Re: Digests: deprecating parameters?

Amos Jeffries <squid3@treenet.co.nz> Tue, 18 August 2020 12:45 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46E03A09A4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 18 Aug 2020 05:45:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.846
X-Spam-Level:
X-Spam-Status: No, score=-8.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.949, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3d6lZOm45Zn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 18 Aug 2020 05:45:20 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5E503A09A3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 18 Aug 2020 05:45:20 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1k80x9-0004fi-FX for ietf-http-wg-dist@listhub.w3.org; Tue, 18 Aug 2020 12:42:59 +0000
Resent-Date: Tue, 18 Aug 2020 12:42:59 +0000
Resent-Message-Id: <E1k80x9-0004fi-FX@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <squid3@treenet.co.nz>) id 1k80x6-0004ex-ID for ietf-http-wg@listhub.w3.org; Tue, 18 Aug 2020 12:42:56 +0000
Received: from [116.251.193.116] (helo=treenet.co.nz) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <squid3@treenet.co.nz>) id 1k80x4-0002XA-Ak for ietf-http-wg@w3.org; Tue, 18 Aug 2020 12:42:56 +0000
Received: from [192.168.20.251] (unknown [121.98.62.26]) by treenet.co.nz (Postfix) with ESMTPA id 2CBE1300278; Wed, 19 Aug 2020 00:42:25 +1200 (NZST)
To: Lucas Pardue <lucaspardue.24.7@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Cc: Roberto Polli <robipolli@gmail.com>
References: <CALGR9oYCU2b3wiTFV8uNO37opK0XMgq_=D0sTyZVw8kVuKG+4g@mail.gmail.com>
From: Amos Jeffries <squid3@treenet.co.nz>
Autocrypt: addr=squid3@treenet.co.nz; prefer-encrypt=mutual; keydata= mQINBFiOEzoBEADuuawHiMOqHBjL5Mk6IfPCgJmY3oqJDmykzve+vDh7jArtFnOG067ftaML ligGh3y6LOLh3r1kIZ254CPHuKFYssA1p9mXL9YJnZ1qHrQVhqZwDq7dH/UtBQ2IM1QukoTo 1VRTB3ppiPHKTSa2zZ/kgBs0d+1MOi8DY2SmIDYVhUJI55qSqpxlcs6MyG4KxlEPD35J3nL4 hIzLzuzIbZoUO6M+dLvnqiFu2+mm6o75nxYmq+JCPwN5biETkSvndqr56t/W0ajlU1MpFXfO YJ8PfutrIBUPsRJUqWQjGg6uXp4torC1q2XasfSKVIQ+8duw7MCrkAfRv5BtDtpesAAsScvY TwUaDYVioiNNK1uJQZlrpYY4I0EbHI4GHKq7Q4VmotcQ2BhigqRIdh7kD3corddhlLTvTs0G 5Pjk/T2ZoMFZI03g+ieuo1l8VhCGdlqSQd8d1Np9WWwS9899QSgucwEeG+OK2f1IxxD12HiC gNoSh9id9vTYLTZK+HM1FEu+iwTxfQ9F/kDN49IaPhfvjJTs86Ov4FBTtaNUN2pF0qXpQr3A RisxZt7t7MVls+570sNnaijYYkLZdZj+49QArJxallltX3sbc9AK5JxkT8XivRCeLTKOngZE zIZCBeZuyI8cCemhU0csl89ZcORbMsgFS28FyWH4+X6lA+R5HQARAQABtCJBbW9zIEplZmZy aWVzIDxhbW9zQHRyZWVuZXQuY28ubno+iQJOBBMBCAA4FiEEAimzwkzOwlQSfJUyANhjZ5Qg vdMFAliOEzoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQANhjZ5QgvdOKkhAAseag 7QTzRF20TDwc6QQpfYdUyuuMqyEV3AwATtJxF2Y+aF/hEHXU9XBCM8EMyiJR816haC+86Wci 0cXYj7pmR80psR9C6JoaNos89CrgsmMx9tZR5yJXrdTCnQajbZf3ozs7IDk41g4NvWg5GtHM 3MYriL0LUBXLT+YSZ9Qq2DmRZRatCjk6tiMYeHG/GtH6GZs3YExRO9Am16C1gTJRao9mJtCB DR+0NrRB2E7tKN8EZySAsZkDzbL+hL/LpdWkEZvlBsSxJebAN0x64w3FSztHGfZwLfLsxdva 6CfYs8kalHoTxRoRhpIKmTtGFJI4v9cR0+Ua5trMPgHG2QIOgXOKtOTgdYF5ksA98ZF+Odsu W7yCe9POqc4bnDbOXByxVuNMPwVSESk/GJwnxRB2vW4nywQKREJ2H6HeDO+KVhLE9nH5Alsp XpEgPpzYVeplhcKKi6H56bI0anIHvao7vEEXNP2pwRWSoMKEwGWGG7QvmemQ0YbsUqJSK563 SwNe5cVUg/Cqb08m7D9ybAm+hwgtvzU7OGsLyIHuyVxnGkB5A1GV1lizUmsFauBxyw8Yx6Gm wfmsiwEVYV/lidg+ubnsxqN7Kuvg9gYRvv+Yg1wl1QFRgeOFjbU8hj/AaNAP9SppHcA5joBe kakQx18Y6LIKKvdoepDg3mFXrOouo8i5Ag0EWI4TOgEQAMmEISQmHDde0q2YfyeA8MKejHlt 5vCldKYwtaN5ii077vJaNrQk9Q8Iym6ro0plAdtLDTzyQCATWUctF6B0VowB4/LqF40U4g+u NAj7fzC/mVvSIG42diN0pJYkcfd9ghVcF7H5CeYe2zL3TlqilqQA6Xmt6i7NmYUMO939jw7V ZszMHlqvDTUzcimKrTVB7oS3+r5v1GGT3q+utrxka3WoQ3IHnidsylbTfF+dlRsvtKWxtg8k mTgu/oj1CmUE0DQh67kXsiC3nhjdUh+eZfDGmLuOGgVAWU/WNCS3oaVxVXW3rX/nUc+URkiO CuxyPjBy+A8Z+I8OXpIaC6FQY9sCFVo7yK4UxsK+eM93mWGIc5cGBL99vr+7YgZ3TBjYrazL O5Z8wyw765G1U3dPZB+egRMEY5CO64eb78f7vbRl8/INZWdkJxcotR4weGnvOxxDHyncS3BT Su6iiqmXSz0ZDpaOdCMNDHE6Kmt1qw2NbuGUHohqg2K8+1mWnXwevS0afydoG7EX0AuE1YEf