[httpapi] Re: Genart last call review of draft-ietf-httpapi-deprecation-header-06

Robert Sparks <rjsparks@nostrum.com> Thu, 12 September 2024 16:34 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB832C151548; Thu, 12 Sep 2024 09:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.514
X-Spam-Level:
X-Spam-Status: No, score=0.514 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_DISCARD=1.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6TQl6Y7P_arm; Thu, 12 Sep 2024 09:34:01 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45F6BC151540; Thu, 12 Sep 2024 09:34:01 -0700 (PDT)
Received: from [192.168.1.102] ([47.186.48.51]) (authenticated bits=0) by nostrum.com (8.18.1/8.18.1) with ESMTPSA id 48CGXvgB046343 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 12 Sep 2024 11:33:57 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1726158838; bh=Nzy1DRwHd+2YB+2VKfj/VVcrcZvakRW8xtloY382TxQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=VONTiQtlobFp8nuUUsdp0KDaqcu/11Lk8QzRhDUViYj8WNj7LHdkkzTdImSVron8P tcyZEzclJvkuMgZug7vh+efr8ORANxBDUniUR/wlQwQgIPuW7NRuQmgnBKF5rWCh3M 97R5Lo2QeGd58OSY6GMxt81EZb5pi5DvLx2QZY9s=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.48.51] claimed to be [192.168.1.102]
Content-Type: multipart/alternative; boundary="------------lLvlKjtmnjvroGIUodSRaADm"
Message-ID: <09852143-a770-42a0-b25a-63887661f261@nostrum.com>
Date: Thu, 12 Sep 2024 11:33:51 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Sanjay Dalal <sanjay.dalal@cal.berkeley.edu>
References: <172495211361.123124.2723878160072081658@dt-datatracker-68b7b78cf9-q8rsp> <CAC5fHGO9t+whubwF_dRsstp-nmMtVQsm2PvBKuQghNfG8MHd7A@mail.gmail.com>
Content-Language: en-US
From: Robert Sparks <rjsparks@nostrum.com>
Autocrypt: addr=rjsparks@nostrum.com; keydata= xsDNBFx4PQwBDADIIJqFKIeYNmVR3iH8YnNqwApV+ci83VqFaPg0UXZAZ1utH/2O2LOLJKmV Ol11+lOSfH4OJgpARt37PWbqfG2TzzGfEucRBPMAV8TEDmzKL+7/OUMLEoPeexgxz6ADxK2Q ACKKzHhF30y4fx2fn9rYZrCvYHV9HDKcfFotNLna0U6P6wu70L0mT2hcjQgZ7+8HSZCpK2XG PTya1mEiMklH6+UHfcTLoAxd3chQiseRi19/TQZZCD3LuuaGFWyTIeF9ZNWV9yL0HQeb/XMs tmZnObSSHSUbZwn5PR9Uf+3iW7jdG5JuXBvNbDpAHfLyPXRqxErM/nCLrbwGB6AgNSKFCwkL lb3uxsGFWcOt6sedrjixoVUO2k4zQWVnCUCwFHGrgIxUK24dI8oqydGPctXAKj5VqoCVJBv6 4JxSpiR+V8fl3A8gksBUnuIMLNlRjB5RAgZaSUpaOkXsWUBA8Z75wQWoIzkJIeMm29w2l1kB B9kGMdyiXGr2JV8VQZ4lAscAEQEAAc0kUm9iZXJ0IFNwYXJrcyA8cmpzcGFya3NAbm9zdHJ1 bS5jb20+wsEUBBMBCAA+FiEEGNywdGDCHUYBwWN3bipqV3X5ExgFAmXhDnYCGwMFCQ0rmNQF CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQbipqV3X5ExiEpwwAknrYjNHDI2l50IC1lpQB SnmCLvuu4pEESpRaBx1Te7vZBHr740dMbKQv/ZYYekw/NfFfoq2Ptguz5BXHwtyx3hKKjBUA U/rP62bl+x77yTJ0+I5k2hJ1p1DWNqXHWK3SEM0IUvjWpMGlfXPu7iVYCBGPKBDglQ4GWpzU