Re: [IPv6] Link-local URI status (rfc6874bis)
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 06 November 2023 19:39 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84180C151525 for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 11:39:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.196
X-Spam-Level:
X-Spam-Status: No, score=-2.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAwAOtFoLsWW for <ipv6@ietfa.amsl.com>; Mon, 6 Nov 2023 11:39:55 -0800 (PST)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC8BDC18E1A5 for <ipv6@ietf.org>; Mon, 6 Nov 2023 11:39:55 -0800 (PST)
Received: by mail-pg1-x52c.google.com with SMTP id 41be03b00d2f7-577fff1cae6so3585119a12.1 for <ipv6@ietf.org>; Mon, 06 Nov 2023 11:39:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699299595; x=1699904395; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=DCVfk+LGNrdLNfpdHAv/FRxSXtvgFgPzAuykC+j7nq4=; b=J1Qh1Kci3N5rTXByyhixTaL5wKEmc1tYbVGVCW4HVcrdAaIOtGcSXMyJI/yeg+N1Jc a0Ia2VOnqi9flAB/K3KxEw0V/1prQbcsmRo9GxhAbG9V/O++fhTsNSGOH9JruU2V87uX IJZng8F2fwvPoVz/HIwlFd3mc5Co01dYIXjayH3xEyc5LwSKGRnihxCxU23+VZ/B++9l CU+5zV4vxyrKJQP2bXm1BHJimh03pw1mBYBu9ZBqYeLKQaqu0ZxNMlnCXH8KopsEei4t OMTXSU4SbDb4IuK64mF+85SSRrCWEYMuiPv6zyoEtbrknY1GZxQpEaNKR2np16TH8c8X AeyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699299595; x=1699904395; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DCVfk+LGNrdLNfpdHAv/FRxSXtvgFgPzAuykC+j7nq4=; b=DXoHbcnRCNI+oUnwTfiosB6aJrBqJP5Cl3zarlTWZfIEak3hEDYc0Y9k51jZ2q9wKw ZutujHDje0mZY29hCjcGaVS5iEGFFnIiGDsERx1KBTkbpQOLeu+eybZEgYHuPN4SJxux UUW8gLgC8KUYhbNaQASTevOXzp3epUmp4q2hzRdj+snb30MN2xqy2ilsvfI7/YTXoZd+ xU6NZKtJh3zxLIC5E1Ik35x6NVeM5aR29nDq3JwjrmKO9RS4s02kkwPOsCjO482qUBr+ Qo8p/9FORP6xUmptwdKH3hPjLvFuNwjEjUtVehtR4LRuHZVWKtTCRBoYDpe3DBby07uo R2Mg==
X-Gm-Message-State: AOJu0YzXd1sjrXTQjaMH9ryCHrrVKwvPz4QZwTuTJOehpiBpKzhNeclL KB4ISWdR1RNuRsd+ral9NpQ=
X-Google-Smtp-Source: AGHT+IHcC7RdcdnXUGFegZtBqdO405jHddvvzovApx94guBVu/qSkrwqFhTc8Axc+h2ov2KjbcpAZA==
X-Received: by 2002:a05:6a20:9185:b0:15e:7323:5bf3 with SMTP id v5-20020a056a20918500b0015e73235bf3mr590285pzd.26.1699299594654; Mon, 06 Nov 2023 11:39:54 -0800 (PST)
Received: from ?IPV6:2406:e003:110d:5301:8cb6:a2c:7461:4047? ([2406:e003:110d:5301:8cb6:a2c:7461:4047]) by smtp.gmail.com with ESMTPSA id g23-20020aa78757000000b006c39efc97b3sm4266541pfo.113.2023.11.06.11.39.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Nov 2023 11:39:54 -0800 (PST)
Message-ID: <886375cb-64a9-9cdb-e7be-4cc1ff8cf3c2@gmail.com>
Date: Tue, 07 Nov 2023 08:39:50 +1300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Erik Nygren <erik+ietf@nygren.org>
Cc: 6man <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Stuart Cheshire <cheshire@apple.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "Murray S. Kucherawy" <superuser@gmail.com>
References: <17352fa3-c3c9-3cc3-27f2-f8f57dfff383@gmail.com> <CAKC-DJh3jxqKOh5SwD7WULxYmGJU4-HH8LbqB8Aj2P96+FpA+w@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAKC-DJh3jxqKOh5SwD7WULxYmGJU4-HH8LbqB8Aj2P96+FpA+w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Zk_5LkhqEQzwmLgUlaku0733P6U>
Subject: Re: [IPv6] Link-local URI status (rfc6874bis)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 19:39:59 -0000
On 07-Nov-23 06:53, Erik Nygren wrote: > I'd propose that we decouple what is in the URI on the wire and what is in the user interface, similar to rfc5894 / IDNA. > That way we stick with always using %25 as in rfc6874 on the wire and in any URI references (eg, in an href, etc) > to keep things unambiguous and protocol-compliant. For example: > > http://[fe80::a%25en1] > > We can separately define that user interfaces may do a conversion to add/remove this escaping as appropriate. Which user interfaces? If you mean the dialogue box in browsers, I am definitely no expert, but these days it seems that any deviation from accepted URI syntax sends you off into search mode. > There's a precedent for this model already with the IDNA conversion between punycode and UTF-8 already. Yes, but of course punycode looks like standard ASCII fodder for hostname parsing. So when I type https://smörgåsbord.blåbærsyltetøy.com into Firefox, it echos https://xn--smrgsbord-82a8p.xn--blbrsyltety-y8ao3x.com and that parses just fine. > > This approach seems like it might be the best compromise: > * It will keep the HTTP and URI people happy by not adding in some weird special-case which seems like a non-starter. I'm not sure about that. That is of course the syntax of RFC6874, but from what I've gathered about the wide variety of URI parsers in the world, whether or not a % is treated as an escape at that particular point in a URI (inside the host part, inside square brackets, inside a numeric address) isn't necessarily consistent. Changing to a different symbol definitely avoids that inconsistency. > * It is a minimum change to what is already specified (eg, rfc6874) > * It doesn't change how we encode interface names in a way that would be exposed to users. > * It still allows users to interact with interface aliases with an experience that hides them from this complexity. > > There is still the ambiguous case (eg, interface "251") but perhaps we can strongly discourage > naming interfaces in such a way that they start with "25". Messy, but might be the least bad option. It isn't ambiguous if we make the %25 mandatory, but this is precisely the