Re: [media-types] AD review of draft-ietf-dispatch-javascript-mjs-09
Mathias Bynens <mths@google.com> Mon, 30 August 2021 06:47 UTC
Return-Path: <mathiasb@google.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D58D93A1625
for <media-types@ietfa.amsl.com>; Sun, 29 Aug 2021 23:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.597
X-Spam-Level:
X-Spam-Status: No, score=-17.597 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5,
USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=google.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id qg3zrnNYqOTP for <media-types@ietfa.amsl.com>;
Sun, 29 Aug 2021 23:47:18 -0700 (PDT)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com
[IPv6:2607:f8b0:4864:20::629])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C25323A1626
for <media-types@ietf.org>; Sun, 29 Aug 2021 23:47:17 -0700 (PDT)
Received: by mail-pl1-x629.google.com with SMTP id m4so8001763pll.0
for <media-types@ietf.org>; Sun, 29 Aug 2021 23:47:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=l6dPLy2qOH8UXaakF/Pj39LuFC1gQbQyQOIBzUT5XOU=;
b=lgqM4SQ3F/PzE37VhUQY23/AJM5EiNT/BBa7D5WOEnuxzTC0jqZ8oNKsRh/lLNc5a2
hnBbREbsoDsytk3G1PmvK7hGhj6zXNAz+wL3G34Vgbwqd2mqeQ40s3OvkWBQlbGNjUiJ
bBzrgA1G7FtDFJd7BEGsaKO3trIzhE6M+3lrAdiN5WmFT/0vqF7mYcYKdOPtA/B5EMRI
eiohWW2DBEoQM5aTlfI0qnUMy2q07qa9QbPqPsSRgxPzbiWwCXlHEmkcVkLutUgJGV7G
Vtbk2fVPH0Vx0BRDRhbKPVpwmGdpuuk31qe8WcMSreTSxFTcvRTHW62qBCCZABSw6Ej3
ZIgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=l6dPLy2qOH8UXaakF/Pj39LuFC1gQbQyQOIBzUT5XOU=;
b=iPG6CCnCyt/d8NCTGuvWKBgJf0S/x3mPzJCwAXZYRleiBpRSA2c0qYvqZDYlhXOyEo
rxOCU4T/hkY+1wp7WZ+9Az1kbjA/ofx/FhXgjRxdWsoZyF+qYviii4k5wvI41de8tcjR
F7QW4P+VSsIJj5MlFKZPQ83OrPFwYEgxdpVWbgnOZHcRfHw2dyD5ss+YgTHOu/LSRAsN
S3m23MJ9QouXqoGmyYTyGfAVz2P7E+8EiLwR28DUmyXVJlIij0edebQyvZQNDQyqxP7T
YS2HM1H57U+PbkEM+cLsIQa4qZrZqAZPUpKfmFUyEQ4wib6vORGAkX71sypss4WxuNtW
t6dg==
X-Gm-Message-State: AOAM5325vC+PhHUxDX4lnJc9ol4rtzEjJlhx/0nHxJncG25Zrq5nnp6e
56fmTDu26YiR8scLC6bAYDU6yOAKf4mNF3+1WnP4AQ==
X-Google-Smtp-Source: ABdhPJzDxralNsiCVR9JN3n0pcFWdYcWTo6/CnbXgux+Oo6oUU6DpOXoRzqDATsznebaWpDdaYcUWdBwXj+FmVcvQsg=
X-Received: by 2002:a17:902:d504:b029:12d:4cb3:397e with SMTP id
b4-20020a170902d504b029012d4cb3397emr20862924plg.41.1630306035945; Sun, 29
Aug 2021 23:47:15 -0700 (PDT)
MIME-Version: 1.0
References: <4747725C-5B58-4CCF-8C05-856A02FE7055@ericsson.com>
<CADizRga_PVNVEJvHFp_0DT4ZWQp9cn7Y+Wk72UV5itC0A7oEhQ@mail.gmail.com>
In-Reply-To: <CADizRga_PVNVEJvHFp_0DT4ZWQp9cn7Y+Wk72UV5itC0A7oEhQ@mail.gmail.com>
From: Mathias Bynens <mths@google.com>
Date: Mon, 30 Aug 2021 08:47:04 +0200
Message-ID: <CADizRgaq_4TFNvpfFWx7KwO4KH49dFzYiHcH-L2ZG0q1tYJ=Cg@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: "draft-ietf-dispatch-javascript-mjs.all@ietf.org"
<draft-ietf-dispatch-javascript-mjs.all@ietf.org>,
"dispatch@ietf.org" <dispatch@ietf.org>,
"media-types@ietf.org" <media-types@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000263b3c05cac134dd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/J9bpKgXHMK1-hmBnHQOTPgkeDn8>
Subject: Re: [media-types] AD review of draft-ietf-dispatch-javascript-mjs-09
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type,
Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>,
<mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>,
<mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2021 06:47:25 -0000
Hi Francesca, We’ve worked through your feedback (*italic* below). Here are our responses (*bold*): ## Main 1. ---- FP: This document is presented in the Abstract, Introduction and Compatibility section as aiming to update some IANA registrations for the media types mentioned, as well as documenting current usage of these media types. Because of that, I am not convinced about the use of BCP 14 language: if the intent is documenting current practices, most of these BCP 14 terms should be replaced by explanations on how implementations behave. To give an example of my concern, for the following paragraph in Section 4: Implementations that support binary source text MUST support binary source text encoded using the UTF-8 [RFC3629] character encoding scheme. Module goal sources MUST be encoded as UTF-8, all other encodings will fail. Source goal sources SHOULD be encoded as UTF-8; other character encoding schemes MAY be supported, but are discouraged. FP: Are these requirements that should have been there in RFC 4329 and are being added now? Are these how most implementations already behave? Would it not make more sense to reformulate this paragraph to describe implementations behaviour, rather than mandate and recommend? Why using BCP 14 terms? This comment applies to all new occurrences of BCP 14 terms (it does not to apply to sections taken from RFC 4329, such as the first paragraph of section 4.1). We believe this has already been addressed by the shepherd earlier in the thread. 