Re: [nfsv4] My probable non-participation in IETF114 meeting -- missing agenda items
David Noveck <davenoveck@gmail.com> Wed, 17 August 2022 11:24 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2793DC1527A8 for <nfsv4@ietfa.amsl.com>; Wed, 17 Aug 2022 04:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRvp8E17kyXu for <nfsv4@ietfa.amsl.com>; Wed, 17 Aug 2022 04:24:55 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE999C1527A6 for <nfsv4@ietf.org>; Wed, 17 Aug 2022 04:24:54 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id j8so23955260ejx.9 for <nfsv4@ietf.org>; Wed, 17 Aug 2022 04:24:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=b8Bm0fSPLIQA/M6+MRxys4XhhCKzLwhvOE1oeiCVdwA=; b=NmcIR91SDEOff6B496U3XIFInmW0hZamgbk2TGLh2knhT4MyM4g561KtV/JKowWO7n a58+8ilz6xAtFWv+AfboqE03T0QdiMs1M4lx3SoyKkJMBSYJScQOiC8xbU5jOck3djFt cj7PGaYpIfLHf9g3cN4NBpfhMhvnWFQbl1C13ibSO20V5s2WpO1aOS9In9uEbQUEcwlO kJ7XMUSijtZwmIJjlUSR88jt+01J/P6kOF+1qpJ29HQxd98fv8sTVan3yWl33DOMtDn4 Gw2oOtL+o6Kznud+iqfQXzm87BJun+Qzz4PJEb9yxNfWwV+eKQEI7ToFyqhW5Qum0LuT 0sXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=b8Bm0fSPLIQA/M6+MRxys4XhhCKzLwhvOE1oeiCVdwA=; b=RNNAMmL2eN4LFtwxYkN5fJTRsoX4IzvDFAW0pPqBxdUvRay5JifRO3Pq+5Ixol8BpY gNo7bkayPUrwlxu29C+lHgPHm9uEWrOTxqUfE6X6SaaLlrr4honzemzXf/sobc1c54Q9 Gs4QG3cVTsVwebSCVj+QmNXIRlwRCIDk8q2giXbpCUMPu9jR8ZCuZVAloJ1+2RS6Chu8 k6IMYnly9AoFF5R8AJF/eRlY3emf5uBaPjixpVludHulCH7Nh6F2eurwva9+1MT1exl9 mfPTbCWAjujivB7UDhn+TwkGGaQ1n5mG59X+NrUD5dP159W5rPTXxIgpE9lUTFQ1GbGe AFYw==
X-Gm-Message-State: ACgBeo3vwqjWOcy6oR394N3iwu8D7OVjb0T4GONM0tjKOCWNzHn0Tgd9 KuFXt0SbyrF7P/DjwCTC90FSiuO1ky/YqgmFaHDwyeTM
X-Google-Smtp-Source: AA6agR5NGkjW/Og9xYciymP8uYx+6O2cmgPi5eI+n49Y5thtHGx9qCWAU3x3n5cgkR8+an64TWr95jOD4GELEMyxaTI=
X-Received: by 2002:a17:906:9b16:b0:730:d5f4:d44a with SMTP id eo22-20020a1709069b1600b00730d5f4d44amr16120065ejc.630.1660735492848; Wed, 17 Aug 2022 04:24:52 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR06MB5597E737F236E8E35C02380FE18C9@MN2PR06MB5597.namprd06.prod.outlook.com> <20220726022100.GD30255@kduck.mit.edu> <CADaq8jfb0Ecbh-3AUW=wMJCT4yu1GwUX+y50cYNrZfRRHc8Dhg@mail.gmail.com> <MN2PR19MB4045F9FDDDD501D798B3B8A9839A9@MN2PR19MB4045.namprd19.prod.outlook.com> <YQBPR0101MB97426A8AF9FAF18186C495B8DD9D9@YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM> <MN2PR19MB4045965236195D2DC755CDF7839D9@MN2PR19MB4045.namprd19.prod.outlook.com> <CADaq8jc4HEMMK7o0_0jPU-X-gkceQQ+uZ9Vj_Xg0VknhzKBoTg@mail.gmail.com>
In-Reply-To: <CADaq8jc4HEMMK7o0_0jPU-X-gkceQQ+uZ9Vj_Xg0VknhzKBoTg@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Wed, 17 Aug 2022 07:24:40 -0400
Message-ID: <CADaq8jfzzqOYgXJ7PEyqz+5xX8feUomFFGaHoPDDBEVFEVUjxw@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001e1d5005e66e1db9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/9eaxFOZ2pSAa7fRGPQCiH_HTcIM>
Subject: Re: [nfsv4] My probable non-participation in IETF114 meeting -- missing agenda items
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 11:24:59 -0000
In attempting to rewrite section 12 on an as-implemented basis, I find I need some information about how existing servers and clients deal with internationalized domain names. With regard to servers, I need to know how they deal with domain strings beginning with "xn--": - do they simply treat such strings as presented, ignoring the Idna convention? - do they translate the portion past "--" from punycode to Unicode? - do they follow the recommended approach in rfc7530 (unlikely but possible) Also need to know what checks are done for label validity. In particular, how/if checks for valid UTF-8 are done. With regard to clients, need to know if any generate domain strings beginning with "xn--. On Tue, Aug 9, 2022, 11:06 AM David Noveck <davenoveck@gmail.com> wrote: > > > On Tue, Aug 2, 2022, 9:33 AM Black, David <David.Black@dell.com> wrote: > >> >>> As a result, the domain string returned on a GETATTR of >> >>> the user id MUST be the same as that used when