IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-toomim-httpbis-versions-00.txt

Josh Cohen <joshco@gmail.com> Sat, 19 October 2024 00:05 UTC

Received: by ietfa.amsl.com (Postfix) id F014FC1E8DD9; Fri, 18 Oct 2024 17:05:21 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF3F8C1E8DD8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Oct 2024 17:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.855
X-Spam-Level:
X-Spam-Status: No, score=-2.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="BhvgVOyc"; dkim=pass (2048-bit key) header.d=w3.org header.b="LPfX8FVe"; dkim=pass (2048-bit key) header.d=gmail.com header.b="B61RdlPm"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDQ-CDOWeKgW for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Oct 2024 17:05:18 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11317C1E8DC1 for <httpbisa-archive-bis2Juki@ietf.org>; Fri, 18 Oct 2024 17:05:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=oeNEHHpdY2gSPXXcdARqGWoUlumyI9c47NevEwcLVYo=; b=BhvgVOyc3rzsXfg2cptR2N75aW tUI2Vmnr2EvErg97F3axu5cG9V2GEhZpQMy2WWyWORnsmcZdR8AIbsyT9FkLnoprH2PH9BA6R6ioj lsPraIgpvDEgovZoTJUOtgyU6Rfm+znvocp+xuDFEpwDQF1xNyA2tVd8ddDVtIM4GZewAaJyDKyOq uRU5LK8d2/HMzoDRSmwK5ZVrAcazJ39jGncn2Sts3lbJ0aIu8griW87T3eEeLlVLhORRdtNX6dRFa bJO0ohik9ztok5vVbKLovH8U5ufdAzl+qQuObgPh/fC8UcNqR6JaeRjYsVVO+RnfAz2MntQon1TCl DTzWemHA==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1t1wxK-001Nm5-1k for ietf-http-wg-dist@listhub.w3.org; Sat, 19 Oct 2024 00:04:30 +0000
Resent-Date: Sat, 19 Oct 2024 00:04:30 +0000
Resent-Message-Id: <E1t1wxK-001Nm5-1k@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <joshco@gmail.com>) id 1t1wxI-001Nl2-23 for ietf-http-wg@listhub.w3.internal; Sat, 19 Oct 2024 00:04:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=oeNEHHpdY2gSPXXcdARqGWoUlumyI9c47NevEwcLVYo=; t=1729296268; x=1730160268; b=LPfX8FVeZnQZK0GdH/7/UO/TbSmNw4aoQ1UUxjHUjyezq9ugg56+6zpEc33L78rPa77/e+oNzHb VE3ZiW9gd0k2I8BjgnTZhg2SyibatTzqsP9L5MIzwy721DlWALMSYJneC9lO1C6CzqXX1VXsFu7wI 98sfaU8lt052rEHR7nsOCjTYez1dWellvqpHYKIzpboRZwuTzoUOVUnPvy9fh0o5hNJYsFe+SMa8k RSLLXjD44pFDQ2jkooDeqjiCqiFQNmpJRZpSajkZ9xxS3nYiWbJAl0J8n+VNoXwllozP1HqiXQxHh xhummQmaz5m3VjSbmNzjDh8anqpst1ILVOuw==;
Received-SPF: pass (pan.w3.org: domain of gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) client-ip=2607:f8b0:4864:20::232; envelope-from=joshco@gmail.com; helo=mail-oi1-x232.google.com;
Received: from mail-oi1-x232.google.com ([2607:f8b0:4864:20::232]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <joshco@gmail.com>) id 1t1wxH-00A6cI-2Y for ietf-http-wg@w3.org; Sat, 19 Oct 2024 00:04:28 +0000
Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-3e5ff94b4b1so38381b6e.2 for <ietf-http-wg@w3.org>; Fri, 18 Oct 2024 17:04:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729296264; x=1729901064; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oeNEHHpdY2gSPXXcdARqGWoUlumyI9c47NevEwcLVYo=; b=B61RdlPmMvzLgSErS0Zvrv/LAF404kOYSARI5XZWauUx2WhRE25sRLIuUrBFQZaKaL dktMK3WwscP0Zm3c2Y0P3FUFYvTlv4nv83DuRTgisiLWzSMDglRIzyQsEKroKDd3AuX1 6H40evH7v1RZKw6jLaSABvxBVzhdtSJyYT65HSa7pRucZtSUKQEYM6q/MXsw9ruTACbZ i8TuueLSwT5gvJ2Pj6vlJtuq06vSYOKtkTfidcE2z+uQs+7aWBxx6gOityqHwKZbGRyZ DVOqNRTzQtvXZ+VyKkylxJU0vH+SIaA7iNj6E9epdOoJHdWZYDw+Fbmv4B8EZTzA01yd KL2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729296264; x=1729901064; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oeNEHHpdY2gSPXXcdARqGWoUlumyI9c47NevEwcLVYo=; b=D460bcLx6/X53BRDLjv/RIMTOj0a6sq+mmKYVC7XCklWmAENCavI+6fR/YrDa8k6xb PgqcQbqbxw2CfYAvibvCRYEbLOwm8qZDMmkrrjlvnQggikm1ylIbOkJYTeb/PlbG9bvs OD+LXr995JmKn3aRt5XzLe/32HkzJDOVW/ZvNnvMgwWG2fnSVW/8OMO13Ag0/F7feBIE jz+dEVd70MJ8buPVB8m0gCeSIMJY+TGXhBm4a0lj+QSyzeZvNon50vhRkd+ZCSztlAXA zUfzhrXU4d8e6OZrPhmyVSKRDWUJqJ6igGjzOHUqo19zXDRoEIbSqPoPtAPpHUNnP9tV m8EQ==
X-Forwarded-Encrypted: i=1; AJvYcCXTxzUazrY9/lKtnRmxsTZBjzbVTcomWRczAvOkXOf+VnXNQv4dI0ftMVqumS8Ko373E5l5Sd3ab2AnFvw=@w3.org
X-Gm-Message-State: AOJu0Yx1rRZeWXgsK4YEjcxS6RwwQJx3fNSy343/C61u4iwsUqCWtA+l Kh4Sirrnr2idUVGvzzSi1l4Iu146+3CjaBufynly4lmNkJfAPPsnu8eRQyvkdNJnGuWhz5sep11 IghkaSmSwE+V1p7UpkoNH8VQIcz0=
X-Google-Smtp-Source: AGHT+IHgNLQY+9yPnj1DUwpje3AlABtJOTKcHvTuUNbsrbtAmylw4qgha/KiTUfAARPARtXOYh3/jBX3P9TTnUA/3Iw=
X-Received: by 2002:a05:6870:304a:b0:288:4081:6569 with SMTP id 586e51a60fabf-2892c5afd1cmr920521fac.12.1729296263961; Fri, 18 Oct 2024 17:04:23 -0700 (PDT)
MIME-Version: 1.0
References: <172046173132.445281.15041630415895010148@dt-datatracker-5f88556585-j5r2h> <ff54cd4f-c30e-4447-8744-3297e53b74be@gmail.com> <2f2d41cd-94ca-48d3-8ee7-575bcf241f87@gmx.de> <CAF3KT4R=iaqZvJ8y_4jemPn1eGFbMPsGpnU8kAZe4yWetAf-XA@mail.gmail.com> <CAH212UOqi4Uj+s=wrwEPDf8wVefY9sN=oZhAewxfB5EFbkfO-Q@mail.gmail.com> <5521363a-2ba4-4213-9180-41ee2f428adb@gmail.com>
In-Reply-To: <5521363a-2ba4-4213-9180-41ee2f428adb@gmail.com>
From: Josh Cohen <joshco@gmail.com>
Date: Fri, 18 Oct 2024 20:04:12 -0400
Message-ID: <CAF3KT4QmqS8Zcdr_3=iH2ggSBOwJ=7ynyxwDFOXjO10wqqbCYQ@mail.gmail.com>
To: Michael Toomim <toomim@gmail.com>
Cc: Lisa Dusseault <lisa@dtinit.org>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="0000000000008663460624c92962"
X-W3C-Hub-DKIM-Status: validation passed: (address=joshco@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1t1wxH-00A6cI-2Y b57694407cd05461b8528fc3cef453d1
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: New Version Notification for draft-toomim-httpbis-versions-00.txt
Archived-At: <https://www.w3.org/mid/CAF3KT4QmqS8Zcdr_3=iH2ggSBOwJ=7ynyxwDFOXjO10wqqbCYQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52422
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Wonder Woman

