[httpapi] Re: Genart last call review of draft-ietf-httpapi-deprecation-header-06
Robert Sparks <rjsparks@nostrum.com> Thu, 12 September 2024 20:25 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50681C14F68D; Thu, 12 Sep 2024 13:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.514
X-Spam-Level:
X-Spam-Status: No, score=0.514 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_DISCARD=1.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgQMbW6mW4-m; Thu, 12 Sep 2024 13:25:28 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A466DC14F5E8; Thu, 12 Sep 2024 13:25:28 -0700 (PDT)
Received: from [192.168.1.102] ([47.186.48.51]) (authenticated bits=0) by nostrum.com (8.18.1/8.18.1) with ESMTPSA id 48CKPNGU075918 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 12 Sep 2024 15:25:24 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1726172724; bh=eeoII6pMfk0ABnHFMSCrRC0Zp/IKUEy2v8FjMXfhHMo=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=NoaXgCZsRImYgBGO2C0hJKi2Oq/GAtgKFJWkPbGdryvTmo3F33h0kqhT7vcMJmURp IUaweDqMfbEcvju7Bw3Bjs0IefdFVNqSGuotdOeZS+Fi9g/qEECmloGLGClUEKgIJV /5W9FrNUYXZ4dB78i68xQRCkNMQa5nGP+iwxdjeo=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.48.51] claimed to be [192.168.1.102]
Content-Type: multipart/alternative; boundary="------------oYzVbcyQfzrcBQzICPm70utF"
Message-ID: <27047c8f-f7f9-41ed-b8f7-9d99b986a4cd@nostrum.com>
Date: Thu, 12 Sep 2024 15:25:18 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Sanjay Dalal <sanjay.dalal@cal.berkeley.edu>
References: <172495211361.123124.2723878160072081658@dt-datatracker-68b7b78cf9-q8rsp> <CAC5fHGO9t+whubwF_dRsstp-nmMtVQsm2PvBKuQghNfG8MHd7A@mail.gmail.com> <09852143-a770-42a0-b25a-63887661f261@nostrum.com> <CAC5fHGP+xxcp2+OUVwEwdz=iwdJaqyyXmtLPZaZzFmcp5=4HMw@mail.gmail.com>
Content-Language: en-US
From: Robert Sparks <rjsparks@nostrum.com>
Autocrypt: addr=rjsparks@nostrum.com; keydata= xsDNBFx4PQwBDADIIJqFKIeYNmVR3iH8YnNqwApV+ci83VqFaPg0UXZAZ1utH/2O2LOLJKmV Ol11+lOSfH4OJgpARt37PWbqfG2TzzGfEucRBPMAV8TEDmzKL+7/OUMLEoPeexgxz6ADxK2Q ACKKzHhF30y4fx2fn9rYZrCvYHV9HDKcfFotNLna0U6P6wu70L0mT2hcjQgZ7+8HSZCpK2XG PTya1mEiMklH6+UHfcTLoAxd3chQiseRi19/TQZZCD3LuuaGFWyTIeF9ZNWV9yL0HQeb/XMs tmZnObSSHSUbZwn5PR9Uf+3iW7jdG5JuXBvNbDpAHfLyPXRqxErM/nCLrbwGB6AgNSKFCwkL lb3uxsGFWcOt6sedrjixoVUO2k4zQWVnCUCwFHGrgIxUK24dI8oqydGPctXAKj5VqoCVJBv6 4JxSpiR+V8fl3A8gksBUnuIMLNlRjB5RAgZaSUpaOkXsWUBA8Z75wQWoIzkJIeMm29w2l1kB B9kGMdyiXGr2JV8VQZ4lAscAEQEAAc0kUm9iZXJ0IFNwYXJrcyA8cmpzcGFya3NAbm9zdHJ1 bS5jb20+wsEUBBMBCAA+FiEEGNywdGDCHUYBwWN3bipqV3X5ExgFAmXhDnYCGwMFCQ0rmNQF CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQbipqV3X5ExiEpwwAknrYjNHDI2l50IC1lpQB SnmCLvuu4pEESpRaBx1Te7vZBHr740dMbKQv/ZYYekw/NfFfoq2Ptguz5BXHwtyx3hKKjBUA U/rP62bl+x77yTJ0+I5k2hJ1p1DWNqXHWK3SEM0IUvjWpMGlfXPu7iVYCBGPKBDglQ4GWpzU HmSAX/8Zww6+ZbrXM0VgA+hLSHivyHextX4mJwoLRcuY99ecvkdWwFnKoDlEsKozdv9NW+QT h1rFvAtXf2ZCGwIveAMJPbHbRY3uFVp+oMvBbP7m5teffB8Ki5kuO1Y1Wqd9UPhiVDZmUuyC PXymQErskbOB6DcNSSFH7ZHuLM4V+zyziYWTT6foBv0ynA+a3Ofxo+rKPVHLybZlO9bQcI0Q TIE8yT0oqd3kWMaMIyrKZURVUpzcDgRnx6ujckLLyAC1H8L0tuntPwZOo5PAq3P7SUiWlc0L 5HbA0L//BE6eeWn6U3xOgaJNF2+YRVICNtWpXcR3Mr4k1uXW4JkE7lyoufbnzsDNBFx4PQwB DAC03e1kk41e9Z9FuVW8UKWIkVUBeH3gfJMsb94d/c0cqBMRw5rulSY7+U76rw4AXo792LZn ydjDfoL0GQxGqkrZh397Sn9P/sLCb5I+wC14251nkmh5tmU2sQqCk+g9nykcE/NJft/zFkeb HHCKAosK6glO+W0YPHc/k7nXt/fLz7dMRpFpmqFXWjeN2VtwKr9znMg9+iX6XfgAJPMdDNH8 fn30Cp5TIsn5WCI70+JztgvfjFhD15Eb3rtDdOfOydjGCV2ZVxfM8ECmc8Z3DrThyiC2M3uo 