Thu, 2 Aug 2018 05:55:02 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id A58F1291; Thu, 2 Aug 2018 08:55:01 -0400 (EDT)
Received: from web2 ([10.202.2.212]) by compute6.internal (MEProxy); Thu, 02 Aug 2018 08:55:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=iB821w6fo7vBnta0xYzEK0B+atKV4 QopWQpdnxOoFwA=; b=GBccqsIJHEpL3ZdQv+BdHY5hKEQ3BGZ/seRPjSQiIKFKV sDgG4LnAIyDseuEVzGRXwTeu2x//mB4JBYspEtc9t0THrxslxvJc4PDeBNSf9N5O HdtNHox4PYk3ZphrSPGMaO8vqyP7E5XJ2BR20O+5V7HE4SWvNzIbFIkkmoPLlHGW 6A6yjjEhghbs7JriOliThIX0ilF7oxr8WQYjtKW0zvFX24q9BiAJ3QMQZcbnOM6c luP8N6abPd4jIqAV+RtM9tv2rH7nu50omjgNFU38tTlOLtS78XOU7U+iGwJ+SVEd hlzGQ8NjKCw5ebwDJeG3Ef9rl2Px/KKr5N3Qtlulg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=iB821w6fo7vBnta0xYzEK0B+atKV4 QopWQpdnxOoFwA=; b=q9ImEWm33DFXJ42LgW7k66eKA/h5KDAq4C6ywaBpDzt3k j5Wn2DrX/txSh9XhNG0xt9A96/MZ1oTyN54EXsOw1ECCBI0Og5YtJvSTLp3XUXIz C5Tjh+elcPmvzr6kvBPuOlnWmewgreiwbL160Wd4pqtmZs9mgiwxlgqdFIcPtomT JW16EXluPRgyGplYgBCkukKwB60B3ZZDFFXV9xehcbgJnb5vERV2JamOPo4FLPhZ XP1jrARk9r8aYLhyBEpbAwe4/2DWTheEXnStUw0RyqGS56NjgF+gJ6WthkRl9oB5 407HDF829is6+gXwsYFMg4ER+3isLerhyWK0uuvnQ==
X-ME-Proxy: <xmx:JP9iWwPBBLyWw1zuzQFAlhjk_qGxDr6R5_k48nJ8JMiCsmog9W_Gug> <xmx:JP9iW4IzVhmScAECnW8mP96zC0N5tDr59ja1w4-0Yp-A0_cQiK96Gw> <xmx:JP9iW3ukjVgInLJPDzdf0S6zLZrNTgQUDXj9mAgucPm8Ti-INTJTIQ> <xmx:JP9iWyEOxb0tnyffrCj7cFO50Y8G5wXxCFMFqC7fDSKe9ej16H5XPA> <xmx:JP9iW-MRaqjg5qlRl-msyD9ATz2r82OZqf0b_pKbUR2Si9jo9jCDXg> <xmx:Jf9iWwCmHrdJveWs1vJf51QJPyZ5ebMop9OLRm1zfdvRCUUYTyCMpA>
X-ME-Sender: <xms:JP9iWx7VQop-IWhca_dtLbreje0gQdikLVUyXllUNY7tpyvGUBX70g>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 5B7C5621BF; Thu, 2 Aug 2018 08:55:00 -0400 (EDT)
Message-Id: <1533214500.3848794.1461144040.2D1CFB21@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>
Cc: extra@ietf.org, yaojk@cnnic.cn, draft-ietf-extra-imap-objectid@ietf.org, extra-chairs@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_153321450038487940"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-2be8cd1b
Date: Thu, 02 Aug 2018 22:55:00 +1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/HhJtcHreEymBRigSuGRGr3Fegv0>
Subject: Re: [Extra] Adam Roach's Yes on draft-ietf-extra-imap-objectid-07: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 12:55:06 -0000
On Wed, Aug 1, 2018, at 10:34, Adam Roach wrote: > Adam Roach has entered the following ballot position for > draft-ietf-extra-imap-objectid-07: Yes Thanks for your detailed feedback! Responses below. I'm updating my source file for v-08. > When responding, please keep the subject line intact and reply to all> email addresses included in the To and CC lines. (Feel free to > cut this> introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html> for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-extra-imap-objectid/ > > > > ----------------------------------------------------------------------> COMMENT: > ----------------------------------------------------------------------> > Thanks for the work that went into defining this mechanism -- it > seems like a> very useful optimization. I have a few minor comments. > > ------------------------------------------------------------------- > --------> > §7: > >> resp-text-code =/ "MAILBOXID" SP "(" objectid ")" >> ; incorporated before the expansion rule of >> ; atom [SP 1*<any TEXT-CHAR except "]">] >> ; that appears in [@!RFC3501] > > The "<" and ">" in the preceding text should be replaced with literal> less-than and greater-than symbols. Hmm, yes - this is roundtripping the markdown just fine now. Removed. > ------------------------------------------------------------------- > --------> > §8.1: > >> An objectid is a string of 1 to 255 characters from the following set>> of 64 codepoints. a-z, A-Z, 0-9, '_', '-'. > > It would probably be helpful for implementors if this section > indicated that> these are the same characters used by the "base64url" encoding > defined in RFC> 4648. Doing so will let implementors know that they can use existing > implementations of base64url to convert the output of a hash > function into a> syntactically valid objectid. Thanks, I have added an informative reference to RFC4648 in the objectid definition. > ------------------------------------------------------------------- > --------> > §11: > >> The use of a digest for ID generation may be used as proof that a >> particular sequence of bytes was seen by the server, however this is>> only a risk if IDs are leaked to clients who don't have permission to>> fetch the data directly. Servers that are expected to handle highly>> sensitive data should consider using a ID generation mechanism which>> doesn't derive from a digest. > > Couldn't this be addressed with a per-user salt value rather than a > non-digest> identifier? I've just changed it to "Servers that are expected to handle highly sensitive data should consider this when choosing how to create IDs." Here's a risk, consider if it applies to you. Done. Cheers, Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [Extra] Adam Roach's Yes on draft-ietf-extra-imap… Adam Roach
- Re: [Extra] Adam Roach's Yes on draft-ietf-extra-… Bron Gondwana