2. ---- FP: Maybe more of a question: why is the "Encoding considerations" field in all subsections of section 6.1 "binary"? RFC 4329 did have more text about the encoding, is that obsoleted? Did I miss in which part of the draft this is discussed? This was done in response to Media-Type Early Review comments: https://github.com/linuxwolf/bmeck-ids/pull/25 3. ---- FP: "Published specification" field of each subsection of section 6.1 is "this document". I don't believe that is correct, and it should instead point to the correct specification (so JS 1.5, ECMAScript etc). This was done in response to Media-Type Early Review comments: https://github.com/linuxwolf/bmeck-ids/pull/25 4. ---- FP: I would also add RFC 4329 authors as "Person & email address to contact", as well as "Author" for those media types that 4329 registered. Please let me know if this is not common practice, but it seems logical to me to have both you authors and previous authors. This does not appear to be common practice. E.g. RFC 54 (by Crocker, Postel, Newkirk, Kraley) was superseded by RFC 57 (by Kraley & Newkirk). We’d prefer proceeding in line with this precedent, given that including the original authors complicates the process further (since it would require their explicit approval of all our changes before moving forward). 5. ---- FP: I believe it would make sense to modify the IANA media type registry to add an "OBSOLETED in favor of ..." note in the name column of all those media types obsoleted. I think this requires a new IANA section. I think this refers to the document at https://www.iana.org/assignments/media-types/media-types.xhtml, and not our draft. Am I misunderstanding? What changes would this require to our draft? 6. ---- FP: There are 4 occurrences of media types where Intended usage is OBSOLETE, but the Restriction on usage does not have the same sentence as all the other obsolete ones: This media type is obsolete; current implementations should use text/javascript as the only JavaScript/ ECMAScript media type. I think this is an overlook, is that correct? Good catch! Patch: https://github.com/linuxwolf/bmeck-ids/pull/36/files ## Minor 7. ----- FP: Please consider adding some text in the introduction mentioning that this document expands on the security considerations. I appreciate this work on the Security Considerations section was done, and believe the BCP 14 terms make sense there. It should just be highlighted better in the introductory part of the document. Patch: https://github.com/linuxwolf/bmeck-ids/pull/42 (still under review) 8. ----- FP: I am not sure RFC3986 and RFC3987 need to be a normative reference, given the only place they appear is a paragraph stating how this document does not define processing of fragment identifiers. Fixed: https://github.com/linuxwolf/bmeck-ids/pull/40 <https://github.com/linuxwolf/bmeck-ids/pull/40/files> 9. ----- FP: I'd suggest adding section numbers when referring to [ECMA-262] sections, instead of just names. The ECMAScript specification is a “living standard”, and the section numbers change frequently as new chapters are introduced or sections are moved around. Using the section names is a more stable, future-proof way to refer to specific parts of the spec. Given that, would you be okay with keeping this as-is? Alternatively, we could add links to the specific sections in the latest draft spec, e.g. https://tc39.es/ecma262/#sec-source-text — these URLs are stable, too, but I don’t think there is precedent for this in any existing RFC. 10. ----- javascript. Differences in ECMAScript versions have been better dealt with in the processors. FP: "in the processors" - I am not sure what is meant here, might be worth considering rephrasing for clarity. I think we can just remove this sentence. Patch: https://github.com/linuxwolf/bmeck-ids/pull/37/files 11. ----- Refer to [RFC6265] for a discussion of terminology used in this section. Source text (as defined in [ECMA-262], section "Source FP: I am confused by what part of 6265 is relevant regarding terminology used in this section. Maybe adding a section pointer would help. This was a typo, introduced while bringing over text from RFC 4329 and updating then-obsoleted references. It should be 6365 (Terminology Used in Internationalization in the IETF), which obsoleted 3536 (Terminology Used in Internationalization in the IETF), which is what 4329 (the document we’re obsoleting) referred to. Patch: https://github.com/linuxwolf/bmeck-ids/pull/43 12. ----- separately for purposes of external storage and retrieval. An implementation's internal representation of source text and source text are not considered binary source text. FP: I have a hard time parsing "and source text", in the context of the sentence. What's the difference with "an implementation's internal representation of source text"? (this might be me not understanding the phrasing) This was a typo. Patch: https://github.com/linuxwolf/bmeck-ids/pull/41/files 13. ----- FP: Section 6 - IANA Considerations: please consider adding a link to the media type registry. In search of an example, I looked at recent media type RFCs (e.g. RFC8878, RFC8478, RFC8351), and none of them seem to do this. I’ve suggested a change: https://github.com/linuxwolf/bmeck-ids/pull/39/files but please let me know if you had something else in mind. ## Nit 14. ---- of additional scripts, called importing. Implementations that support modules need to process imported sources in the same way scripts. Further, there may be additional privacy and security FP: "in the same way script" - is it missing an "as"? Fixed: https://github.com/linuxwolf/bmeck-ids/pull/34/files Once the remaining questions are addressed, we’ll be happy to cut a new (final?) version of the doc. Thanks, Mathias Bynens on behalf of the draft-ietf-dispatch-javascript-mjs authors On Thu, Aug 26, 2021 at 4:39 PM Mathias Bynens <mths@google.com> wrote: > Thank you Francesca for your thorough AD review! We (the authors) are > currently working on addressing your comments. I’ll reply to this thread > once we have an answer for all of the points you’ve raised. > > On Tue, Aug 24, 2021 at 5:49 PM Francesca Palombini < > francesca.palombini@ericsson.com> wrote: > >> Thank you for the work on this document. This is my AD review. >> >> I have divided comments into "main", "minor" and "nits". I'd like to have >> a discussion on my main comments before requesting the IETF Last Call. On >> the other hand, you can address the minors and nits together with any >> additional Last Call comments you will get. As I am coming in late to the >> process, please understand that I don't mean to re-hash existing >> discussions that I am not aware of, and I appreciate your patience: feel >> free to point me to previous discussion (and conclusions) I might have >> missed, if relevant. >> >> For the minor comments - some of these are suggestions or questions which >> I hope will help improve readability, which you can decide to take or leave >> as you please. >> >> Francesca >> >> ## Main >> >> 1. ---- >> >> FP: This document is presented in the Abstract, Introduction and >> Compatibility section as aiming to update some IANA registrations for the >> media types mentioned, as well as documenting current usage of these media >> types. Because of that, I am not convinced about the use of BCP 14 >> language: if the intent is documenting current practices, most of these BCP >> 14 terms should be replaced by explanations on how implementations behave. >> To give an example of my concern, for the following paragraph in Section 4: >> >> Implementations that support binary source text MUST support binary >> source text encoded using the UTF-8 [RFC3629] character encoding >> scheme. Module goal sources MUST be encoded as UTF-8, all other >> encodings will fail. Source goal sources SHOULD be encoded as UTF-8; >> other character encoding schemes MAY be supported, but are >> discouraged. >> >> FP: Are these requirements that should have been there in RFC 4329 and >> are being added now? Are these how most implementations already behave? >> Would it not make more sense to reformulate this paragraph to describe >> implementations behaviour, rather than mandate and recommend? Why using BCP >> 14 terms? >> This comment applies to all new occurrences of BCP 14 terms (it does not >> to apply to sections taken from RFC 4329, such