Re: Secdir last call review of draft-ietf-httpbis-binary-message-04
Martin Thomson <mt@lowentropy.net> Thu, 02 June 2022 00:15 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBA55C15AAC0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 1 Jun 2022 17:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.76
X-Spam-Level:
X-Spam-Status: No, score=-2.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=AF95Gnmo; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=snA/8k1W
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XG1BGLxw7lfy for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 1 Jun 2022 17:15:22 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4D0DC14F718 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 1 Jun 2022 17:15:21 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nwYSp-0003mu-QK for ietf-http-wg-dist@listhub.w3.org; Thu, 02 Jun 2022 00:13:23 +0000
Resent-Date: Thu, 02 Jun 2022 00:13:23 +0000
Resent-Message-Id: <E1nwYSp-0003mu-QK@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nwYSn-0003lu-Sw for ietf-http-wg@listhub.w3.org; Thu, 02 Jun 2022 00:13:21 +0000
Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nwYSm-00083O-Kg for ietf-http-wg@w3.org; Thu, 02 Jun 2022 00:13:21 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id B96345C014B; Wed, 1 Jun 2022 20:13:07 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Wed, 01 Jun 2022 20:13:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1654128787; x=1654215187; bh=/u STus2JhRiufqlTSjbL+wIdgHaQp1q6qFZqcfnTKU0=; b=AF95GnmoN/wW4i855U WpjBTGKSsjBjBpd54J60lFUQ6dVxN7ZZRClQ3KlpafvXIclpNm0G7Hl11nX1aS2a nBT000eS7HzJUD/x4LJsm+1nt1VPJ4UYcsisFLk/+Xus+Ho+NAWvEkAorka6FaxT yVypJEtf+OjlReA7crxkucOG5u1OOF39E3ygmO3BnP9THCVA3nyQ8u6Bmllt0+MD oWlKalmV0wGT8MwrUXCemhSCI+KXJtVpxt/HO908gPij8kZPeGsPJli4+1weSqUR 3klRJzL0L6cQCoI+TNXAMhrupi84cHMMi/9lpFiGQwRlTuAgkvkRysvhsWnsV0Za wzUA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1654128787; x=1654215187; bh=/uSTus2JhRiufqlTSjbL+wIdgHaQ p1q6qFZqcfnTKU0=; b=snA/8k1WtWF16rt/SooiB8vTPz81eN4Hqe+U9V6E1Iyd DBVi7EBNTBx/yN1jIBpncJ6UAC+vaojvxZB8zqYJ29GtgvV+aV7jOMHsKBamEpLW y8E1gqDaj1Q8+kxXGdRBgx7Uq467C94AFG2MbeNL13G5S+kWYl71Y9qECeDzO5r0 MxzN07+sPE35M/UAgkBTgdoX9UxlrU8K3joJVen78u5KUSf8JXAJwXzI3OadjY20 af2jRdB36S25GbqZ63gB0a8jUW+WdykHXQvb1TJxazLG/TFpiGB9pWRt/8RHlBIc BBVKsnY4GtMJuQnqmOQcNlC2poTkiMCxWBVg1ZKebg==
X-ME-Sender: <xms:kwCYYnlQjWxn6K-KTTdLgXgcqvZXScztov2h1lduHrqqS8bkis50cA> <xme:kwCYYq0V-pNutzzV_9KxRUlW0FToiisKyVFmU9-bPc83OGq2uUhgt_osk69FUlFAK 3iB8bBU7mor7pY0q40>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrledugddvkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepudelueeftdfhgeeiieeikeekjedvjefgveduffegfedvffelveef keduieeikeelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:kwCYYtoA0alYUM1YXe2gGxCCQxQaF_AfW6CPmmEWAYOj6KA_fMwErg> <xmx:kwCYYvmknC6nzbP6GRg9R-UkE62CEHjorThA_JHFxJz0BoxMqG_-ig> <xmx:kwCYYl24udQol-noGVOGPOCAQudKTLfGuKQqwufaUkmlApiypDMnBA> <xmx:kwCYYjCUruoiKFq83w94_asF-GJfIohvgQ_b9DIKfvN1BA9P-9fzOw>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7C3402340076; Wed, 1 Jun 2022 20:13:07 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-591-gfe6c3a2700-fm-20220427.001-gfe6c3a27
Mime-Version: 1.0
Message-Id: <fd85f92f-0a42-499b-ad7a-dd47f3479d23@beta.fastmail.com>
In-Reply-To: <165409192352.14846.17921142823025268323@ietfa.amsl.com>
References: <165409192352.14846.17921142823025268323@ietfa.amsl.com>
Date: Thu, 02 Jun 2022 10:12:48 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Daniel Migault <daniel.migault@ericsson.com>, secdir@ietf.org
Cc: draft-ietf-httpbis-binary-message.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.29; envelope-from=mt@lowentropy.net; helo=out5-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1nwYSm-00083O-Kg 363b966becdc44c51fb3f7f493ec5089
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Secdir last call review of draft-ietf-httpbis-binary-message-04
Archived-At: <https://www.w3.org/mid/fd85f92f-0a42-499b-ad7a-dd47f3479d23@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40063
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Daniel, Thanks for the review. On Wed, Jun 1, 2022, at 23:58, Daniel Migault via Datatracker wrote: > """ As such, this format is unlikely to be suitable for applications that > depend on an exact recording of the encoding of messages.""" > > I am wondering what it actually means. Typically, I do not see much differences > between the content provided by bmessage and message. For my own information, > in case a response is compressed I am wondering if the compression would occur > "over" the bmessage or if the bmessage would include the compressed content. There are no (or at least no significant) *semantic* differences, but there are great differences in *encoding*. For some applications, capturing the precise encoding is considered important. Archival and security applications are two obvious ones. For instance, WARC is fairly good at capturing this information. We discussed the potential for this to capture capture HTTP/2 messages with all their header compression, framing boundaries, and other details but decided that this was not the goal of this format. For one, trying to capture those details would greatly alter the efficiency and simplicity of the encoding. So this is simply an statement of limited applicability: we capture semantics, not encoding. I had hoped that was clear through the use of "exact recording of the encoding of messages". As for compression, it is possible to compress a binary message (if you send one over HTTP, you can use a compressed content coding), but the format itself has no compression - or the ability to capture what compression was used in a message that the binary message might have been produced from. The content of a binary message might also use a content coding, but that is just a native feature of HTTP that comes for free when you convey HTTP semantics. > I have the impression item 2 of the list could be more consistent with the > other items that is starting with 2. interim response. By the way wouldn't > informational response more appropriated ? It's informational. I don't know how I keep making that mistake. Tacked onto an open pull request (which fixes another instance of the same error). > Section 4 > > This document describes a number of ways that a message can be > invalid. Invalid messages MUST NOT be processed except to log an > error and produce an error response. > > The message seems to be at least processed to determined it is invalid. I > believe what we are trying to say here is that the message must not be passed > to the application or must be discarded as soon as it is detected to be invalid. True: Invalid messages MUST NOT be processed ++further++ except to log an error and produce an error response.
- Secdir last call review of draft-ietf-httpbis-bin… Daniel Migault via Datatracker
- Re: Secdir last call review of draft-ietf-httpbis… Martin Thomson