On Fri, Oct 18, 2024 at 7:01 PM Michael Toomim <toomim@gmail.com> wrote:

> Lisa, this articulation of unanswered questions is *sooo* helpful. Thank
> you so very much!
>
> I am working on answers to these now. I look forward to getting to hear
> about the inchoate concerns in the next round!
>
> Thank you! Excellent work!
>
> Michael
> On 10/15/24 3:09 PM, Lisa Dusseault wrote:
>
> I am already on the list, and I love the work going on with braid and with
> HTTP subscriptions etc.  To be honest this is not my quest at the moment (I
> try to limit the number of possibly-impossible things I'm actively trying
> to make happen at one time), but I'm happy to help out those who have
> decided to pursue this quest.
>
> I support working on the Version and Parents proposal in particular, and I
> have hope that we can make it good.  At present, the draft needs a bunch of
> work to be made into an implementable, interoperable specification.  Right
> now it's enough detail to describe something and see if we agree to work
> together to figure out the real details -- but it does not yet have
> nearly enough detail for independent implementers to go off and implement
> and hope to interoperate.  Some of the things needed:
>
> 1. A section on how the Version and Parent headers are expected to work
> with intermediaries when used with GET, that answers
> *   What do we expect  versioning-unaware intermediaries of different
> kinds to do if they follow the HTTP standard properly;
> * what versioning-unaware intermediaries actually seem to be doing,
> * How to detect if a versioning-unaware intermediary has served a cached
> document that doesn't meet the semantics of the request with the Version
> header
> * Remedies - ways to ensure a versioning-unaware intermediary does not try
> to serve the requests or ways to re-request in a way the versioning-unaware
> intermediary does not continue to serve the wrong thing
> * Could there be versioning-aware intermediaries - could a caching
> intermediary legitimately cache HTTP resource versions and return them
> * Somewhat of the same work above, repeated, for how intermediaries are
> expected to behave with PUT and Parent header
>  * To be clear, I hope that we can live with SOME intermediary breakage.
> We just need to explain how much and what we've done to avoid.
>
> 3.  What are the exact format and semantic meaning of the version IDs.
> Can I have my server issue a version ID which is the question-mark
> character repeated 10000 times? or could the client reasonably assume that
> it is being fucked with?
> * How long can they be
> *  what characters are valid.
> * Are they sortable?  (Does sorting mean anything?) I ask because of the
> critique that "there is no way to order versions by ETag"
>
> 2. Section on the  Version and Parent headers themselves
> * what values are permissible.  How long must the server receiving them be
> able to handle, etc etc.
> * Are there any special values like "*" or "?"
> * How many Parent IDs is permissible on one resource in a 200 OK GET
> response?
> * How many Parent IDs is permissible on a PUT request?
>
> 4. What is the semantics of the Version header in all the HTTP Request and
> Response types in which it's expected to appear.  Which means Section 2.3
> will probably be significantly longer when the different options are broken
> out.
> * Are there request and response types in which it's inappropriate to put
> the Version and Parent header?
> * The meaning on POST is important to nail down. can the Parent header be
> sent on a POST with multipart/form-data ? What would that mean?
> * What if a client issues a GET with a version that doesn't
> exist, however, the server could handle the request if it had a legit
> version ID?  You say the server "can ignore" but that seems more for a
> server that isn't doing versioning on this resource. What about if it can
