IETF Logo Mail Archive

Re: [IPv6] Link-local URI status (rfc6874bis)

Erik Nygren <erik+ietf@nygren.org> Mon, 06 November 2023 17:54 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3A8C1C5F2C for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 09:54:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.407
X-Spam-Level:
X-Spam-Status: No, score=-6.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VeGGeQSuDFD8 for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 09:54:00 -0800 (PST)
Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8F79C17C8B9 for <ipv6@ietf.org>; Mon, 6 Nov 2023 09:54:00 -0800 (PST)
Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4084de32db5so41712365e9.0 for <ipv6@ietf.org>; Mon, 06 Nov 2023 09:54:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699293239; x=1699898039; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L3AVZdbwd8OhUcA8WVcyXxnOCWFt5mRKmGM0OEBVt5g=; b=asRkiJRUGIg1ULa3+2WVtUA3aanXvlFsc1yVzm080lO/S9ZI1/3NjshlDxMsvPJvfx vorBgH8n7iu5sruqD26itqQo3EidU6IqBRTJBA0nv0TohWd0Bcu8Iocw0q8oZRLdTeO4 4f3xqfSvdn3rQlxRFEuuHn7zvLYHNanWik6ui5/FkYKFfan10u5irMbZsDYGlkswMPAo 98tCZ5eeD0II5f8nsgWbLwoSYCgUFdCB9u4YFeFwxxfnp2/k2VAs99CIvVFuG3HVFSTe uzQ2tOV9890340rO4JlJwddQqWeZyrtyzh5JXpOv5hDNVPpQxkRA/9NDOnEmW8Pyz5qD b6yg==
X-Gm-Message-State: AOJu0Yx0YRejGhPvRg37TGW0VBf6k9s2OXFE62aiO7a362n8MC590ATm oeCMeNCgB8jItpupo2SuMR2qq3SDNpFp8vWizX5Zo0vPSLIMxw==
X-Google-Smtp-Source: AGHT+IET4hOIX9GcbOEKgTOV1HoVV9sI+BuRtIQbLRc5wmyQa2vqrBmjMcuxIo4sACR21B7OeU+HdoWFWjRVYCzuKag=
X-Received: by 2002:a05:6000:84:b0:32d:b55c:41fa with SMTP id m4-20020a056000008400b0032db55c41famr18341647wrx.28.1699293238723; Mon, 06 Nov 2023 09:53:58 -0800 (PST)
MIME-Version: 1.0
References: <17352fa3-c3c9-3cc3-27f2-f8f57dfff383@gmail.com>
In-Reply-To: <17352fa3-c3c9-3cc3-27f2-f8f57dfff383@gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Mon, 06 Nov 2023 18:53:47 +0100
Message-ID: <CAKC-DJh3jxqKOh5SwD7WULxYmGJU4-HH8LbqB8Aj2P96+FpA+w@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: 6man <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Stuart Cheshire <cheshire@apple.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000dd07b206097f89ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/S8rmObMknGmZr9QYCygFdk-ucA4>
Subject: Re: [IPv6] Link-local URI status (rfc6874bis)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 17:54:04 -0000

I'd propose that we decouple what is in the URI on the wire and what is in
the user interface, similar to rfc5894 / IDNA.
That way we stick with always using %25 as in rfc6874 on the wire and in
any URI references (eg, in an href, etc)
to keep things unambiguous and protocol-compliant.  For example:

    http://[fe80::a%25en1]

We can separately define that user interfaces may do a conversion to
add/remove this escaping as appropriate.
There's a precedent for this model already with the IDNA conversion between
punycode and UTF-8 already.

This approach seems like it might be the best compromise:
* It will keep the HTTP and URI people happy by not adding in some weird
special-case which seems like a non-starter.
* It is a minimum change to what is already specified (eg, rfc6874)
* It doesn't change how we encode interface names in a way that would be
exposed to users.
* It still allows users to interact with interface aliases with an
experience that hides them from this complexity.