2Y50rs6MH+TmVCtpHkISnH7B+80Vy2SC60K9l2xgCaezN1SlkQy3ZpprzcDrNTI8FcJa/UUM ayMGvSDGEGuHZRaNUyXP3jQ8oss+067axmNr5vgjpf01kmE1RJtiGEDWmCr8u1SbVQjdax6C pDqq3RKoX2ZVGLtkdDYZbsqSq4TgmFukoijWRbLxsFBdeEgruTViWRw4PKZav0piLxrhHUGI m6F6JFngapUAEQEAAcLA/AQYAQgAJhYhBBjcsHRgwh1GAcFjd24qald1+RMYBQJl4Q52AhsM BQkNK5jUAAoJEG4qald1+RMYaCML/jp+3W9OedMRVk5XQ3Urxu7g09qaeAfBAArLlE7F13Xt WuGUN7JwZ8hZt8Rsx1+Uz/Zq2TIPjl8PmgIqCSkuvZrxacr+drYARtO00Af71qHVoh4gZTae iOwEuOGhhtCVI3vvKLMDv1ex0scvD4rJTsIk/zqEDCJNDVOf09Szj0CW0vJOYxrIV0sG/UoM 7Ui5/eB4tlN5AFIXuTJzo6BzaUAJVut74Ss2i93qwtwjGw44iEqPVhqKMCDYuB9+bm13ft+H Vr7viRZobd+60NTWrfZhkpmzhb4Qiib9qXhrUoa2EXqVOIy+LMQoiwjF9/iK+5FSA18c52FP ODkDgkica826W9AnBasS6gXQr0bO1BCJu84Fp2RQcjB4IFP+sKVoN3EZTByyUKK4NnSLF3lJ /G+vQhisnuJS+e+emZ8UxZBOK8upAhrhHJj0Wju2W0uTQTxlBME0/uNsvA/KaudLNhlQiUYN 7Fl3rswvQk/iD+utnQdWJbRgIsqesNXbQCOimQ==
In-Reply-To: <CAC5fHGP+xxcp2+OUVwEwdz=iwdJaqyyXmtLPZaZzFmcp5=4HMw@mail.gmail.com>
Message-ID-Hash: MCT7LV24K72WRBPTLRCVE2KOBBH675FG
X-Message-ID-Hash: MCT7LV24K72WRBPTLRCVE2KOBBH675FG
X-MailFrom: rjsparks@nostrum.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: gen-art@ietf.org, draft-ietf-httpapi-deprecation-header.all@ietf.org, httpapi@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [httpapi] Re: Genart last call review of draft-ietf-httpapi-deprecation-header-06
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/w6T0uIFla_3V31jkkS4y23vGcqc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Owner: <mailto:httpapi-owner@ietf.org>
List-Post: <mailto:httpapi@ietf.org>
List-Subscribe: <mailto:httpapi-join@ietf.org>
List-Unsubscribe: <mailto:httpapi-leave@ietf.org>
Thanks - its going in the right direction I think. Please look again where you are saying applications will make an educated guess and if that's really _software_ maybe choose different words than "educated guess"? Software can't do that. RjS On 9/12/24 3:20 PM, Sanjay Dalal wrote: > Hello Robert, > > Thanks for clarifying. Take a look at > https://github.com/ietf-wg-httpapi/deprecation-header/commit/5d4a4f65175001cea293204c9e245388f1552d45. > I went ahead and re-looked where a human would be needed and added > "developer" over there. > > If you are ok now, I will mark this issue resolved. We will publish > the draft once we have addressed comments we may receive from other > reviewers. > > regards, > sanjay > > On Thu, Sep 12, 2024 at 9:34 AM Robert Sparks <rjsparks@nostrum.com> > wrote: > > Thanks Sanjay - > > I think there's still some tension to resolve on who has agency in > several places. With the description in section 6.2 in mind > (particularly at "intended for human consumption", please look > again at the places you've changed "client" to "client > application". You're still talking in places of having the > application do things an application can't do. Only the > application developers can do them. > > What does it mean for an application to make an educated guess? > > How does an application inspect (and make sense of) a home document? > > In both of those places, and others, you are talking about humans > doing things, not applications. > > RjS > > On 9/12/24 11:19 AM, Sanjay Dalal wrote: >> Hello Robert, >> >> Thanks for your review comments. We captured your review notes in >> https://github.com/ietf-wg-httpapi/deprecation-header/issues/35 >> and we have addressed those. Draft 08 published today >> https://datatracker.ietf.org/doc/draft-ietf-httpapi-deprecation-header/ >> incorporates all your comments per our understanding. Let me