IETF Logo Mail Archive

Re: [Last-Call] LC feedback on draft-ietf-6man-rfc6874bis

Mark Nottingham <mnot@mnot.net> Tue, 13 September 2022 01:45 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32A47C152567; Mon, 12 Sep 2022 18:45:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=nIdpqpTo; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=1vdWkQ4g
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHm741_UUU3g; Mon, 12 Sep 2022 18:45:05 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FA72C1524B9; Mon, 12 Sep 2022 18:45:04 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id BACD25C0190; Mon, 12 Sep 2022 21:44:58 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Mon, 12 Sep 2022 21:44:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1663033498; x= 1663119898; bh=mv5uF9nlvWsH3IRTnXQWMIahpaBXttVH6nJRaTaqBq0=; b=n IdpqpTohgtU3ykHbRTZ+Wg6SUB8V+hPyy26BgRMo9Vzpq0iORNC11gcCIi8iXdSc z6y5w6uEhTfG9iBE2DyAnwGrQjLLzjdqZW1awU6ezqL5B8yD/ImjPydFTm6CT83r CCyC1jXHc0vwKSTmLPPtMYf8Pz/fptj8QnfMYYrKSwzhrDef5HaQz6ilKflZYa4e 99EfWezU7csXUs7yJMYJ+clzF0arydF4MnIO0IVGzAxWPO2xtjsxfIIBjv/0XBX/ HglUwExKy37/bjKtbdxoXC0rb/zkMgilrgVmH9TMC/sqEWCMJmjuKdjbdI6LkcnB 22nAm1KxpQTC+sx5VEf+Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1663033498; x= 1663119898; bh=mv5uF9nlvWsH3IRTnXQWMIahpaBXttVH6nJRaTaqBq0=; b=1 vdWkQ4gvUtagw6W9mo2i9zzkktiAz4ZLHQROvNlX0ybtbJQ5vW0nFRZj7Di+3wlB 5CpydXjToh2Fa/eurih5s9gX8/KQX0lrZIlNAIri7IH1+yfvcve7SdsDYXVMGISa CoMGs8rhUdhAe4VOKpY09WWnRB2h1HWXdwek/JRiGnJr4lWSzf1U0gGHzERYApw1 ejE03nzbRH1DQTYXN/nP4TBNdxrigf2UXn7+T4piRxLOd9o9COFbIJVBM8e0q9mR zjzbkHV+uav+gvZSiTUYnV9YNaTmBAgWJkxg4CavMrKl3vlAJMtTEEgxdUrEqcHU ZP6xtxdwlAELrmJZTux8A==
X-ME-Sender: <xms:muAfY3ejV3L0S_dP8vFkpz4qlytMZv1hgcXN8kvkzcAQVM1749HjDg> <xme:muAfY9Of15f8UbXhBqPeh1lU_WSYG--3hdn-BxUtp8T4ZjcN6d3i7oPAqNF1Z3iV3 Tu0pBkoVKWsEOrHDg>
X-ME-Received: <xmr:muAfYwj3Sqj-F6qh7J_qYC182NvoIALFKvaE4PvbGm7j7sohG8-WpnUnXe34lk75rexF_sjw5w1CmyGExoY9BJp0d6N3jXOGdtBFuah49avWMKkDlN4oyw1S>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfedufedghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne goufhushhpvggtthffohhmrghinhculdegledmnecujfgurheptggguffhjgffvefgkfhf vffosehtqhhmtdhhtddvnecuhfhrohhmpeforghrkhcupfhothhtihhnghhhrghmuceomh hnohhtsehmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepudeliefhleejudetvdfg ueegteeuvdelgeeijeeuheeufeehffelffduhedvudeknecuffhomhgrihhnpehgihhthh husgdrihhopdiffedrohhrghdpfihhrghtfihgrdhorhhgpdhgihhthhhusgdrtghomhdp mhhoiihilhhlrgdrohhrghdpmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:muAfY4_KH_IiGmz_NgZfTyY2Y-voe_9Ft6IyfEhG0zfqiZTg0Bj4oA> <xmx:muAfYzt9naGtIW_iLKu4t7_w2QAnc9l8GtJvp-4RnBjFa69p_kAgWA> <xmx:muAfY3Hw22vSMyp3GykMijlqJyNtJ9hbqKhR7UxbG7RvgQNL7PEzRw> <xmx:muAfY8X46SeYM0PXpXS2FBANF4dRFe6x-XqAkO5_1-HcF2F_5VG_Nw>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 12 Sep 2022 21:44:56 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: [Last-Call] LC feedback on draft-ietf-6man-rfc6874bis
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <1848bd6d-2dca-64cd-294d-bf9e6a90b7eb@gmail.com>
Date: Tue, 13 Sep 2022 11:44:52 +1000
Cc: last-call@ietf.org, 6man <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <39936088-F897-4F23-A8EB-C26B3A035844@mnot.net>
References: <40B9FB29-01E1-49CF-A3C9-A788B1A1C233@mnot.net> <1848bd6d-2dca-64cd-294d-bf9e6a90b7eb@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fahZ5JnnL0d79NWEYu6I0Mc02f0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2022 01:45:09 -0000

Hi Brian,

> On 13 Sep 2022, at 11:34 am, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> On 13-Sep-22 12:00, Mark Nottingham wrote:
>> Hello,
>> I appreciate the effort that the authors and WG have put into this document, and I don't have any substantial technical issues with the document as written (although I have not reviewed it deeply).
>> That said, the IESG needs to consider this publication carefully. The targeted implementers (web browsers) have very clearly said they will not be implementing. From their issue of record:
> 
> Mark, that was then. People are now beginning to wake up to the fact that this is actually wanted by quite a lot of ops and support staff. It will change (the status as a Firefox "defect" has recently changed to "enhancement", for example) and the reason we need this on record as an RFC is so that, as the need becomes compelling, there will be an unambiguous basis for all implementers.