kODsek8ceFj4U2c1jlOQbuO01pHa6Z9VYn5NOwXETlIytjDyBt15R7Tt1BQQg7wU482a5SSl wXYyzOx42a2CLvZM2tXnbIY4VZDu+V1ywXNMGOs8Am1LJzi74eEv2NTbvdFMmsGAkWNWn6KS 77eR+pe5ABEBAAGJAjYEGAEIACAWIQQCKbPCTM7CVBJ8lTIA2GNnlCC90wUCWI4TOgIbDAAK CRAA2GNnlCC90zeSD/9qEpJAtuEAXyCCymUEpzN6XgSWdcYra+NolIGCRzWd3SnxtBi+zWwh LFxm8AEhfqSMRh95T4XWKHScIsZZuG9xiap5whJ5xLJC/NlZidQqiPSJLog2+Yqt+PBVPrMp aG7Cmq64Y4ttvFwLZ8Wn23irJzr9JiWvsjprImsCZbuG/I1JWHUIn70oknzsTgpTPWDCfnCi GhCK7vgXak9QgBKhrzgADK3o6uCjmNllUdci9gFzUSy4/x9x73xrbzXS8/pO23fnbBwPa7VV 9IRtOb8HJJk8Y79A1ZnkVANBo1KmE+Ycw92IMcz2ev4VFw+pbqZ/swHqa3y3L5cT7Keqgc67 wiahSZRc5zM0jJWxN//lpgcdnDRI1OSLCrMMI69yc2QMzUZu87BtEJzm0DBy2pIKEni9dSCw wMITUsU21Ny3RmaV7fmXYAyp9pcaQQWGOb2CIvU7k60eLWgfNTo5SGI56WYC+ndod7vPU+sw JVbKrQKqfwO5JbdY9YPbo++Z6kfrnbkmm3wkJ4W8dOcrkLYbmOk7sColcQhVbmGy74Ggzl75 R22Q7+Uhjj9iq0Kv3CGQ3rKVdXOfAo5OekdaMDx9t9HoirGiokcyCPTy7wAyvQ75lbrygxCm e05XBfLZHrMp+SdM8ONsdgIe7U0bI85zYegceSagzCtBdB8HQ10TFg==
Message-ID: <c71669f6-bb90-1952-7ca4-2db42a64fe55@treenet.co.nz>
Date: Wed, 19 Aug 2020 00:37:21 +1200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <CALGR9oYCU2b3wiTFV8uNO37opK0XMgq_=D0sTyZVw8kVuKG+4g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=116.251.193.116; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-7.0
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, NICE_REPLY_A=-2.899, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1k80x4-0002XA-Ak 1f205b84abeb15900f22a1c77350ffb0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Digests: deprecating parameters?
Archived-At: <https://www.w3.org/mid/c71669f6-bb90-1952-7ca4-2db42a64fe55@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37931
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 18/08/20 9:49 pm, Lucas Pardue wrote:
> Hello folks,
> 
> We're wondering what the group might think about deprecating the Digest
> parameters. Please respond for or against the idea, either here or on
> the GitHub issue https://github.com/httpwg/http-extensions/issues/850
> 
> _Background_
> While updating the Digests spec we've found somewhat of a gap when it
> comes to "parameters". These are mentioned in RFC 3230:
> 
> |For some algorithms, one or more parameters may be supplied.
> digest-algorithm = token The BNF for "parameter" is as is used in RFC
> 2616 [4]. All digest- algorithm values are case-insensitive.|
> 
> It seems wrong to define parameters as part of the algorithm, so we
> started on a PR to fix things up.

I do not see any indication in RFC 3230 that the parameters have to be
defined with the algorithm. There could be a specification which defines
a parameter which is relevant to all algorithms but is optional. Eg a
"q=" or "charset=" parameters.

Such a parameter may be *sent* on some algorithms entries, but not on
others depending on the sender implementation.

So IMO, that particular line of argument against parameters is not a
valid one.


> But the discussion moved on to
> examples and real-world usage; as far as we can tell there are no
> canonical examples either in the specification or on the wild Internet.
> 
> Keeping this spec gap seems wrong, so one option we could consider is to
> simply deprecate "parameters". For use cases that might have a future
> need of such a thing, they could easily define a new algorithm that
> encodes their parameters in the digest-value (the encoded checksum) itself.
> 
> Please let us know what you think.

I think this would be a good time to refer to the structured headers
document as a syntax basis
<https://tools.ietf.org/html/draft-ietf-httpbis-header-structure>.

That documents the possible existence of parameters even when they are
not specifically defined by the header document (eg RFC 3230). Which
allows dropping the mention of them from RFC 3230 successor document
without formally deprecating or requiring any implementation changes.


Amos