setting the >> >>> user id by the SETATTR. >> >> >> >>I would expect server implementations to do exactly that, but it'd be >> good >to check - would compliance with that "MUST" be a problem for any >> >known implementations? >> >> >> >>If so, please explain how the GETATTR and SETATTR user id values could >> >differ. >> > For the FreeBSD name<->id mapping daemon, the domain string is >> > considered to be case independent. >> > i.e., UoGuelph.ca is considered the same as uoguelph.ca >> > I think I did this because that is how DNS host domain names have >> > traditionally been handled. >> > > It appears they can't be now. How disruptive would it be to change this > for ASCII names? > >> >> Unfortunately, the concept of case independence is significantly more >> complex in Unicode. > > > It is not only more complex. You cannot do case conversion using the text > string alone. > > A common example is that in ASCII, 'i' is the lower-case counterpart of >> 'I', but that's not always the case for Unicode, e.g., in Turkish, the >> lower case counterpart of 'I' is U+0131 (&inodot), LATIN SMALL LETTER >> DOTLESS I (https://en.wikipedia.org/wiki/Dotless_I), and applying ASCII >> case independence produced incorrect results, as there are words in Turkish >> that differ only in dotted-i vs. dotless-i. >> >> The "method one" that is proposed for elimination dealt with Unicode case >> insensitivity via use of ToASCII and ToUnicode - Unicode case mapping is >> buried in the NAMEPREP step. Unfortunately, the entire NAMEPREP framework >> (including those mechanisms) is obsolete for a number of good reasons, >> including its dependence on a specific version of Unicode. Case >> insensitivity of domain names has been moved to input processing, as >> indicated by this item in Appendix A of RFC 5891 ( >> https://datatracker.ietf.org/doc/html/rfc5891#appendix-A): > > > Method one has to go. > > >> >> 4. Remove the mapping and normalization steps from the protocol and >> have them, instead, done by the applications themselves, >> possibly in a local fashion, before invoking the protocol. >> > > This doesn't address cases in which the domain name is formulated by the > server. There is no obvious "application" on the server. The important > case is multiple domains in multi-server namespace. > > >> For NFS, the likely upshot is that language/locale-dependent (case) >> mapping and normalization has to be done by the client or code above it. > > > That works for mount and the client side of referrals. To deal with this > in full, we should simply say the protocol does modify the domain to either > an equivalent one with a changed case or a canonically equivalent one. > > ASCII case insensitivity would be safe for a server that enforces a >> restriction to 7-bit ASCII, but it's not safe in general for UTF-8. >> > > Yes but not sure what spec should say about that case > > > >> Thanks, --David. > > > Thanks for the guidance. Will provide an updated section for discussion > in about a week. After that, will try to produce internationalization-02. > >> >> -----Original Message----- >> From: Rick Macklem <rmacklem@uoguelph.ca> >> Sent: Monday, August 1, 2022 8:37 PM >> To: Black, David; David Noveck >> Cc: NFSv4 >> Subject: Re: [nfsv4] My probable non-participation in IETF114 meeting -- >> missing agenda items >> >> >> [EXTERNAL EMAIL] >> >> Black, David <David.Black=40dell.com@dmarc.ietf.org> wrote: >> >Dave, >> > >> >> The core issue derives from the following text in RFC7530: >> > >> >[ ... SNIP ...] >> > >> >> The above text was suggested by David Black based on discussions with >> internationalization experts, and had no problems getting accepted by the >> IESG. >> > >> >In light of what has (not) transpired since then ... >> > >> >> The first method references RFC 3490, now obsolete, so cannot be >> transferred to a new NFSv4 internationalization document >> >> >> >> This reference should, almost certainly, not have appeared in