IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Fri, 22 February 2019 18:53 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB66130EBA; Fri, 22 Feb 2019 10:53:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=ZYTORz1R; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=vDf2v/Es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ocut6rsM6dXs; Fri, 22 Feb 2019 10:53:52 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 890A8130F4F; Fri, 22 Feb 2019 10:53:52 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 614FF2218B; Fri, 22 Feb 2019 13:53:51 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Fri, 22 Feb 2019 13:53:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=s rd5g6YYiaGGx4sFqwDH4DyZede+iOY9nZTpuKXhuaw=; b=ZYTORz1RhLHvoPkXZ sinRRT/JRHaZcQ5qCV6PN6Wvnyt+fZLdckSF75zuRV9AuRq5LVREX3dBNwY9rmSh P4+hTmd1Nr4mo3wFW8jGJC2BZd4En1Hv2Sv33dPc3KX9hqyQXe0Z/56M7J3caEGA vxsKBj4SNX4YpfRNBzoXXwlQQaSgVJtnz4BUn/+FnivRPAjgOeWtH5JiJjFdDDvE tCFgpB3HkWmUv7NS9NRIM+WPTR/PPLyunnI5xWqdqTSXhn+Ai8GwTvShBl0C5TB8 9dmxFccSgMmuJ7geO9Xyj44/OV1iGLi+iR6g0fnFARfZdmP1l+nT3wlNsGf+ku5z 1rnhg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=srd5g6YYiaGGx4sFqwDH4DyZede+iOY9nZTpuKXhu aw=; b=vDf2v/Ess/AOj+SIGkP7AEex2zw5s9Gapig/ZzXFvyE45cUgJ2yxP4ug1 s0zGDaUjD4mGsON/hP/SjOvDeXm9ud9HrtsBD3vF3r/RGR8gxKcWTXQRVCLm2HXQ ueUGDqgU0O95r2jzn+57M1hMTA4ITUur7+QLjv3EYUplpMVuLTDLMZG1hxjoHWhr HcGu1qu1niTLxxiPvV8yaEcEInHe8Adka5iSr03/aUMrA9nW6EdoP2ye6X23tBrQ BgtbpdZRnc7wBM0R0+LD8MlfjzZxGg8vX+DqxyRgRBgdiBKsdTKILzhVt6I8twrE rCUXGbtX06C7gljYCjlrLYza5fFsA==
X-ME-Sender: <xms:PkVwXOwmu3pA-DQsiLhqQT_e_OUH1srcWoZG4nUEnN_tM5OikWgD-g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddruddtgdduvddtucdltddurdegtdelrddttd dmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhht necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpegtggfuhffojgffgffkfhfvsehtqhhmtdhhtdejnecuhfhrohhmpeetlhgv gigvhicuofgvlhhnihhkohhvuceorggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfh hmqeenucffohhmrghinhepuhhnihgtohguvgdrohhrghdphhhtthhpfehovhgvrhhquhhi tgdrihhtnecukfhppedugeekrddvhedvrdduvdelrdefheenucfrrghrrghmpehmrghilh hfrhhomheprggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfhhmnecuvehluhhsthgv rhfuihiivgeptd
X-ME-Proxy: <xmx:P0VwXL6hAAZgyd2BdhseG9VWORuEMADyoodWOAMp1nV0TsUEUz1VMw> <xmx:P0VwXEZ3f2VLhpk8MluKl-ak8cAwzK-fzehoAwBvXmskk_hhNsD5yg> <xmx:P0VwXK9TCCsuBlCgHsiEVhTvrarJ7iXnW6Nx3NzNZt4HNXRGfaplTA> <xmx:P0VwXIzkgnJmASUZiz6tLjyHB5wfZP68HbQuFTY67tx1xKosSQnuxg>
Received: from [10.233.129.196] (unknown [148.252.129.35]) by mail.messagingengine.com (Postfix) with ESMTPA id 98EE6E412B; Fri, 22 Feb 2019 13:53:50 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <20190222170920.GA69562@kduck.mit.edu>
Date: Fri, 22 Feb 2019 18:53:49 +0000
Cc: The IESG <iesg@ietf.org>, brong@fastmailteam.com, draft-ietf-jmap-core@ietf.org, jmap-chairs@ietf.org, jmap@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <BEC257B1-267C-4F67-A942-3E22680E139B@fastmail.fm>
References: <155072687005.20308.1288342758446844678.idtracker@ietfa.amsl.com> <CEF846E0-DB3C-49DE-8649-B591AEA0B45D@fastmail.fm> <20190222170920.GA69562@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/kqZy16TW2dHPeG4kAQlVyHjLzPY>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 18:53:55 -0000

