IETF Logo Mail Archive

Re: [Jmap] [Last-Call] [art] Artart last call review of draft-ietf-jmap-contacts-06

Bron Gondwana <brong@fastmailteam.com> Mon, 08 April 2024 04:07 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5F4BC14F683; Sun, 7 Apr 2024 21:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b="QpDqVkF7"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="Xi+7MD9M"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y92LO6Y2umNh; Sun, 7 Apr 2024 21:07:17 -0700 (PDT)
Received: from wfout6-smtp.messagingengine.com (wfout6-smtp.messagingengine.com [64.147.123.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86608C14F60A; Sun, 7 Apr 2024 21:07:16 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.west.internal (Postfix) with ESMTP id 118CC1C0010D; Mon, 8 Apr 2024 00:07:07 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Mon, 08 Apr 2024 00:07:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:cc:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1712549227; x=1712635627; bh=oGBK7t3ZgG1x0AywDKLu2gDS5IqBWlCEQuEdgwSGplw=; b= QpDqVkF7kGzzgzhVLR6K8Ssbyp61OR0qY49GdlojMUWOhz47Z2pD4JqvSMmlUUta 8H9s5aohtC/le3LvsmSxNwzVepXvb6brzRbt+R+zsE7LEMKkBIzGGEbjgvFmFE4B cMJvnUV3i9BbLzshqsSmN1O0opJeVOwV+vx9K7RR32AM9y+/jlEfkAzAtkxCNn1g TXZwEJKcw2Iz7WOo9LWJj1s264udkXkSYhAx39qxjkOXzUtYd8/ivtbreB6EUYzy Zl494tTq9k+QgdHEKZJgaP0GMA/ahaTP2O+V7g1ADwlJtxGuAyUW+Qh2Yirj36XQ advwUwvfjpasrEILUDOHNA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1712549227; x=1712635627; bh=oGBK7t3ZgG1x0AywDKLu2gDS5IqB WlCEQuEdgwSGplw=; b=Xi+7MD9M+VuArYZCHMVMAdun0XlSoeDQsMaBZ0UuICny 9y0DSSxX8VDuSKAlFeck7L6AqMzY+dPCjZ++eUWKU0fF32r4EgngQ19y70gR/1nF ulb0XTTAimgb0P/Id511qTeOJNOqXgBWIEgrGy7JObLzrdWC2vvxUnedY69CTHga Nq9fquIa849nw1jxJVZs/54stPSdtjKCWlGJA1FNY8SjGGq49w23IwqV7DZA/Ofy KrCuBSwgp7u+kR3T8YGBoK1BJRhkaau05TQ0nxOuxIhWkM9W8Caa2J/6EwYPARAy KmQxm0rtBJKyqpdjhQA33OLrzj0iXxUSt4725SyoWQ==
X-ME-Sender: <xms:a20TZsACxJAXl_JypN3gdbeG6fCqK86IDex3WaKEm0Ttjh800Kk-zQ> <xme:a20TZujH4w6yTKRWMeR0R-etlzw1NE0sdHFNQ-Em7DZMZXa-pqcmkS89rayw1UOQn eLfiXPuMhw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeghedgjeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsegrtderreerredtnecuhfhrohhmpedfuehr ohhnucfiohhnugifrghnrgdfuceosghrohhnghesfhgrshhtmhgrihhlthgvrghmrdgtoh hmqeenucggtffrrghtthgvrhhnpeegueehfeegueefveeiudelueelvdegtdehffeltdel ffeuiefgueekkeektedtvdenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepsghrohhnghesfhgrshht mhgrihhlthgvrghmrdgtohhm
X-ME-Proxy: <xmx:a20TZvnl1m3yJnqUBuJjBOb7YAQD29wD5pUN5yNcra_kx9yJtQgZ0g> <xmx:a20TZiwNjQv-66sPdC7_Ya6BgIN6RiOdYlhEC9C3f4Xgw34EAHLMUQ> <xmx:a20TZhToty2f-tWLI_E3Vd-oOBXpJRqB4bpt1RanBk1I_9O0BLn1eg> <xmx:a20TZtZkJn00i_Q6oHS8YPLE5exFC4fKvLcvyjdkoq8fEotqwTPfuA> <xmx:a20TZqK26kvh7j-GcqK3bbnX660eY5yjI7SJebPlkesuy3Crov1WjSDd>
Feedback-ID: i2d7042ce:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 13DF52D4007D; Mon, 8 Apr 2024 00:07:07 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-368-gc733b1d8df-fm-20240402.001-gc733b1d8
MIME-Version: 1.0
Message-Id: <58438804-1a10-4a86-8f87-d449c0db542a@betaapp.fastmail.com>
In-Reply-To: <94FE04C6853F55BF4B1C1FFB@PSB>
References: <171112316193.8644.5801107423421446407@ietfa.amsl.com> <1C02FE5D-624B-4BBE-A7F3-91EDF54CDE4F@tzi.org> <b5fac088-9eb3-4ede-a266-f943aeaab076@stpeter.im> <4E9A8148-9EFE-4448-B94E-96FBDB6A2B9A@tzi.org> <06c317c8-8d14-4d78-a4c9-9c44cfc3ec31@stpeter.im> <03ef2b74-19d2-43c1-9c5b-b0aa315c8738@dogfoodapp.fastmail.com> <5c10be7c-8913-46f5-a0bd-e28102624d88@stpeter.im> <C42C278BC5CB8F3EE2920E99@PSB> <521b092a-6490-4fe2-9126-961335a1892b@stpeter.im> <94FE04C6853F55BF4B1C1FFB@PSB>
Date: Mon, 08 Apr 2024 14:06:40 +1000
From: Bron Gondwana <brong@fastmailteam.com>
To: John C Klensin <john-ietf@jck.com>, Peter Saint-Andre <stpeter@stpeter.im>
Cc: "art@ietf.org" <art@ietf.org>, draft-ietf-jmap-contacts.all@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>, last-call@ietf.org
Content-Type: multipart/alternative; boundary="cebdf897ff1049aaa31a753f961f4999"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/lM84Mwa4biRS-Kxg26957UtV4Hg>
Subject: Re: [Jmap] [Last-Call] [art] Artart last call review of draft-ietf-jmap-contacts-06
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 04:07:22 -0000