Where do you see the Firefox status? The definitive place to find a Mozilla position on a specification is here:
  https://mozilla.github.io/standards-positions/
... and I don't see this one there (nor is it in their issue queue).

>>> Overall, our internal consensus is that <zone_id>'s are bonkers on many grounds - the technical ambiguity (and RFC 6874 doesn't really resolve the ambiguity as much as it fully owns it and just says #YOLOSWAG) - and supporting them would add a lot of complexity for what is explicitly and admittedly a limited value use case.
> 
> That's OBE. And there isn't any technical ambiguity that I'm aware of. (What may be confusing is that the "zone identifiers" are utterly non-standardised beyond being an ASCII string, so there is no way for a parser to validate them; only the o/s can do that.)

I'd like to see them say that -- right now, this + the statement below is the browser position, as I understand it. 

>> -- <https://www.w3.org/Bugs/Public/show_bug.cgi?id=27234#c2>
>> And, in their URL specification:
>>> Support for <zone_id> is intentionally omitted.
>> -- <https://url.spec.whatwg.org/#host-representation>
>> This is not just a question of getting them interested, nor one of resourcing. As their discussion points out, there are likely a number of additional security and user interface issues which would need to be addressed.
> 
> It's unclear that any of those issues remain in the bis. There were certainly issues of that kind in RFC6874 itself.
> 
>> The Shepherd Writeup says that has been circulated with the W3C TAG, the HTTP WG, and the ART area.
>> The TAG review was requested less than an hour ago:
>>   https://github.com/w3ctag/design-reviews/issues/774
>> At a minimum, the IESG should allow that process to complete. Given the size of their queue, this may take some time.
>> In the HTTP WG, I only see two relevant messages:
>>   https://www.w3.org/mid/CAPxZtjHf29s-b8M68uAcphpznbqBhjgfw0EYZHi__0DitE-i6Q@mail.gmail.com
>> I wouldn't characterise this as a review.
>> I couldn't find any relevant messages on the ART list in the last two years. If I've missed something in either case, pointers would be appreciated.
> 
> It's been raised in DISPATCH more than once, most recently during the 6MAN adoption call in February 2022. I don't recall that anyone in DISPATCH suggested raising it on ART or HTTP. I thought that's what IETF Last Call was for, anyway.

The document's shepherd writeup claims that it had been discussed in those places.

>> The questions that I think the IESG needs to address in evaluating this document are:
>> 1. Should we be publishing a document where there is zero demonstrated implementation interest, and furthermore significant implementer concerns (as outlined above)?
> 
> Those concerns are what prompted this bis document to be written. The whole point of specifying it now is to avoid divergent implementations when the need is recognised.

Yes, but let's be clear, this is hope-based standardisation.

> If it had been as easy a fix for Firefox as it turned out to be for wget, I'd have implemented it myself. But in any case, it's now on for Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=700999#c94
> 
> (It's a two-line fix in wget. Sadly, the Firefox parsers (plural) are too complex for ordinary mortals to patch in a reasonably short time.)
> 
> 
>> 2. Should lower-layer WGs be documenting how higher-layer protocols actually use the lower layer constructs, without buy-in or substantial review from those higher layer communities?
> 
> Yes, because if we don't nobody else will. And we've exposed this work to review both via DISPATCH and over at WHATWG (https://github.com/whatwg/url/issues/392#issuecomment-873744002), not to mention on the issue trackers for both Firefox and Waterfox.
> 
>> 3. If so, what precedent does that set for the network determining how applications use it? Here, I'm particularly concerned about the struggles regarding security and privacy between the layers.
> 
> I don't see any kind of precedent here. The tail sometimes wags the dog, but I am at loss to see which is the tail and which is the dog in this case.
> 
> As far as we're aware of any *new* security or privacy issues, they're discussed in the draft. Substantive comments are of course welcome.

In this case I'm not referring to security or privacy concerns in *this* draft. I'm alluding to what seem to be constant efforts by folks to expose application information and control at the network layer -- sometimes in the IETF, sometimes elsewhere.

>> 4. Given the above, will publishing this document impact the IETF's credibility/legitimacy in the eyes of browser implementers and other communities?
> 
> Yes. It will show that we admit and fix our mistakes.

Another way of doing that would be to move 6874 to historic until the implementations actually agree to do this.

All of this said, I'm not strongly against publishing this -- I just want to make sure the IESG has considered these questions before doing so. It'd be extremely helpful to hear (one way or another) from browser implementers in this discussion.

Cheers,

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email