There is still the ambiguous case (eg, interface  "251") but perhaps we can
strongly discourage
naming interfaces in such a way that they start with "25".  Messy, but
might be the least bad option.

  Erik



     Erik





On Wed, Nov 1, 2023 at 3:03 AM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> Hi 6man,
>
> Since I will not be in Prague or on-line, this is an update for the WG
> on the status of draft-ietf-6man-rfc6874bis.
>
> If you've forgotten, the draft allows http://[fe80::1%eth0] as a valid
> URI.
>
> In summary: it is blocked in the IESG. Possible WG actions are listed
> at the end.
>
> There are two unresolved DISCUSS ballots:
>
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_robert-wilton
>
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_murray-kucherawy
>
> Here is my personal summary of the remaining issues, and what we
> have done since IETF Last Call and IESG review to resolve them:
>
> 1. Re Rob Wilton's DISCUSS: We clarified character set restrictions needed
> for compatibility with URI rules, and the applicability of numeric
> identifiers
> as a work-around for these character set restrictions. I believe these are
> the only changes possible, given RFC4007, the ~20 years of history in the
> POSIX and Winsock APIs, and the widespread implemention of these in host
> stacks.
>
> The difficulties that Rob has are not so much with this draft but more
> with that underlying model. Quoting his off-list message: "I don’t regard
> interfaces on network devices as inherently having a numeric identifier."
> But like it or not, the nodes on which browsers normally run follow
> RFC4007 and *do* inherently have numeric interface indices. We don't
> have any choices there. (I do think that RFC4007 is inadequate and
> needs to be updated to reflect current reality, but that's orthogonal.)
>
> 2. Re Murray Kucherawy's DISCUSS:
>
> 2.1 The fact that almost no developers have decided to implement
> this so far seems non-blocking to me. For all the use cases listed in
> the draft, there is a user-side view that this just ought to work,
> and when it fails, this is perceived as a bug.
>
> Arguments that it's 'unimplementable' or 'insecure' deserve answers:
>
> 2.2 The 'unimplementable' argument is based on using the '%' sign
> as a separator, whereas its normal role in a URI is as an escape
> character. Roy Fielding has argued that there are many URI parsers
> around that handle percent-encoding in different ways (somewhat
> regardless of the formal ABNF syntax). As result, he asserts
> that stepwise introduction of the draft is impossible in practice.
>
> The draft argues that it doesn't matter if unmodified parsers
> throw an error if they see the new syntax, because that is what
> they do today anyway, so the new syntax can be deployed
> progressively.
>
> There is an alternative (discussed in this WG years ago):
> use a different separator, e.g. http://[fe80::1-eth0]
> This still requires URI parsers to be modified and progressively
> deployed, but without interacting with percent-encoding.
> That is mainly a simplification of the programming problem. It
> does have its own programming complication - the '-' must be
> replaced by '%' before making relevant socket calls.
>
> 2.3 The 'security' argument is related to what the Web community
> calls Cross-Origin Resource Sharing (CORS). This is a very
> complex topic that I do not claim to understand and will not
> attempt to summarise here. IPv4 and IPv6 link-local address
> literals are considered problematic, like other IP addresses
> with local (a.k.a. private) scope, such as ULAs. The background
> is at https://wicg.github.io/private-network-access/.
>
> What I do not understand about this argument is that the CORS
> issue exists for http://[fe80::1] already, and as far as
> I can see is identical for http://[fe80::1%eth0]. If so,
> that is no reason to block rfc6874bis.
>
> The draft has been updated several times in an attempt to
> resolve these two DISCUSSes, and a couple of side meetings have
> been held at recent IETFs. We tried to set up a video chat
> before IETF 118 but it didn't work out.
>
> Possible WG actions:
>
> 1. Drop the draft and leave the use cases unsolved.
>
> 2. Accept the change to http://[fe80::1-eth0] and push the
> IESG to dismiss the other objections as beside the point.
>
> 2a. Also undertake a major revision of RFC4007.
>
> 3. Something else.
>
> I'd be interested to hear opinions about these options.
>
> Regards
>     Brian Carpenter
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email