Re: Genart last call review of draft-ietf-core-links-json-07

Carsten Bormann <cabo@tzi.org> Tue, 25 April 2017 23:08 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053DB1205F0; Tue, 25 Apr 2017 16:08:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tq8gvNDBxS4f; Tue, 25 Apr 2017 16:08:35 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14F7E126B71; Tue, 25 Apr 2017 16:08:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v3PN8TaM010863; Wed, 26 Apr 2017 01:08:29 +0200 (CEST)
Received: from [192.168.217.124] (p5DC7F3A7.dip0.t-ipconnect.de [93.199.243.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3wCJmF1FYXzDJ8x; Wed, 26 Apr 2017 01:08:29 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: Genart last call review of draft-ietf-core-links-json-07
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <149315879365.13684.3263173090290877403@ietfa.amsl.com>
Date: Wed, 26 Apr 2017 01:08:28 +0200
Cc: gen-art@ietf.org, ietf@ietf.org, core@ietf.org, draft-ietf-core-links-json.all@ietf.org
X-Mao-Original-Outgoing-Id: 514854508.320519-706d79887a403956b4df6ab96ff401e3
Content-Transfer-Encoding: quoted-printable
Message-Id: <720C9B43-B803-4C99-A366-3C79F463FB23@tzi.org>
References: <149315879365.13684.3263173090290877403@ietfa.amsl.com>
To: Elwyn Davies <elwynd@dial.pipex.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/UFqVy9nfMdE-OTCFpkiVnmWOGJY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 23:08:39 -0000

Hi Elwyn,

thank you for your review — that is a lot of good input.

Before I start thinking about fixes for the WG to consider, let me comment on a few items:

> Summary:Not ready for publication.  There a number of issues that need
> to be addressed  as discussed below.  In particular whether the
> formats could be returned as the web link specification instead of RFC
> 6990 format in response to a GET /.well-known/core request.
> 
> Having thought about the quote stripping/addition issue cited in Adam
> Roach's DISCUSS, I would take a slightly different view... see below.
> 
> Major issues:
> 
> Intentions:
> Is it one of the intentions of this draft that a server should be able
> to return web link descriptions using JSON or CBOR, specifically in
> response to GET /.well-known/core?  

Maybe not as much an intention as a possible direction that should remain open.

This draft defines two media types.  RFC 6690 defined another media type.
From the point of RFC 6690’s registration of /.well-known/core, RFC 6690 was the only media type available, so the assumption there is that application/link-format is returned.
But if a client sends a CoAP Accept option for one of the two media types defined here, that should be returnable, too.
So we probably should say this explicitly (i.e., update RFC 6690 by saying this).

> Content formats for the new
> formats are registered (s3.2) - could a user ask for the alternative
> formats by specifying at ct filter with the GET request?  It strikes
> me that if one has a constrained server of sufficiently limited
> capabilities that it wants to use CBOR then having to encode the RFC
> 6690 format responses for the web links requests is wasting resources.
> Some more thought needs to be given to this as an update to RFC 6690
> - If I read correctly, RFC 6690 implicitly requires that a response to
> GET /.well-known/core MUST be encoded as described in RFC6690.

That is one way to read it — however, if you apply the Web model and the fact that the Accept and Content-Format (integer version of media type + content coding) options are central to CoAP, a reading that RFC 6690 just specifies the initial media type for the well-known URI it defines becomes more likely.
But, again, we should make this explicit.

> Minor issues:
> Title:  The document appears only to address the CoRE Web Links format
> rather than any other.  Should the title reflect this more precisely,
> e.g.,
>      Representing CoRE Web Links Format in JSON and CBOR

The RFC editor will force us to expand CoRE.
Probably even simpler:
          Representing
          Constrained RESTful Environments (CoRE) Link Format
	  in JSON and CBOR

(The middle line is the title of RFC 6690.)

> s1.1: Concerning:
>   o  The simplest thing that could possibly work
> 
>      *  Do not cater for RFC 5988 complications caused by HTTP
> header
>         character set issues [RFC2047]
> 
> Having ferreted around in RFC 5988 and RFC 2047, I can't see what is
> being referred to here.  However, I observe later that the "title*"
> attribute (with language specifier) does not appear to be supported
> (It is missing from Table 1) - is this what is relevant here? If so it
> needs clarification. 

