[Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-websocket-05: (with COMMENT)

Benjamin Kaduk via Datatracker <noreply@ietf.org> Tue, 18 February 2020 00:23 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: jmap@ietf.org
Delivered-To: jmap@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D539E12002E; Mon, 17 Feb 2020 16:23:57 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-jmap-websocket@ietf.org, Jim Fenton <fenton@bluepopcorn.net>, jmap-chairs@ietf.org, fenton@bluepopcorn.net, jmap@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.117.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <158198543786.24029.15031679428277039203.idtracker@ietfa.amsl.com>
Date: Mon, 17 Feb 2020 16:23:57 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/gbtdAUMr3JzERImbCBgMSg_mztI>
Subject: [Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-websocket-05: (with COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2020 00:23:58 -0000

Benjamin Kaduk has entered the following ballot position for
draft-ietf-jmap-websocket-05: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-jmap-websocket/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for addressing my discuss points (and comments!) on the -04!
I do want to have a bit more discussion in light of the late-breaking
secdir review, though.  Specifically, RFC 6455's security considerations
have significant discussion of the web's "Origin" concept and how it
applies both in the case of trusted browsers running untrusted
javascript, and potentially untrusted native applications.  I did not
see any follow-up discussion in response to the secdir reviewer's
comments, and wonder if we need to say anything about the relationship
between the Origin of the JMAP API endpoint and the websocket endpoint.

I'd also like to have a bit of discussion about the risks of
compression, which I mentioned in my comments on the -04 but don't
remember seeing any follow-up on.

Section 4.3.1

What's the difference between an unsupported JMAP vs. unsupported JSON
object?  E.g., what would make something "well-formed JMAP" but still
unsupported?

Section 5

It's best to refer to RFC 7525 as BCP 195, to incorporate any future
updates.