On Mon, Apr 8, 2024, at 01:09, John C Klensin wrote:
> Having just reread the charter, I think the latter situation --
> including the need to revise the charter and downgrade specs-- if not
> appropriate, or even tenable.  But, if that is the case, then, while
> it would be reasonable for a spec to explicitly discuss, e.g., what
> JMAP implementers are doing, an IETF Standards Track spec should
> still be specifying The Right Thing to Do rather than ignoring that
> and specifying current implementation practice alone.  
> 
> This is not just about formalities.  As has been pointed out
> elsewhere, unrestricted use of arbitrary UTF-8 strings will last in a
> particular context up to the point that some problem occurs that
> receives wide publicity and perhaps ridicule for the implementers.
> It would be far more appropriate (and desirable) for the IETF to
> specify what should be done when (and if) people get the message than
> to say nothing and be among the ridiculed.   If we know the potential
> problems, let's not put those implementers in the position of being
> able to say "no one ever told us about that".

There's a related issue here which is that jmap-contacts is largely transporting jscontact, which is a format from the CALEXT working group, where there's a requirement to be cross compatible with VCARD (RFC 6350), an existing IETF format which has this to say about UTF-8:

3.1 <https://datatracker.ietf.org/doc/html/rfc6350#section-3.1>.  Charset

   The charset (see [RFC3536 <https://datatracker.ietf.org/doc/html/rfc3536>] for internationalization terminology) for
   vCard is UTF-8 as defined in [RFC3629 <https://datatracker.ietf.org/doc/html/rfc3629>].  There is no way to override
   this.  It is invalid to specify a value other than "UTF-8" in the
   "charset" MIME parameter (see Section 10.1 <https://datatracker.ietf.org/doc/html/rfc6350#section-10.1>).

   NON-ASCII = UTF8-2 / UTF8-3 / UTF8-4
     ; UTF8-{2,3,4} are defined in [RFC3629 <https://datatracker.ietf.org/doc/html/rfc3629>]

   VALUE-CHAR = WSP / VCHAR / NON-ASCII
     ; Any textual character

In order to round-trip values between VCARD and jscontact, it is necessary to be able to represent values found in arbitrary real-world VCARDs.

...

Meanwhile, there is the issue of the fields which are specific to jmap-contacts and other future JMAP specs.  On the one hand, we could specify a restricted character set range for these free-text fields (being aware that servers may also have their own stricter restrictions on legal values for various reasons); however this would create a distinction between free text fields in these specs and free-text fields in other already published JMAP specs, increasing the complexity for server implementations, who would need different validators.

Also, it's unlikely that clients will all validate their input values - and clients will also need to handle misbehaving servers sending them invalid content; so I don't see the real world benefit to imposing this restriction given that it won't apply to all JMAP objects, or even all of jmap contacts' fields (given the need to remain compatible with RFC 6350 data).


I suggest saying something like this in the security considerations:

Servers SHOULD reject any attempt to set names using characters not in the Freeform Class as defined in PRECIS.

and

Clients SHOULD strip any characters not in the Freeform Class as defined in PRECIS before displaying strings.

Regards,

Bron.

--
  Bron Gondwana, CEO, Fastmail Pty Ltd
  brong@fastmailteam.com

v2.23.0 | Report a Bug | By Email