RFC7530, >> but I'm not sure how it was approved. >> >> >> >> It seems very unlikely that the first method was ever implemented by >> any NFSv4 server, despite the fact it is recommended above. >> > >> >... while I could patch the text to deal with RFC 3490 being obsolete, I >> think "running code" wins this one ... i.e., I suggest that the WG proceed >> to: >> > >> >> - eliminate the use of method one. >> > >> >That creates a small item to deal with, as method 2 contains a "MUST" >> >requirement that would apply to all implementations: >> > >> > >> >> As a result, the domain string returned on a GETATTR of >> >> >> the user id MUST be the same as that used when setting the >> >> >> user id by the SETATTR. >> > >> >I would expect server implementations to do exactly that, but it'd be >> good >to check - would compliance with that "MUST" be a problem for any >> >known implementations? >> > >> >If so, please explain how the GETATTR and SETATTR user id values could >> >differ. >> For the FreeBSD name<->id mapping daemon, the domain string is >> considered to be case independent. >> ie. UoGuelph.ca is considered the same as uoguelph.ca >> I think I did this because that is how DNS host domain names have >> traditionally been handled. >> >> rick >> >> Thanks, --David >> >> From: nfsv4 <nfsv4-bounces@ietf.org> On Behalf Of David Noveck >> Sent: Thursday, July 28, 2022 9:57 AM >> To: Benjamin Kaduk >> Cc: Noveck, David; NFSv4 >> Subject: Re: [nfsv4] My probable non-participation in IETF114 meeting -- >> missing agenda items >> >> >> [EXTERNAL EMAIL] >> The core issue derives from the following text in RFC7530: >> >> >> string sent SHOULD be in the form of one or more U-labels as >> >> defined by [RFC5890 [datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc5890__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVR6jQoVSp$>]. >> If that is impractical, it can instead be in >> >> the form of one or more LDH labels [RFC5890 [datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc5890__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVR6jQoVSp$>] >> or a UTF-8 domain name >> >> that contains labels that are not properly formatted U-labels. The >> >> receiver needs to be able to accept domain and server names in any of >> >> the formats allowed. The server MUST reject, using the error >> >> NFS4ERR_INVAL, a string that is not valid UTF-8, or that contains an >> >> ASCII label that is not a valid LDH label, or that contains an >> >> XN-label (begins with "xn--") for which the characters after "xn--" >> >> are not valid output of the Punycode algorithm [RFC3492 [ >> datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3492__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVR8HVeyrh$ >> >]. >> >> >> >> When a domain string is part of id@domain or group@domain, there are >> >> two possible approaches: >> >> 1. The server treats the domain string as a series of U-labels. In >> >> cases where the domain string is a series of A-labels or >> >> Non-Reserved LDH (NR-LDH) labels, it converts them to U-labels >> >> using the Punycode algorithm [RFC3492 [datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3492__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVR8HVeyrh$>]. >> In cases where the >> >> domain string is a series of other sorts of LDH labels, the >> >> server can use the ToUnicode function defined in [RFC3490 [ >> datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3490__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVRw5pOT9y$>] >> to >> >> convert the string to a series of labels that generally conform >> >> to the U-label syntax. In cases where the domain string is a >> >> UTF-8 string that contains non-U-labels, the server can attempt >> >> to use the ToASCII function defined in [RFC3490 [ >> datatracker.ietf.org]< >> https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3490__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVRw5pOT9y$>] >> and then the >> >> ToUnicode