HmSAX/8Zww6+ZbrXM0VgA+hLSHivyHextX4mJwoLRcuY99ecvkdWwFnKoDlEsKozdv9NW+QT h1rFvAtXf2ZCGwIveAMJPbHbRY3uFVp+oMvBbP7m5teffB8Ki5kuO1Y1Wqd9UPhiVDZmUuyC PXymQErskbOB6DcNSSFH7ZHuLM4V+zyziYWTT6foBv0ynA+a3Ofxo+rKPVHLybZlO9bQcI0Q TIE8yT0oqd3kWMaMIyrKZURVUpzcDgRnx6ujckLLyAC1H8L0tuntPwZOo5PAq3P7SUiWlc0L 5HbA0L//BE6eeWn6U3xOgaJNF2+YRVICNtWpXcR3Mr4k1uXW4JkE7lyoufbnzsDNBFx4PQwB DAC03e1kk41e9Z9FuVW8UKWIkVUBeH3gfJMsb94d/c0cqBMRw5rulSY7+U76rw4AXo792LZn ydjDfoL0GQxGqkrZh397Sn9P/sLCb5I+wC14251nkmh5tmU2sQqCk+g9nykcE/NJft/zFkeb HHCKAosK6glO+W0YPHc/k7nXt/fLz7dMRpFpmqFXWjeN2VtwKr9znMg9+iX6XfgAJPMdDNH8 fn30Cp5TIsn5WCI70+JztgvfjFhD15Eb3rtDdOfOydjGCV2ZVxfM8ECmc8Z3DrThyiC2M3uo 2Y50rs6MH+TmVCtpHkISnH7B+80Vy2SC60K9l2xgCaezN1SlkQy3ZpprzcDrNTI8FcJa/UUM ayMGvSDGEGuHZRaNUyXP3jQ8oss+067axmNr5vgjpf01kmE1RJtiGEDWmCr8u1SbVQjdax6C pDqq3RKoX2ZVGLtkdDYZbsqSq4TgmFukoijWRbLxsFBdeEgruTViWRw4PKZav0piLxrhHUGI m6F6JFngapUAEQEAAcLA/AQYAQgAJhYhBBjcsHRgwh1GAcFjd24qald1+RMYBQJl4Q52AhsM BQkNK5jUAAoJEG4qald1+RMYaCML/jp+3W9OedMRVk5XQ3Urxu7g09qaeAfBAArLlE7F13Xt WuGUN7JwZ8hZt8Rsx1+Uz/Zq2TIPjl8PmgIqCSkuvZrxacr+drYARtO00Af71qHVoh4gZTae iOwEuOGhhtCVI3vvKLMDv1ex0scvD4rJTsIk/zqEDCJNDVOf09Szj0CW0vJOYxrIV0sG/UoM 7Ui5/eB4tlN5AFIXuTJzo6BzaUAJVut74Ss2i93qwtwjGw44iEqPVhqKMCDYuB9+bm13ft+H Vr7viRZobd+60NTWrfZhkpmzhb4Qiib9qXhrUoa2EXqVOIy+LMQoiwjF9/iK+5FSA18c52FP ODkDgkica826W9AnBasS6gXQr0bO1BCJu84Fp2RQcjB4IFP+sKVoN3EZTByyUKK4NnSLF3lJ /G+vQhisnuJS+e+emZ8UxZBOK8upAhrhHJj0Wju2W0uTQTxlBME0/uNsvA/KaudLNhlQiUYN 7Fl3rswvQk/iD+utnQdWJbRgIsqesNXbQCOimQ==
In-Reply-To: <CAC5fHGO9t+whubwF_dRsstp-nmMtVQsm2PvBKuQghNfG8MHd7A@mail.gmail.com>
Message-ID-Hash: D4EQ52DDUPAIC3TWZFUA24GAC53PXWF3
X-Message-ID-Hash: D4EQ52DDUPAIC3TWZFUA24GAC53PXWF3
X-MailFrom: rjsparks@nostrum.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: gen-art@ietf.org, draft-ietf-httpapi-deprecation-header.all@ietf.org, httpapi@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [httpapi] Re: Genart last call review of draft-ietf-httpapi-deprecation-header-06
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/u2NTw0h1cMgjpK5O9QGS1Y6hwFU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Owner: <mailto:httpapi-owner@ietf.org>
List-Post: <mailto:httpapi@ietf.org>
List-Subscribe: <mailto:httpapi-join@ietf.org>
List-Unsubscribe: <mailto:httpapi-leave@ietf.org>

Thanks Sanjay -

I think there's still some tension to resolve on who has agency in 
several places. With the description in section 6.2 in mind 
(particularly at "intended for human consumption", please look again at 
the places you've changed "client" to "client application". You're still 
talking in places of having the application do things an application 
can't do. Only the application developers can do them.

