Re: [ietf-822] Review of and suggested changes for draft-crocker-inreply-react-01.txt
Ned Freed <ned.freed@mrochek.com> Thu, 22 October 2020 13:38 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2D23A0A6A for <ietf-822@ietfa.amsl.com>; Thu, 22 Oct 2020 06:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-f2NOdkVWCt for <ietf-822@ietfa.amsl.com>; Thu, 22 Oct 2020 06:38:32 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E39CF3A044A for <ietf-822@ietf.org>; Thu, 22 Oct 2020 06:38:32 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RR3LERJ6BK009U8W@mauve.mrochek.com> for ietf-822@ietf.org; Thu, 22 Oct 2020 06:33:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1603373609; bh=a7hqZDxFm0/WWI63yMY72dVQFnvfVajujBLWLyxvWbs=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=NpO7gDKqYLZ9ubJHwVcwdAALSP4kkANRc+Y+BAkxer1FerouzDFy0e90kIPlq2zp4 9mgcIwfszXcU7FcK9sIsVWdiD8toaf6FcCq6RyYbUNi/gJ1ohS04uF0AM3tYx4XetX h9GsL6UC2sxiYU4bb8kHEt/+RJgIxDjCkMmTSkhg=
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: TEXT/PLAIN; charset="utf-8"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQN4TDY6V4005PTU@mauve.mrochek.com>; Thu, 22 Oct 2020 06:33:26 -0700 (PDT)
Cc: Ned Freed <ned.freed@mrochek.com>, ietf-822@ietf.org
Message-id: <01RR3LEOMF7I005PTU@mauve.mrochek.com>
Date: Thu, 22 Oct 2020 06:06:55 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Wed, 21 Oct 2020 16:43:00 -0500" <BC7B0570-A0F9-4DA3-B3C6-E21C54A207B9@guppylake.com>
References: <01RR27LBEQ12005PTU@mauve.mrochek.com> <BC7B0570-A0F9-4DA3-B3C6-E21C54A207B9@guppylake.com>
To: Nathaniel Borenstein <nsb@guppylake.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-822/3BiWXLS3PzQBmUu1raO_kKl0RL0>
Subject: Re: [ietf-822] Review of and suggested changes for draft-crocker-inreply-react-01.txt
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 13:38:34 -0000
> +1 mostly. Or should I say, 👍. As usual your analysis is excellent. > But you say that a MIME part with “Content-Disposition: reaction” should > have its contents restricted to UTF-8 emoji. Most likely some implementors > will ignore that and include additional UTF-8 text, or worse, pictures or > video. How should a conformant implementation handle that? I tried to make that clear, but I guess it didn't come through. My sugggested approach is to treat any reaction part that doesn't conform to the specification as if it doesn't have the reaction disposition. This makes it difficult for a bad sender to cause trouble by creating silly states, has reasonable fallback semantics, and allows for future extension. > wIt seems like this creates an excellent opportunity for bad implementations to > help people send content that might never be displayed to the recipient. Not if doing it immediately engages the fallback behavior of treating the part as regular text. > Although it will be the fault of the sending implementation, the consequences > will be experienced by the readers more than the senders, so it could be hard > to even notice, let alone get fixed. > I’m not sure we should dismiss out of hand the “text/reaction” idea. > Conformant implementations will treat it as a reaction — a new thing. What > does it really matter whether nonconformant implementations treat it as > text/plain or application/octet-stream? I suggest you try it and see what happens with gmail.com and outlook.com - it shows up as an ugly little attachment symbol, which people are unlikely to bother clicking on. I do not regard this behavior as an acceptable fallback. Content-disposition: reaction, OTOH, is displayed as text. It runs into adjacent parts when used in a multipart/mixed. I really can't think of better fallback behavior than this. > Either way, it won’t have any special automatic reaction processing, and it > will make the content available to the user either as readable text or an > attachment that the user is at least told exists. I don't think they're told in a way where they are likely to bother looking. I also think this is probably a deliberate UI design choice. It's easy for bad things to happen when people download and then click on random content. The designers of thsee interfaces are caught between a hard conformace requirement and a modern day security issue. > Sure, application/octet-stream is the wrong choice, but it’s no more wrong > than it has been all along for unrecognized text subtypes. In fact, if this > gives us a reaction mechanism that works for everything but Microsoft and > Google, it might actually spur those companies to start doing the right thing > with unrecognized text subtypes in general. (OK, I wouldn’t bet the farm on > that, but you never know.) I'm not just concerned about Google and Microsoft. I've found in the past that what they did is a good indication of what others have done. FWIW, the MIME specification may be partly at fault here. The need to be able to fall back to application/octet-stream so the data is at least accessible is vital and is mentioned multiple times, including in the conformance document RFC 2049. But we didn't make the conformance criteria for unknown subtypes of text nearly as clear. In RFC 2046 we said: Unrecognized subtypes of "text" should be treated as subtype "plain" as long as the MIME implementation knows how to handle the charset. Unrecognized subtypes which also specify an unrecognized charset should be treated as "application/octet- stream". This is quite clear. But we didn't say the same thing in RFC 2049. Instead we said: -- For unrecognized subtypes in a known character set, show or offer to show the user the "raw" version of the data after conversion of the content from canonical form to local form. It can be argued that this criteria is met by fallback to application/octet-stream. An oops on our part... > These are just my reactions, I’m not yet sure what I think is the right > answer. — Nathaniel Thanks for the feedback. Ned
- [ietf-822] Review of and suggested changes for dr… Ned Freed
- Re: [ietf-822] Review of and suggested changes fo… Nathaniel Borenstein
- Re: [ietf-822] Review of and suggested changes fo… Valdis Kl ē tnieks
- Re: [ietf-822] Review of and suggested changes fo… Dave Crocker
- Re: [ietf-822] Review of and suggested changes fo… Ned Freed