Indeed.

> [Aside: I notice that the relevant ABNF in s5 of RFC 5998 is missing
> external references to various productions (e.g., ext-value,
> quoted-string) that are defined in other documents - in the given
> examples RFC 2987, RFC 2616.]
> 
> s2.2/s5: This statement:
>   The resulting structure can be represented in CDDL
>   [I-D.greevenbosch-appsawg-cbor-cddl] as:
> 
> requires that the CDDL draft is a normative reference rather than
> informative.

Well, this was meant to be interpreted as informative, but maybe that should be made more explicit.

> [Aside:  Having skimmed the CDDL draft, I am of the opinion that a
> good deal more work will be needed to get this ready for publication,
> possibly to the extent that the CDDL quoted here becomes invalid. 

I don’t think so, but we would like to hear this opinion in the CBOR WG, where CDDL is being worked on.

> Given the simplicity of the specification could it be done without the
> use of CDDL?] 

The intention was that all the normative information is in English, that’s why the CDDL reference is informative.

> s2.2: There needs to be some discussion of handling of double quoted
> and non-double quoted strings during conversion:
> I think it works to require that...
>> From RFC 6690 to JSON:
> - If the parameter value is a double quoted string then it should have
> the double quotes stripped, any necessary JSON character encodings
> performed and the double quotes repapplied.

That’s not how the spec is written.  The assumption is that you already have a JSON or CBOR implementation, so the spec is at the data model level; it is not going to tell you how to parse or generate JSON or CBOR.  (Parsing and generating does, however, play a role for RFC6690.  Compare the example implementation, which is 90 % RFC 6690 implementation…)

> - if the parameter value is anything else, then the necessary JSON
> character encodings are done and the result enclosed in double
> quotes.
> [what about % encodings on the RFC 6690 side?]

We are having a lovely discussion about percent-encoding right now in a thread over at art@, ietf@, core@.
Let me cite this part from RFC 6690 so you can share the fun:

   In
   order to convert an HTTP Link Header field to this link format, first
   the "Link:" HTTP header is removed, any linear whitespace (LWS) is
   removed, the header value is converted to UTF-8, and any percent-
   encodings are decoded.

(This obviously creates a limitation on RFC 6690; essentially it can’t represent URIs with percent-encoded reserved characters.  Whether that limitation should mirror over to the JSON/CBOR side is to be discussed in that other discussion.)

>> From RFC 6690 to CBOR:
> - If the parameter value is a double quoted string, the double quotes
> are stripped and the result used as the CBOR string type value.
> - Otherwise, the parameter value is used as the CBOR string value. 
> [what about % encodings on the RFC 6690 side?]

(See above)

> 
>> From JSON to RFC 6690: 
> - Remove the double quotes from the JSON string value and do any
> necessary decoding and encoding.  Reapply double quotes.  Note that
> this may result in values that were originally not enclosed in double
> quotes in the RFC 6690 repreentation becoming enclosed in double
> quotes. However, [AFAICS] this does not alter the semantics of any of
> the predefined parameters.  For example the ABNF productions mean that
> ct=40 and ct="40" are equivalent (the second case is needed so that
> one can also have ct="40 41 42").  What IS needed is a statement that
> this must also apply to any application specific parameters.  

Yes, that was one of the points that Mark’s comments pointed out.

> For
> example the case in examples 4 and 5 of ..;foo="bar";foo=3;...
> transforming to "foo":["bar","3"] and then back to
> ...;foo="bar";foo="3";.. MUST require that the two RFC 6690
> representations are equivalent.

That is essentially an RFC 5988 limitation that RFC 6690 inherits and Mark’s RFC5988bis repairs by pretty much stating just this.

>> From CBOR to RFC 6690: 
> [Essentially the same process - decode/encode and apply double quotes.
> The discussion of equivalent semantics is equally applicable.]
> 
> The conversion from CBOR to JSON or in reverse is similar. 

(Ditto)

> s2.3: It is not stated whether a CBOR decoder should accept literal
> use of the encodable parameters - i.e., if the encoded CBOR contains [
> "href": "/mumble" ] rather than [1 : "mumble£ ] in CDDL format. 

It should not.

   The above specification for JSON could be used as is for the CBOR
   encoding as well.  However, to further reduce message sizes, an extra
   encoding step is performed: "href" and some commonly occurring
   attribute names are encoded as small integers.

The “is”/“are" should be interpreted as MUST do that — maybe again this needs to be explicit.

Should a links-cbor decoder required to reject those 13 strings?  Hmm.
Interoperability probably says yes, complexity says no.

> Similarly, should the use of the encoded values be mandatory on the
> CBOR encoder?

Yes.

> s2.3, Table 1:  Is the omission of title* from the list of parameter
> names deliberate?  If so the omission justifies a note and rationale. 
> Clearly the format of the value for a title* parameter is different
> from all the others, which may have something to do with this.

Yes.  I’m forgetting what title* is being used for over in the Big Web, so I’ll have to look this up again.

> 
> s2.3/s5: eEfereences in Table 1 make RFC 7252 and RFC 7641 normative.

Here, I fully disagree (sorry, pet peeve — we are way too lax with the concept of normative references in the IETF).
When specification B uses a string that is mentioned in specification A, without needing anything else from specification A, this doesn’t make specification A normative for B.
A is normative if you need to read it to implement B; that is not the case here.


> Nits/editorial comments: 
> s1: s/e.g. /e.g., / (two places)

Thanks, a favorite mistake of this non-native speaker.

> s1.1: The term "round-tripping" and the associated text are opaque
> jargon that would normally  be applied to message transmission round a
> loop rather than format conversion.  

(Actually, for me that is a term of art in format conversion.  But I only have worked on format conversions since 1982 :-)
Yes, we need to avoid jargon.

> A more explicit formulation would
> help naive readers.  Suggest (if I understand what was intended):
> OLD:
>   o  Canonical mapping
> 
>      *  lossless round-tripping with [RFC6690] and between JSON and
>         CBOR
> 
>      *  but not trying for bit-preserving (DER-style) round-tripping
> NEW:
>   o  Canonical mapping
> 
>      *  supporting inter-conversion in both directions between any
> pair 
>         of [RFC6690] format and the CBOR and JSON formats defined
> here 
>         with unaltered and unambiguous semantics
> 
>      *  but not attempting to ensure that a sequence of conversions
> from 
>         one of the formats through one or both of the others and back
> to 
>         the original would result in an identical representation
> (c.f., 
>         as might be achieved by different BER transcoders rather than
> by all 
>         DER transcoders with ASN.1 [X.690]).
> ENDS
> This needs an informative reference to X.690 ... but I am not sure
> that the DER comparison is essential.

(I hope, not.  But thanks for the text suggestion, that will certainly help.)

> s2.2:  Suggest:
> OLD:
>   We straightforwardly map:
> 
>   o  the outer collection to an array of links;
> 
>   o  each link to a JSON object or CBOR map, mapping attribute names
> to
>      attribute values.
> 
> NEW:
>   We straightforwardly map:
> 
>   o  the outer collection to an array of parameterized web links;
> 
>   o  each parameterized web link to a JSON object or CBOR map,
> mapping attribute names to
>      attribute values.
> ENDS

Hmm, do we need the term “parameterized web link” for what most of us call “link”?

> s2.2:
> OLD:
> The resulting structure can be represented in CDDL
>   [I-D.greevenbosch-appsawg-cbor-cddl] as:
> NEW:
> The resulting structure can be represented in CBOR Data Definition
> Language (CDDL)
>   [I-D.greevenbosch-appsawg-cbor-cddl] as shown in Figure 1.

Yes.

> s2.4: Note that the use of ct=40 in RFC 6690 is an anchronism.  The ct
> parameter appeared in earlier versions of the draft that led to RFC
> 6690 but was moved out to be used more generally in CoAP and is
> actually defined in RFC 7252 as mentioned in Table 1 here.  Thus use
> of ct=40 in the example copied from RFC 6690 really needs an erratum
> for 6690 but that is for another day!   

Actually, not quite, as “ct” is deliberately used in RFC 6690 in an example only — you wouldn’t look for a normative reference to a document defining “foo” if we had used that :-)

Again, thank you for that thoughtful feedback, this will help us significantly in making the specification better.

Grüße, Carsten