as the first paragraph of >> section 4.1). >> >> 2. ---- >> >> FP: Maybe more of a question: why is the "Encoding considerations" field >> in all subsections of section 6.1 "binary"? RFC 4329 did have more text >> about the encoding, is that obsoleted? Did I miss in which part of the >> draft this is discussed? >> >> 3. ---- >> >> FP: "Published specification" field of each subsection of section 6.1 is >> "this document". I don't believe that is correct, and it should instead >> point to the correct specification (so JS 1.5, ECMAScript etc). >> >> 4. ---- >> >> FP: I would also add RFC 4329 authors as "Person & email address to >> contact", as well as "Author" for those media types that 4329 registered. >> Please let me know if this is not common practice, but it seems logical to >> me to have both you authors and previous authors. >> >> 5. ---- >> >> FP: I believe it would make sense to modify the IANA media type registry >> to add an "OBSOLETED in favor of ..." note in the name column of all those >> media types obsoleted. I think this requires a new IANA section. >> >> 6. ---- >> >> FP: There are 4 occurrences of media types where Intended usage is >> OBSOLETE, but the Restriction on usage does not have the same sentence as >> all the other obsolete ones: >> >> This media type is obsolete; current >> implementations should use text/javascript as the only JavaScript/ >> ECMAScript media type. >> >> I think this is an overlook, is that correct? >> >> ## Minor >> >> 7. ----- >> >> FP: Please consider adding some text in the introduction mentioning that >> this document expands on the security considerations. I appreciate this >> work on the Security Considerations section was done, and believe the BCP >> 14 terms make sense there. It should just be highlighted better in the >> introductory part of the document. >> >> 8. ----- >> >> FP: I am not sure RFC3986 and RFC3987 need to be a normative reference, >> given the only place they appear is a paragraph stating how this document >> does not define processing of fragment identifiers. >> >> 9. ----- >> >> FP: I'd suggest adding section numbers when referring to [ECMA-262] >> sections, instead of just names. >> >> 10. ----- >> >> javascript. Differences in ECMAScript versions have been better >> dealt with in the processors. >> >> FP: "in the processors" - I am not sure what is meant here, might be >> worth considering rephrasing for clarity. >> >> 11. ----- >> >> Refer to [RFC6265] for a discussion of terminology used in this >> section. Source text (as defined in [ECMA-262], section "Source >> >> FP: I am confused by what part of 6265 is relevant regarding terminology >> used in this section. Maybe adding a section pointer would help. >> >> 12. ----- >> >> separately for purposes of external storage and retrieval. An >> implementation's internal representation of source text and source >> text are not considered binary source text. >> >> FP: I have a hard time parsing "and source text", in the context of the >> sentence. What's the difference with "an implementation's internal >> representation of source text"? (this might be me not understanding the >> phrasing) >> >> 13. ----- >> >> FP: Section 6 - IANA Considerations: please consider adding a link to the >> media type registry. >> >> ## Nit >> >> 14. ---- >> >> of additional scripts, called importing. Implementations that >> support modules need to process imported sources in the same way >> scripts. Further, there may be additional privacy and security >> >> FP: "in the same way script" - is it missing an "as"? >> >> >>
- [media-types] AD review of draft-ietf-dispatch-ja… Francesca Palombini
- Re: [media-types] [dispatch] AD review of draft-i… Ben Campbell
- Re: [media-types] [dispatch] AD review of draft-i… Francesca Palombini
- Re: [media-types] AD review of draft-ietf-dispatc… Alexey Melnikov
- Re: [media-types] AD review of draft-ietf-dispatc… Mathias Bynens
- Re: [media-types] AD review of draft-ietf-dispatc… Mathias Bynens
- Re: [media-types] AD review of draft-ietf-dispatc… Francesca Palombini
- Re: [media-types] AD review of draft-ietf-dispatc… Mathias Bynens
- Re: [media-types] AD review of draft-ietf-dispatc… Francesca Palombini
- Re: [media-types] AD review of draft-ietf-dispatc… Mathias Bynens
- Re: [media-types] AD review of draft-ietf-dispatc… Mathias Bynens
- Re: [media-types] AD review of draft-ietf-dispatc… Francesca Palombini