IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Fri, 22 February 2019 19:16 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AABC130F6D; Fri, 22 Feb 2019 11:16:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8yUdJFlIZss; Fri, 22 Feb 2019 11:16:40 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0707.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::707]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 033B3130EBA; Fri, 22 Feb 2019 11:16:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t9ANWU02MDaozrywL7b1uk4fw2jDabQfOuzZr48paKQ=; b=Rw+TcfEPADJkbOXo9PcIWABS9CreBsUenUvCK4GZ/ZF4QXrYR8YTjLH91sKrTf9C3sjfaU+StIx+TM5PEpZVpTDWHc5DX06ojJb+BWEuFVpj1pIOW6TTAEV5nhvtbct/s/MsHlQWCD/61EM2RmRkkM5nQhLSp5bYro8ZQvEPMwA=
Received: from DM5PR0101CA0011.prod.exchangelabs.com (2603:10b6:4:28::24) by DM5PR0101MB3002.prod.exchangelabs.com (2603:10b6:4:2f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.19; Fri, 22 Feb 2019 19:16:37 +0000
Received: from CO1NAM03FT039.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::206) by DM5PR0101CA0011.outlook.office365.com (2603:10b6:4:28::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.18 via Frontend Transport; Fri, 22 Feb 2019 19:16:37 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT039.mail.protection.outlook.com (10.152.81.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.13 via Frontend Transport; Fri, 22 Feb 2019 19:16:37 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1MJGXt1029467 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 22 Feb 2019 14:16:35 -0500
Date: Fri, 22 Feb 2019 13:16:33 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
CC: The IESG <iesg@ietf.org>, brong@fastmailteam.com, draft-ietf-jmap-core@ietf.org, jmap-chairs@ietf.org, jmap@ietf.org
Message-ID: <20190222191632.GD69562@kduck.mit.edu>
References: <155072687005.20308.1288342758446844678.idtracker@ietfa.amsl.com> <CEF846E0-DB3C-49DE-8649-B591AEA0B45D@fastmail.fm> <20190222170920.GA69562@kduck.mit.edu> <BEC257B1-267C-4F67-A942-3E22680E139B@fastmail.fm>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BEC257B1-267C-4F67-A942-3E22680E139B@fastmail.fm>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(136003)(396003)(39860400002)(2980300002)(199004)(189003)(8676002)(426003)(786003)(4326008)(2906002)(23676004)(2486003)(356004)(336012)(86362001)(316002)(54906003)(106002)(6246003)(53546011)(88552002)(58126008)(7696005)(36906005)(2870700001)(186003)(76176011)(8936002)(5660300002)(26005)(126002)(93886005)(476003)(6916009)(446003)(229853002)(486006)(966005)(104016004)(33656002)(305945005)(14444005)(50466002)(47776003)(75432002)(106466001)(55016002)(1076003)(956004)(6306002)(53416004)(11346002)(26826003)(66574012)(478600001)(246002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0101MB3002; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 568c7bb8-4a89-4cc0-45f4-08d698fa4462
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4608103)(4709054)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:DM5PR0101MB3002;
X-MS-TrafficTypeDiagnostic: DM5PR0101MB3002:
X-MS-Exchange-PUrlCount: 1
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0101MB3002; 20:sTRh0fXt0376OzXezA7gXgwgYFCRDrZ6xOgcRQJx/1OCJadvLvKU6Og+X6mrcnz2uOB9M0Zzc6oazV1tf6WmsT88XhLppBELrwjcF8fR1CyPRyi8FoDLjRoRQuupwgxAb/K4Qnmsi8NzhJr317iMcVOwxazAv1YcMVBc9R+0YuU0eCmm+v31Hh3wqMB0lcu2K0jOC3V34tM/J1PeUdippxfXy6CQXdwPgAF3voo3X/SOe0ZFTY2UpLChvCYOOLFOGxZZNGN3PnO6E7G3Fs0XQeG/CBT0NSjQNwIn/IdD3Q6BdQq3hIPn6fkB9BWuhucFW0L2kG+rNzcJV4t8wrEWhwO6pIF4ch0aksd1nE2Wq0gfbsxowY7726VrJ1ZhGrO7LweajJ1AbLjITY2+/LHQ1du5ArWapRoTPRsAecG7AqAIMHBHvbq/97MYNoTv60d8agjPxVvl9j6wdLYPFzZpyEkxfZaW14dgTKAb3Uaa+HUIKhoHKIT4hkMsqb9rCFWiiGme5/fF88hbAYlx0l5JcWtWi4jYPmBVB2xsP59MttpyP6pg2dvQzb3ep2aCfww+EyPIOVVe6uXgeoQzl06R0QMJg11DywuUOKFZ1Nkm5QI=
X-Microsoft-Antispam-PRVS: <DM5PR0101MB3002A41849B0C0080A95E0D3A07F0@DM5PR0101MB3002.prod.exchangelabs.com>
X-Forefront-PRVS: 09565527D6
X-Microsoft-Exchange-Diagnostics: 1;DM5PR0101MB3002;23:sNgsI613tW3KYof2nKFBYFhMj/2KH8cuBOxR1YalhYHsojXII4ovtwxPsXNFsM0RvdciXMDF4TKrmtYt6ZWhRISRa+JOkbdN2h49fMl75CTcFCxvhvG5Ga6W/A6l67JUB1XY4bLT0bHKWgjJkQRXkLPs2+MPZzyTBW4IQnECltPo3Gs9B8mZb14t+w9czV6NK9G6L7gmLl2aEElnXjJh5hkfY86y2DHZClyCbY2OEXXE9yBsET4gRb3unMTcbe8MyC0egKFxbguTtTZjnFYmyMOFU8VQtkz97nUJYMV0Q401oI220RgK1qQ6Y9hR7tMgkh/FTumgfMSX2UGTmQlxII0QNS+zSidkco2yftwb/xyJSedWMEMiSWtAlasgrcU1BXNODG1gGrE1Aiq0levYG2/tjFtK1gmSnfeA8JnDIExbFoHfHrYGbNnb61AiAnp9tJVa2vGL8UtP8W0L/SH487WlxpAc78ol+xK/t7qy4LBohFVFUJSukuS/KVdIqpMR1srLAQrskHEAUAScKOxK0ifUwZKlGSzvLTnxpyoEw0aKyImGhdelap3y2rgizmorD/6iTY9oHSdpQxYKo//KKeAWva7DETQLY+tvgUksSRgdtBBw2y5O2aTHkPooz/4PWCtkHMvoWcUVfKifKfgaA0TXYRL6VWDaofKSlx2C0KqMZPcPdT2QdyY1VQx7MPiy3KnkBX2nDGpvnuyl4uAKRRbpu9E6IRp3iq48KQrTZO45xRIxZcZvrYfcswdT34/DrBTqMmq7FJxjBWwQ7l/B4Sy4V/TC6fHerY4ou50jchf8CTAvjRxhz5agpZrs6HgpcdQwjpdakLfmSF3D1tgMUil7WU+HsTuEZcWbKc50Z77LwIqjyfvNTLghuitVd/qN0Y6p9FsNbVWCYuYuRi+CgzCJjGQ49jHA81Upeqe63KP8RTDMvi+fgv6Y/9o2dFvWRHGmjYuJDi710/nDxib+x5bAl/r/jtcyNlTMwKg/0l/KYxmX1hHqmVOFljncVecZeZYSDdcZ3ZvMZbcOElSYvUehxvBi60a2BLTAP5yQy+GBAaEDens2EjVj4aFyBlBKfP5zEgSCRednvZ7PMII7EMdUiIF6jiZ7dmimAGudJ6PS+UNGVtg5yc+NZeaUnAT/3Z8+arcZvONFO/j4hJoiwlWB3eiHSFm9ZaCLpVnG3rVk4DCvHbw7rUyyuLTfTDv1TUeimZsP86lIT5CiB/F14Nk1hG10XxTVW4B7qpsTYAqLtkQBTc+TICN3wTUpME4CTnAHPhm+zKqIwcjZR0v+zgZhzfNbyQP6h+QlzQS1PsQ=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 0tzTsCFC5px7f25QqhbMkG5tPWz1Kwjf5FVCu5gG0bi1URO735nj8Q12LFz01RnaM9xFAgFnURZLPQNDkvQr7jwu2pqxtP/FKO100YSVsDCvbt2QGcy2z46Py0MkLbqAgQEju7nirEBb2KKLoCIhPqYOAeFA5/GLwbDxG97iS3519DlDLl/b38fYDU3JWCS/mnb/ddHCxgGAQWiCX+hr9EmBlk9lZwiVdmfp3J5jdYjIrVFI1cyf1oULekcBSShtoVrEwYa6fWMCgVySgAoeqxZqvnKj0JFYzlpZ6aXMQgqxEYoHZRkQy2cblRov0R76BvJ1lXD7xUt2UYpiJaVEfMRYvAg2agmc2sakWhP1PwKBzmd/ZOraaz7P3vePpR+FyyyrEtMENsTNMzOnPl04TONiNLSb6khGQVP+sYwTv8o=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2019 19:16:37.0986 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 568c7bb8-4a89-4cc0-45f4-08d698fa4462
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0101MB3002
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/fJXPzl_vQ9ZejeTuI38_xzz5uqA>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 19:16:43 -0000