grey area where some parsers will get it wrong. And unfortunately %2525 is very likely to occur - the Windows machine on which I am typing has interface index 22 for Wi-Fi, for example. But the other point is that this only resolves one of the three blocking issues. Brian > > Erik > > > > Erik > > > > > > On Wed, Nov 1, 2023 at 3:03 AM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote: > > Hi 6man, > > Since I will not be in Prague or on-line, this is an update for the WG > on the status of draft-ietf-6man-rfc6874bis. > > If you've forgotten, the draft allows http://[fe80::1%eth0] as a valid URI. > > In summary: it is blocked in the IESG. Possible WG actions are listed > at the end. > > There are two unresolved DISCUSS ballots: > https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_robert-wilton <https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_robert-wilton> > https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_murray-kucherawy <https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_murray-kucherawy> > > Here is my personal summary of the remaining issues, and what we > have done since IETF Last Call and IESG review to resolve them: > > 1. Re Rob Wilton's DISCUSS: We clarified character set restrictions needed > for compatibility with URI rules, and the applicability of numeric identifiers > as a work-around for these character set restrictions. I believe these are > the only changes possible, given RFC4007, the ~20 years of history in the > POSIX and Winsock APIs, and the widespread implemention of these in host > stacks. > > The difficulties that Rob has are not so much with this draft but more > with that underlying model. Quoting his off-list message: "I don’t regard > interfaces on network devices as inherently having a numeric identifier." > But like it or not, the nodes on which browsers normally run follow > RFC4007 and *do* inherently have numeric interface indices. We don't > have any choices there. (I do think that RFC4007 is inadequate and > needs to be updated to reflect current reality, but that's orthogonal.) > > 2. Re Murray Kucherawy's DISCUSS: > > 2.1 The fact that almost no developers have decided to implement > this so far seems non-blocking to me. For all the use cases listed in > the draft, there is a user-side view that this just ought to work, > and when it fails, this is perceived as a bug. > > Arguments that it's 'unimplementable' or 'insecure' deserve answers: > > 2.2 The 'unimplementable' argument is based on using the '%' sign > as a separator, whereas its normal role in a URI is as an escape > character. Roy Fielding has argued that there are many URI parsers > around that handle percent-encoding in different ways (somewhat > regardless of the formal ABNF syntax). As result, he asserts > that stepwise introduction of the draft is impossible in practice. > > The draft argues that it doesn't matter if unmodified parsers > throw an error if they see the new syntax, because that is what > they do today anyway, so the new syntax can be deployed > progressively. > > There is an alternative (discussed in this WG years ago): > use a different separator, e.g. http://[fe80::1-eth0] > This still requires URI parsers to be modified and progressively > deployed, but without interacting with percent-encoding. > That is mainly a simplification of the programming problem. It > does have its own programming complication - the '-' must be > replaced by '%' before making relevant socket calls. > > 2.3 The 'security' argument is related to what the Web community > calls Cross-Origin Resource Sharing (CORS). This is a very > complex topic that I do not claim to understand and will not > attempt to summarise here. IPv4 and IPv6 link-local address > literals are considered problematic, like other IP addresses > with local (a.k.a. private) scope, such as ULAs. The background > is at https://wicg.github.io/private-network-access/ <https://wicg.github.io/private-network-access/>. > > What I do not understand about this argument is that the CORS > issue exists for http://[fe80::1] already, and as far as > I can see is identical for http://[fe80::1%eth0]. If so, > that is no reason to block rfc6874bis. > > The draft has been updated several times in an attempt to > resolve these two DISCUSSes, and a couple of side meetings have > been held at recent IETFs. We tried to set up a video chat > before IETF 118 but it didn't work out. > > Possible WG actions: > > 1. Drop the draft and leave the use cases unsolved. > > 2. Accept the change to http://[fe80::1-eth0] and push the > IESG to dismiss the other objections as beside the point. > > 2a. Also undertake a major revision of RFC4007. > > 3. Something else. > > I'd be interested to hear opinions about these options. > > Regards > Brian Carpenter > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org <mailto:ipv6@ietf.org> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6> > -------------------------------------------------------------------- >
- [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Carsten Bormann
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Richardson
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Eric Vyncke (evyncke)
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Richardson
- Re: [IPv6] Link-local URI status (rfc6874bis) Erik Nygren
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter