IETF Logo Mail Archive

Re: I-D Action: draft-ietf-6man-rfc6874bis-03.txt

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 02 October 2022 10:19 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09547C1522D6 for <ipv6@ietfa.amsl.com>; Sun, 2 Oct 2022 03:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgwSqwEDyg4y for <ipv6@ietfa.amsl.com>; Sun, 2 Oct 2022 03:19:19 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5044C14CE27 for <ipv6@ietf.org>; Sun, 2 Oct 2022 03:19:19 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [IPv6:2a02:3032:40a:77ae:42bd:494b:bc4a:be52]) by relay.sandelman.ca (Postfix) with ESMTPS id 504751F459; Sun, 2 Oct 2022 10:19:18 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 1B1D11A0758; Sun, 2 Oct 2022 12:19:16 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, ipv6@ietf.org
Subject: Re: I-D Action: draft-ietf-6man-rfc6874bis-03.txt
In-reply-to: <ecfa612a-335b-e35a-71a5-f96cca8017d3@gmail.com>
References: <166459749037.58781.81980111804034526@ietfa.amsl.com> <e96e4aa3-4b00-bda8-93d0-f46609c38a5c@gmail.com> <257700.1664625329@dooku> <ecfa612a-335b-e35a-71a5-f96cca8017d3@gmail.com>
Comments: In-reply-to Brian E Carpenter <brian.e.carpenter@gmail.com> message dated "Sun, 02 Oct 2022 09:51:43 +1300."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 02 Oct 2022 12:19:16 +0200
Message-ID: <696598.1664705956@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/JnGj11adRPeCeNVhmICdnWear9E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Oct 2022 10:19:21 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    >> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    >> > Noted that zone IDs have no length limit.
    >> I'm thinking about whether this is a hassle for IoT devices or not.
    >> What if we said they SHOULD NOT be longer than 1024?
    >> (or that, servers are allowed to return 500 error and give up at 1024 bytes
    >> of zone ID)
    >> Your text says:
    >> An implementation SHOULD apply a
    >> reasonable length limit in order to minimize the risk of a buffer
    >> overrun.
    >> An implementation of a *server*, or of a web browser?

    > Or even an o/s kernel, which is where these things are created. IMNSHO
    > RFC 4007 should have imposed a limit, but fixing that would need a different
    > draft. In the context of *this* draft I suppose it's the browser.

The browser is going to take whatever the OS gives it, and unless we write
down some limit, it has no idea what the server is going to accept.  Also
browsers tend to be much richer in their memory environment.

While the IoT devices with super-limited HTTP(S) interfaces are not so priviledged.

    >> What does a server do if it's too long?

    > What it does for any too-long URI, I guess.

Well, the set of URLs that the device needs to accept is mostly driven by the
architecture of the web interface of the device.  I can easily design my web
interface to deal with single-character /Z URLs if I want, and then I could,
dispatch off the first letter of the URI while parsing, and if it's invalid,
stop there.

The zoneID, however, I need to copy into a buffer, and then I think that I
need to annotate any full URLs that I emit with the zoneID.
(I think that 95% of the time, I can emit only relative URLs, but there may
be situations, such as password resets, that I need a full URLs)

    >> Would it be okay if we Updates RFC4007 here and set a huge upper limit?

    > I'm not sure it needs to be huge: the longest I've seen are things like
    > %enxc872efc170a9. We could do that, but is this draft the best place to
    > do it?

Well, 6man is at least the right place to have the conversation.
There seems to be some push back against this document on the basis that if
browser vendors do nothing, then what's the point?  Well, at least, limiting
the length of zoneIDs would be some small point.

Over in IOTOPS, and at the IoTSF ManySecured WG, we have been discussing how
to build Secure Useable Intranet Browser (SUIB).  This essentially amounts to
how can we do HTTPS (or some equivalent: OSCORE over CoAP [over BTLE?] is possible),
with IoT devices, given that it's really hard to give them public names.
One answer is that we will wind up with an Intranet focused browser as a new
executable.  Such a browser would definitely need to implement zoneIDs
properly.
(How to fund such an effort on an ongoing fashion is an open question)


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email