IETF Logo Mail Archive

Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 26 May 2023 09:52 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EA9EC151072 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 May 2023 02:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.95
X-Spam-Level:
X-Spam-Status: No, score=-4.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfkANY8ei3rn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 May 2023 02:52:55 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DD0EC14CE52 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 26 May 2023 02:52:54 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q2U7m-008uFh-Cd for ietf-http-wg-dist@listhub.w3.org; Fri, 26 May 2023 09:52:42 +0000
Resent-Date: Fri, 26 May 2023 09:52:42 +0000
Resent-Message-Id: <E1q2U7m-008uFh-Cd@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ilariliusvaara@welho.com>) id 1q2U7k-008uEK-Gu for ietf-http-wg@listhub.w3.org; Fri, 26 May 2023 09:52:40 +0000
Received: from welho-filter2b.welho.com ([83.102.41.28] helo=welho-filter2.welho.com) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ilariliusvaara@welho.com>) id 1q2U7j-002ZXo-T1 for ietf-http-wg@w3.org; Fri, 26 May 2023 09:52:40 +0000
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 254793FE5B for <ietf-http-wg@w3.org>; Fri, 26 May 2023 12:52:33 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id OQSTois6eGKt for <ietf-http-wg@w3.org>; Fri, 26 May 2023 12:52:33 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-94-129-82.rev.dnainternet.fi [87.94.129.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id E17D42309 for <ietf-http-wg@w3.org>; Fri, 26 May 2023 12:52:31 +0300 (EEST)
Date: Fri, 26 May 2023 12:52:31 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <ZHCBX2392L+0pSYK@LK-Perkele-VII2.locald>
References: <FC5270AF-509C-4331-AE8F-1F2D51BBC5F2@apple.com> <C687C218-7793-4B74-BB51-B7C34059F9C4@gbiv.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <C687C218-7793-4B74-BB51-B7C34059F9C4@gbiv.com>
Sender: ilariliusvaara@welho.com
Received-SPF: pass client-ip=83.102.41.28; envelope-from=ilariliusvaara@welho.com; helo=welho-filter2.welho.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1q2U7j-002ZXo-T1 a4b3e5f65f681a9b997df6f4bfb821eb
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis
Archived-At: <https://www.w3.org/mid/ZHCBX2392L+0pSYK@LK-Perkele-VII2.locald>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51101
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, May 25, 2023 at 10:21:34AM -0700, Roy T. Fielding wrote:
> 
> If this is truly for a display string, the feature must be
> specific about the encoding and allowed characters.
> My suggestion would be to limit the string to non-CNTRL
> ASCII and non-control valid UTF-8. We don't want to allow
> anything that would twist the feature to some other ends.

I think the set of allowed characters should be the 1,111,999 non-Cc
unicode codepoints.

However, unicode also has formatting control codepoints (including
fun ones like direction overrides), and the set of those is not
necressarily stable. Obviously, the effect of any formatting control
should end with the string.


> Assuming we do this with pct-encoding, we should not allow
> arbitrary octets to be encoded. We should disallow encodings
> that are unnecessary (normal printable ASCII aside from % and "),
> control characters, or octets not valid for UTF-8. That can
> be specified by prose and reference to the IETF specs, or
> we could specify the allowed ranges with a regular expression.
> Either one is better than allowing arbitrary octets to be encoded.

I think it would be safer to add exactly one backslash escape sequence
for the 1,111,904 codepoints that are neither Cc nor ASCII. The
escape sequences should only consist of printable ASCII and should not
contain further backslash nor dobule quote.

It is possible to assign the escape sequences such that worst case
overhead over UTF-8 is 1 byte per codepoint.


 

-Ilari

v2.23.0 | Report a Bug | By Email