What does it mean for an application to make an educated guess?

How does an application inspect (and make sense of) a home document?

In both of those places, and others, you are talking about humans doing 
things, not applications.

RjS

On 9/12/24 11:19 AM, Sanjay Dalal wrote:
> Hello Robert,
>
> Thanks for your review comments. We captured your review notes in 
> https://github.com/ietf-wg-httpapi/deprecation-header/issues/35 and we 
> have addressed those. Draft 08 published today 
> https://datatracker.ietf.org/doc/draft-ietf-httpapi-deprecation-header/ 
> incorporates all your comments per our understanding. Let me know if 
> something is missed.
>
> regards,
> sanjay
>
> On Thu, Aug 29, 2024 at 10:21 AM Robert Sparks via Datatracker 
> <noreply@ietf.org> wrote:
>
>     Reviewer: Robert Sparks
>     Review result: Almost Ready
>
>     I am the assigned Gen-ART reviewer for this draft. The General Area
>     Review Team (Gen-ART) reviews all IETF documents being processed
>     by the IESG for the IETF Chair.  Please treat these comments just
>     like any other last call comments.
>
>     For more information, please see the FAQ at
>
>     <https://wiki.ietf.org/en/group/gen/GenArtFAQ>.
>
>     Document: draft-ietf-httpapi-deprecation-header-06
>     Reviewer: Robert Sparks
>     Review Date: 2024-08-29
>     IETF LC End Date: 2024-09-06
>     IESG Telechat date: Not scheduled for a telechat
>
>     Summary:Almost Ready for publication as a Proposed Standard (?) RFC
>
>     Why is this standards track? The shepherd's writeup explanation of
>     "that makes
>     sense since it defines a new HTTP header field" seems at odds with
>     RFC8594
>     being Informational. Should that have been standards track?
>
>     Generally, the document would benefit from an editorial pass
>     further clarifying
>     when it is talking about an application or a developer. There are
>     many points
>     where it says application or client when it means developer. Some key
>     instances: * Introduction: "informs applications about the risk" *
>     Security
>     considerations "Applications consuming the resource SHOULD check
>     the referred
>     resource documentation to verify authenticity and accuracy." *
>     Security
>     considerations "Therefore, applications consuming the resource
>     SHOULD, if
>     possible, consult the resource developer to discuss potential
>     impact due to
>     deprecation and plan for possible transition to a recommended
>     resource(s)"
>
>     There is a contradiction between section 5's "Deprecated resources
>     SHOULD keep
>     functioning as before" and the Security Consideration's
>     "Deprecated resources
>     MUST function (almost) as before,"
>
>     In both cases, "function as before" is not really what you mean.
>     "function as
>     they would have without sending the deprecation header" is closer.
>     As written,
>     (particularly if the MUST above is what you intend), this puts an
>     unverifiable
>     requirement on the resource. I suggest changing the language
>     similar to what I
>     suggested you mean. Or, better, step back and reformulate this as
>     a simple
>     statement that the presence of a Deprecation header is not meant
>     to signal a
>     change in the meaning or function of a resource in the context of this
>     response, and avoid using 2119 keywords.
>
>     I realize that Appendix A won't appear in the resulting RFC, but
>     the drafts
>     will still be in the archive. Calling an internet draft an
>     implementation and
>     an organization is just strange. Revising the draft to use a
>     separate section
>     (or just a sentence) to say
>     draft-loffredo-regex-rdap-jcard-deprecation is a
>     specification that says to use this mechanic would make more sense
>     than listing
>     it as an implementation.
>
>     Since the WG felt using structured fields was important for this
>     header,
>     consider creating a Structured-Sunset header field.
>
>
>