On Fri, Feb 22, 2019 at 06:53:49PM +0000, Alexey Melnikov wrote:
> Hi Benjamin,
> 
> > On 22 Feb 2019, at 17:09, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> >> On Thu, Feb 21, 2019 at 09:11:40AM +0000, Alexey Melnikov wrote:
> >> Hi Benjamin,
> >> Thank you for your extensive comments.
> >> 
> >> In this email I will concentrate on [most of] your DISCUSS points:
> >> 
> >>> On 21 Feb 2019, at 05:27, Benjamin Kaduk <kaduk@mit.edu> wrote:
> >>> 
> >>> ----------------------------------------------------------------------
> >>> DISCUSS:
> >>> ----------------------------------------------------------------------
> >>> 
> >>> There's a lot here, and I was not reading in the best of environments,
> >>> so it's quite possible that I am just confused or missed something while
> >>> reading.  On the whole, this document is well-written and gives me a
> >>> good picture of how things work.  That said, there are still some places
> >>> where it looks like we may need to have some discussions...
> >>> 
> >>> This document (twice) has a MUST requirement for HTTP over TLS, which
> >>> seems to exclude any future usage of HTTP/3 over QUIC.  (It's also
> >>> probably not needed to repeat the normative requirement in two places; I
> >>> noted both in the COMMENT section.)
> >> 
> >> I think requiring a specific version of HTTP and underlying transport is right. Future versions of HTTP and different transports like QUIC are different mappings and I think would need a separate document, even if a short one.
> >> 
> >> Having said that, if you can show some specific wording that would address your concern, the WG should consider.
> > 
> > My original thought was something about "MUST use TLS transport or
> > transport that provides equivalent cryptographic protections", but that's
> > subject to interpretation.  Is there a reason why we can't just require the
> > https:// scheme?  While I haven't been following as closely as I would
> > like, my understanding was that QUIC's HTTP/3 would continue to use that
> > scheme.
> 
> I think https:// would be more agreeable.
> 
> >>> Section 1.6.2 asserts that "all data belong to a single account".  And
> >>> yet, we seem to have PushSubscription objects in Sections 7.2.1 and
> >>> 7.2.2 that disclaim any relationship to an account, which seems
> >>> internally inconsistent.  It's also unclear to me from the text in the
> >>> latter sections what mechanism is used to determine whether a given
> >>> request is authorized to see a given PushSubscription object.  Is it
> >>> supposed to be based on the authentication credentials to the API
> >>> service directly, or a user abstraction, or something else?
> >> 
> >> Editors should reply to this.
> >> 
> >>> 
> >>> Section 5.3
> >>> 
> >>>  Some records may hold references to other records (foreign keys).
> >>>  That reference may be set (via create or update) in the same request
> >>>  as the referenced record is created.  To do this, the client refers
> >>>  to the new record using its creation id prefixed with a "#".  The
> >>>  order of the method calls in the request by the client MUST be such
> >>>  that the record being referenced is created in the same or an earlier
> >>>  call.  The server thus never has to look ahead.  Instead, while
> >>> 
> >>> I think this means you need to specify what order the server does the
> >>> create, update, and destroy lists in -- that is, that all creates are
> >>> done before all updates, etc..
> >> 
> >> I think you misunderstood: the order is important and all operations are performed in the order specified (so there is no internal reordering to be done by the server). If the client references something that wasn't yet created, it is a client error and will be reported accordingly.
> > 
> > Okay, so the client gets to pick which order the 'create', 'update', and
> > 'delete' arguments appear, and the server must do everything in order, both
> > the order within the contents of the 'create' array and amongst
> > create/update/delete?  
> 
> I think the document says that, but I need to double check.