Hi Benjamin,

> On 22 Feb 2019, at 17:09, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
>> On Thu, Feb 21, 2019 at 09:11:40AM +0000, Alexey Melnikov wrote:
>> Hi Benjamin,
>> Thank you for your extensive comments.
>> 
>> In this email I will concentrate on [most of] your DISCUSS points:
>> 
>>> On 21 Feb 2019, at 05:27, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>> 
>>> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>> 
>>> There's a lot here, and I was not reading in the best of environments,
>>> so it's quite possible that I am just confused or missed something while
>>> reading.  On the whole, this document is well-written and gives me a
>>> good picture of how things work.  That said, there are still some places
>>> where it looks like we may need to have some discussions...
>>> 
>>> This document (twice) has a MUST requirement for HTTP over TLS, which
>>> seems to exclude any future usage of HTTP/3 over QUIC.  (It's also
>>> probably not needed to repeat the normative requirement in two places; I
>>> noted both in the COMMENT section.)
>> 
>> I think requiring a specific version of HTTP and underlying transport is right. Future versions of HTTP and different transports like QUIC are different mappings and I think would need a separate document, even if a short one.
>> 
>> Having said that, if you can show some specific wording that would address your concern, the WG should consider.
> 
> My original thought was something about "MUST use TLS transport or
> transport that provides equivalent cryptographic protections", but that's
> subject to interpretation.  Is there a reason why we can't just require the
> https:// scheme?  While I haven't been following as closely as I would
> like, my understanding was that QUIC's HTTP/3 would continue to use that
> scheme.

I think https:// would be more agreeable.

>>> Section 1.6.2 asserts that "all data belong to a single account".  And
>>> yet, we seem to have PushSubscription objects in Sections 7.2.1 and
>>> 7.2.2 that disclaim any relationship to an account, which seems
>>> internally inconsistent.  It's also unclear to me from the text in the
>>> latter sections what mechanism is used to determine whether a given
>>> request is authorized to see a given PushSubscription object.  Is it
>>> supposed to be based on the authentication credentials to the API
>>> service directly, or a user abstraction, or something else?
>> 
>> Editors should reply to this.
>> 
>>> 
>>> Section 5.3
>>> 
>>>  Some records may hold references to other records (foreign keys).
>>>  That reference may be set (via create or update) in the same request
>>>  as the referenced record is created.  To do this, the client refers
>>>  to the new record using its creation id prefixed with a "#".  The
>>>  order of the method calls in the request by the client MUST be such
>>>  that the record being referenced is created in the same or an earlier
>>>  call.  The server thus never has to look ahead.  Instead, while
>>> 
>>> I think this means you need to specify what order the server does the
>>> create, update, and destroy lists in -- that is, that all creates are
>>> done before all updates, etc..
>> 
>> I think you misunderstood: the order is important and all operations are performed in the order specified (so there is no internal reordering to be done by the server). If the client references something that wasn't yet created, it is a client error and will be reported accordingly.
> 
> Okay, so the client gets to pick which order the 'create', 'update', and
> 'delete' arguments appear, and the server must do everything in order, both
> the order within the contents of the 'create' array and amongst
> create/update/delete?  

I think the document says that, but I need to double check.

> That is certainly deterministic enough for me,
> though I didn't see much in the text to give the impression that the
> order in which arguments appeared was relevant, especially since we claim
> to be using I-JSON and RFC 7943 says "the order of object members in an
> I-JSON message does not change the meaning of an I-JSON message".

Unlike the order of attributes in a structure, the order of elements in arrays is significant and JSON preserves it.

> 
>>> Section 5.5
>>> 
>>> The Unicode Collation Algorithm (<http://www.unicode.org/reports/tr10/>
>>> is not listed in the IANA collation registry for internet application
>>> protocols; since the session object limits the collationAlgorithms to
>>> those in the registry, at present, it is not permitted to use that
>>> collation algorithm.  It would seem that this document should stimulate
>>> the registration of that collation algorithm in some fashion (whether by
>>> explicitly doing so in its IANA Considerations or otherwise).
>> 
>> I think this is fair. 
>>> 
>>> Section 7.1
>>> 
>>>  o  *changed*: "Id[TypeState]" A map of _account id_ to an object
>>>     encoding the state of data types that have changed for that
>>>     account since the last StateChange object was pushed, for each of
>>> 
>>> I don't see how these semantics provide the properties stated in Section
>>> 7, "[i]t doesn't matter if some push events are dropped before they
>>> reach the client; it will still get all changes next time it syncs."  In
>>> particular, if the client misses a state change for the CalendarEvent
>>> type, and then no other changes that affect CalendarEvents occur, the
>>> client will remain unaware of the changes to CalendarEvents, even if
>>> other push notifications for other types come in.  Am I misunderstanding
>>> one or more of the behavior or stated guarantees?
>> 
>> I think you do. Clients will periodically poll. Once they do, they will be able to recover all missing notifications due to use of sequence numbers.
> 
> Er, you think that I do understand correctly?

I meant “you don’t” :-)

> We should probably mention the expectation of polling (as well as
> subscribing to pushes), then.

Fair enough.


Best Regards,
Alexey

v2.23.0 | Report a Bug | By Email