[httpapi] Re: AD Review of draft-ietf-httpapi-api-catalog-03

"Salz, Rich" <rsalz@akamai.com> Wed, 16 October 2024 13:35 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C849EC1519A0 for <httpapi@ietfa.amsl.com>; Wed, 16 Oct 2024 06:35:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.251
X-Spam-Level:
X-Spam-Status: No, score=-2.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b105Uo8UboNG for <httpapi@ietfa.amsl.com>; Wed, 16 Oct 2024 06:35:53 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) by ietfa.amsl.com (Postfix) with ESMTP id 21C3EC1DA1EB for <httpapi@ietf.org>; Wed, 16 Oct 2024 06:35:53 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49G8j3pK031745; Wed, 16 Oct 2024 14:35:44 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=+hg9xoPL8ZUGm4glVNXh7b hEbS8NLseRxh62j67mPg0=; b=EqajHrSsmGQyJC13d2cKIE+3bWmTv+5x+2k2Gq 10wRQccb38RYmcyVaOBjAovB0zTfR4v7G/OnpxTz2H3Bm0X6b90IhbpidHHXHsEu FddC3OxmnmMwqjtGYRzP2yfEIzcU2+4G0tVh5NB7Up/XhF3HFxFZA7xxM2D7KLw7 aHF3W44HAooGd3NS68nhAJ6Og+Q0Y08dlPxQx2kH/AoGaZCu70nSUVcQBtCTdX0f hFu8xIhp1WrIxXnyG/2YrZn3FK34/JHQ6DwcoPFTZkYYYzkBC76wESRj2Y9Sra6c WBzLRGmARDrxzOEe+81acXsRcFuYtRtuNaidbUApiPIbihKg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 427e08j4bj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Oct 2024 14:35:43 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 49G7taLI013406; Wed, 16 Oct 2024 09:35:43 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint1.akamai.com (PPS) with ESMTPS id 427mevq9hg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Oct 2024 09:35:43 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Wed, 16 Oct 2024 06:35:41 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1544.011; Wed, 16 Oct 2024 06:35:41 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Ben Bucksch <ben.bucksch@beonex.com>, "httpapi@ietf.org" <httpapi@ietf.org>
Thread-Topic: [httpapi] Re: AD Review of draft-ietf-httpapi-api-catalog-03
Thread-Index: Adsfv6KO5fambpDrSFq4RaxDA7nNcgAP8MUA///UFAA=
Date: Wed, 16 Oct 2024 13:35:41 +0000
Message-ID: <5BED0B02-0E1B-4239-8B84-DD49D2BF9107@akamai.com>
References: <VI1PR05MB6591D8120B06AA25E42CF32891462@VI1PR05MB6591.eurprd05.prod.outlook.com> <b1867af3-6623-4810-ac30-d6a0c65b8fc7@beonex.com>
In-Reply-To: <b1867af3-6623-4810-ac30-d6a0c65b8fc7@beonex.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.89.24091630
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_5BED0B020E1B42398B84DD49D2BF9107akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-16_11,2024-10-15_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=482 mlxscore=0 bulkscore=0 malwarescore=0 suspectscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2409260000 definitions=main-2410160084
X-Proofpoint-GUID: x6xB2yC-umEEBYC3ZsolripUlvv1QF2c
X-Proofpoint-ORIG-GUID: x6xB2yC-umEEBYC3ZsolripUlvv1QF2c
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 phishscore=0 bulkscore=0 impostorscore=0 spamscore=0 clxscore=1011 mlxlogscore=310 mlxscore=0 adultscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410160084
Message-ID-Hash: YZOWQCPOG7ODWQMGWDIBWRUO2ROEV7ZH
X-Message-ID-Hash: YZOWQCPOG7ODWQMGWDIBWRUO2ROEV7ZH
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [httpapi] Re: AD Review of draft-ietf-httpapi-api-catalog-03
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/kLh6z0C6rK6Mp-r4foMBbr_JpMU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Owner: <mailto:httpapi-owner@ietf.org>
List-Post: <mailto:httpapi@ietf.org>
List-Subscribe: <mailto:httpapi-join@ietf.org>
List-Unsubscribe: <mailto:httpapi-leave@ietf.org>

Speaking as a Chair, trying to bring in some other experience.

In the security world, at least, we have the concept of “mandatory to implement” (MTI). It’s typically one, sometimes two, algorithms that must be implemented by every implementation of an RFC. This allows clients and servers to spring up and interoperate without prior out-of-band communication.  (In-band it’s typically called negotiation, and while a real-time communication protocol like TLS support it, a static data format like cryptographically-encoded messages (CMS) can’t: the best they can do is unambiguously identify what they are using.)

HTTP is not unlike TLS, in that content negotiation allows choices to be made. But without an MTI to fall back on, the transaction could still fail because they don’t have a common message format (or algorithm).

This might be something the WG wants to keep in mind while discussing this. Recall the people who asked for an MTI – among others, Mark N and our AD – and see if we really want to not agree with their suggestions.