function on the string to convert it to a series of >> >> labels that generally conform to the U-label syntax. As a >> >> result, the domain string returned within a user id on a GETATTR >> >> may not match that sent when the user id is set using SETATTR, >> >> although when this happens, the domain will be in the form that >> >> generally conforms to the U-label syntax. >> >> >> >> 2. The server does not attempt to treat the domain string as a >> >> series of U-labels; specifically, it does not map a domain string >> >> that is not a U-label into a U-label using the methods described >> >> above. As a result, the domain string returned on a GETATTR of >> >> the user id MUST be the same as that used when setting the >> >> user id by the SETATTR. >> >> >> >> A server SHOULD use the first method. >> >> >> >> >> >> >> The above text was suggested by David Black based on discussions with >> internationalization experts, and had no problems getting accepted by the >> IESG. >> . >> >> The first method references RFC 3490, now obsolete, so cannot be >> transferred to a new NFSv4 internationalization document >> >> This reference should, almost certainly, not have appeared in RFC7530, >> but I'm not sure how it was approved. >> >> It seems very unlikely that the first method was ever implemented by any >> NFSv4 server, despite the fact it is recommended above. >> >> The basis of the recommendation is quite unclear and it is not easy to >> determine a situation in which the use of the first method would be >> needed/desirable. Further, the use of "SHOULD" leaves unanswered the >> question of what are valid reasons to bypass the recommendation. >> >> The existing handling is not transferrable to other NFSv4. We need to >> do one of the following: >> >> - eliminate the use of method one. >> >> - provide an alternative the process in method 1 that does not depend >> on RFC3490. >> >> >> >> On Mon, Jul 25, 2022, 10:21 PM Benjamin Kaduk <kaduk@mit.edu<mailto: >> kaduk@mit.edu>> wrote: >> Hi David, >> >> On Mon, Jul 18, 2022 at 01:05:25PM +0000, Noveck, David wrote: >> > >> > * draft-ietf-nfsv4-internationalization is now expired. In order >> to get it anywhere wglc, I have to address the issues in section 12. >> > >> > I haven't been able to get idna information from the working group or >> the internationalization people. Please provide viable sources on email. >> Ifno willing experts are to be found, will need to do further research and >> may have to update 7530 to not support idna, if that is possible. >> >> While I don't consider myself an internationalization person, I do know a >> few who would probably qualify. Please forgive my only sporadic >> attentiveness to this list -- is there a clean summary of the open issues >> that I could send to people and ask for help? >> >> Thanks, >> >> Ben >> >> _______________________________________________ >> nfsv4 mailing list >> nfsv4@ietf.org<mailto:nfsv4@ietf.org> >> >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/nfsv4__;!!LpKI!j7NGRO1t2zpt74VohXnTaCVcI5yF4q6IlWSmly-txDjG1Zsps-m41aBflmY1EC2eDKCuH3y92J99lxNwrwyZXw$ >> [ietf[.]org] [ietf.org]< >> https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/nfsv4__;!!LpKI!gD1BRtFwwUpp8etNt74yc4T_v57MvYaRpGrXsWpU9X61X1wbdZB1UvN3ftbQldXRpIblsAw3UTPVR46uD3g8$ >> >p >> >
- [nfsv4] My probable non-participation in IETF114 … Noveck, David
- Re: [nfsv4] My probable non-participation in IETF… Benjamin Kaduk
- Re: [nfsv4] My probable non-participation in IETF… David Noveck
- Re: [nfsv4] My probable non-participation in IETF… Black, David
- Re: [nfsv4] My probable non-participation in IETF… Rick Macklem
- Re: [nfsv4] My probable non-participation in IETF… Black, David
- Re: [nfsv4] My probable non-participation in IETF… David Noveck
- Re: [nfsv4] My probable non-participation in IETF… David Noveck
- Re: [nfsv4] My probable non-participation in IETF… Chuck Lever III
- Re: [nfsv4] My probable non-participation in IETF… Chuck Lever III