know >> if something is missed. >> >> regards, >> sanjay >> >> On Thu, Aug 29, 2024 at 10:21 AM Robert Sparks via Datatracker >> <noreply@ietf.org> wrote: >> >> Reviewer: Robert Sparks >> Review result: Almost Ready >> >> I am the assigned Gen-ART reviewer for this draft. The >> General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. >> >> Document: draft-ietf-httpapi-deprecation-header-06 >> Reviewer: Robert Sparks >> Review Date: 2024-08-29 >> IETF LC End Date: 2024-09-06 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary:Almost Ready for publication as a Proposed Standard >> (?) RFC >> >> Why is this standards track? The shepherd's writeup >> explanation of "that makes >> sense since it defines a new HTTP header field" seems at odds >> with RFC8594 >> being Informational. Should that have been standards track? >> >> Generally, the document would benefit from an editorial pass >> further clarifying >> when it is talking about an application or a developer. There >> are many points >> where it says application or client when it means developer. >> Some key >> instances: * Introduction: "informs applications about the >> risk" * Security >> considerations "Applications consuming the resource SHOULD >> check the referred >> resource documentation to verify authenticity and accuracy." >> * Security >> considerations "Therefore, applications consuming the >> resource SHOULD, if >> possible, consult the resource developer to discuss potential >> impact due to >> deprecation and plan for possible transition to a recommended >> resource(s)" >> >> There is a contradiction between section 5's "Deprecated >> resources SHOULD keep >> functioning as before" and the Security Consideration's >> "Deprecated resources >> MUST function (almost) as before," >> >> In both cases, "function as before" is not really what you >> mean. "function as >> they would have without sending the deprecation header" is >> closer. As written, >> (particularly if the MUST above is what you intend), this >> puts an unverifiable >> requirement on the resource. I suggest changing the language >> similar to what I >> suggested you mean. Or, better, step back and reformulate >> this as a simple >> statement that the presence of a Deprecation header is not >> meant to signal a >> change in the meaning or function of a resource in the >> context of this >> response, and avoid using 2119 keywords. >> >> I realize that Appendix A won't appear in the resulting RFC, >> but the drafts >> will still be in the archive. Calling an internet draft an >> implementation and >> an organization is just strange. Revising the draft to use a >> separate section >> (or just a sentence) to say >> draft-loffredo-regex-rdap-jcard-deprecation is a >> specification that says to use this mechanic would make more >> sense than listing >> it as an implementation. >> >> Since the WG felt using structured fields was important for >> this header, >> consider creating a Structured-Sunset header field. >> >> >>
- [httpapi] Genart last call review of draft-ietf-h… Robert Sparks via Datatracker
- [httpapi] Re: Genart last call review of draft-ie… Sanjay Dalal
- [httpapi] Re: Genart last call review of draft-ie… Robert Sparks
- [httpapi] Re: Genart last call review of draft-ie… Sanjay Dalal
- [httpapi] Re: Genart last call review of draft-ie… Robert Sparks
- [httpapi] Re: Genart last call review of draft-ie… Sanjay Dalal
- [httpapi] Re: Genart last call review of draft-ie… Robert Sparks