> tell that the version is wrong? Is returning the whole resource the helpful
> thing in this case?
> * Are there other reasons that GETting a version might fail? Can servers
> delete old versions? Can servers put different access control on different
> versions?
> * While a loose fail-back mode might be OK for GET, it's harmful for PUT.
> What errors should a server use if it can't apply the PUT or PATCH to the
> exact version or parents specified?
>
> 5. Discoverability.
> * How does the client discover if a server supports the Version and the
> Parent header?
> * Are servers going to be able to support some parts of this and not
> others?  E.g. would a server be compliant if it only supported linear
> versioning? And if so, how would it indicate that to the client -- that
> multiple Parent IDs on a PUT are not supported?
> * Would a server be compliant if it allowed small updates ("Add this
> sentence at this location on this version") but did not respond to GET
> requests of prior versions with the prior version?
> * Would a server be compliant if it allowed PATCH to update the versioned
> resource but not PUT? The other way around?
> * Is a versioning-unaware client able to send PUT requests and modify the
> resource?  does that modify the whole resources?  Is there a need for the
> client to tell the server "Don't worry I know what I'm doing" and that it
> understands Version and Parent concepts?
>
> I have more concrete questions I haven't written down yet, and I also have
> inchoate concerns ( things like resource URLs being tied to versions or not
> - can URLs vary and still share the same version history) , and I would
> like to see which use cases are definitely going to be supported and make
> sure the work solves those. But I have definitely listed too many questions
> already.
>
> It's like developing a server or service from scratch - your first version
> that works in a demo in friendly hands is great, and there's still 80% of
> the work remaining to handle edge cases and combinations of features and
> actual attacks. It's pretty daunting but the Braid work is a really good
> start.
>
> Lisa
>
> On Tue, Oct 15, 2024 at 1:55 PM Josh Cohen <joshco@gmail.com> wrote:
>
>> After Vancouver, I had a conversation with Lisa Dussealt, author of
>> RFC4918, HTTP Extensions for Web Distributed Authoring and Versioning
>> (WebDAV), and CalDAV, and asked if she might make herself available at
>> least as an advisor.
>> I'll leave it to Lisa to say Hi.
>> (Lisa will probably need to join the wg list)
>>
>> On Sat, Jul 27, 2024 at 4:35 AM Julian Reschke <julian.reschke@gmx.de>
>> wrote:
>>
>>> On 16.07.2024 03:26, Michael Toomim wrote:
>>> > Hi everyone in HTTP!
>>> >
>>> > Last fall we solicited feedback on the Braid State Synchronization
>>> > proposal [draft
>>> > <
>>> https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-braid-http-04>,
>>> slides <
>>> https://datatracker.ietf.org/meeting/118/materials/slides-118-httpbis-braid-http-add-synchronization-to-http-00>]
>>> which I'd summarize as:
>>> >
>>> >     "We're enthusiastic about the general work, but the proposal is too
>>> >     high-level. Break the spec up into multiple independent specs, and
>>> >     work bottom-up. Focus on concrete 'bits-on-the-wire'."
>>> >
>>> > So I'm breaking the spec up, and have drafted up the first chunk for
>>> > you. I would very much like your review on:
>>> >
>>> >     *Versioning of HTTP Resources*
>>> >     draft-toomim-httpbis-versions
>>> >
>>> https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-versions-00
>>> > ...
>>>
>>> I believe it would be good to work out the differences to RFC 3253
>>> (https://greenbytes.de/tech/webdav/rfc3253.html) even if only in a
>>> short paragraph.
>>>
>>> Best regards, Julian
>>>
>>>
>>
>> --
>>
>> ---
>> *Josh Co*hen
>>
>>

-- 

---
*Josh Co*hen

v2.39.1 | Report a Bug | By Email | System Status