I think the document says the order within each of those three arrays is
relevant; what I am not sure the document says is that the client specifies
an order to (e.g) "do the entire create array before the update array".

> > That is certainly deterministic enough for me,
> > though I didn't see much in the text to give the impression that the
> > order in which arguments appeared was relevant, especially since we claim
> > to be using I-JSON and RFC 7943 says "the order of object members in an
> > I-JSON message does not change the meaning of an I-JSON message".
> 
> Unlike the order of attributes in a structure, the order of elements in arrays is significant and JSON preserves it.

Yes, though that's not what I'm concerned about.

-Benjamin

> > 
> >>> Section 5.5
> >>> 
> >>> The Unicode Collation Algorithm (<http://www.unicode.org/reports/tr10/>
> >>> is not listed in the IANA collation registry for internet application
> >>> protocols; since the session object limits the collationAlgorithms to
> >>> those in the registry, at present, it is not permitted to use that
> >>> collation algorithm.  It would seem that this document should stimulate
> >>> the registration of that collation algorithm in some fashion (whether by
> >>> explicitly doing so in its IANA Considerations or otherwise).
> >> 
> >> I think this is fair. 
> >>> 
> >>> Section 7.1
> >>> 
> >>>  o  *changed*: "Id[TypeState]" A map of _account id_ to an object
> >>>     encoding the state of data types that have changed for that
> >>>     account since the last StateChange object was pushed, for each of
> >>> 
> >>> I don't see how these semantics provide the properties stated in Section
> >>> 7, "[i]t doesn't matter if some push events are dropped before they
> >>> reach the client; it will still get all changes next time it syncs."  In
> >>> particular, if the client misses a state change for the CalendarEvent
> >>> type, and then no other changes that affect CalendarEvents occur, the
> >>> client will remain unaware of the changes to CalendarEvents, even if
> >>> other push notifications for other types come in.  Am I misunderstanding
> >>> one or more of the behavior or stated guarantees?
> >> 
> >> I think you do. Clients will periodically poll. Once they do, they will be able to recover all missing notifications due to use of sequence numbers.
> > 
> > Er, you think that I do understand correctly?
> 
> I meant “you don’t” :-)
> 
> > We should probably mention the expectation of polling (as well as
> > subscribing to pushes), then.
> 
> Fair enough.
> 
> 
> Best Regards,
> Alexey

v2.23.0 | Report a Bug | By Email