IETF Logo Mail Archive

Re: [OPSAWG] Last Call Review of draft-ietf-opsawg-mud-acceptable-urls-10

Christian Huitema <huitema@huitema.net> Fri, 01 March 2024 01:48 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 264F5C14F698 for <opsawg@ietfa.amsl.com>; Thu, 29 Feb 2024 17:48:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ld4lncu_HkH for <opsawg@ietfa.amsl.com>; Thu, 29 Feb 2024 17:48:57 -0800 (PST)
Received: from out13-27.antispamcloud.com (out13-27.antispamcloud.com [185.201.17.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D556C14F694 for <opsawg@ietf.org>; Thu, 29 Feb 2024 17:48:57 -0800 (PST)
Received: from xse2.mail2web.com ([66.113.196.2] helo=xse.mail2web.com) by mx193.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rfs14-00A2S8-Kh for opsawg@ietf.org; Fri, 01 Mar 2024 02:48:54 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4Tm9ww0qNRz4lZ for <opsawg@ietf.org>; Thu, 29 Feb 2024 17:48:48 -0800 (PST)
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rfs11-0006zV-VW for opsawg@ietf.org; Thu, 29 Feb 2024 17:48:48 -0800
Received: (qmail 31725 invoked from network); 1 Mar 2024 01:48:47 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.56.169.138]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mcr@sandelman.ca>; 1 Mar 2024 01:48:47 -0000
Message-ID: <42974dd9-f50a-445b-8b26-0cf4204dca33@huitema.net>
Date: Thu, 29 Feb 2024 17:48:46 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Michael Richardson <mcr@sandelman.ca>
Cc: Eliot Lear <lear@lear.ch>, "opsawg@ietf.org" <opsawg@ietf.org>, draft-ietf-opsawg-mud-acceptable-urls@ietf.org
References: <8a2c556a-905b-46f9-926c-03f09ed98f32@lear.ch> <66588cac-0f33-4924-920f-6b4dbd5c2964@huitema.net> <20112.1709249460@obiwan.sandelman.ca>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <20112.1709249460@obiwan.sandelman.ca>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: 66.113.196.2
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9DBpy9b9aE8fvKiYbpyfcOPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zW1cVNaPy0Svy7+rHdNzP342UuDhyzVYcwl2RB+0Aaetwv 4QZwicGqQxlRozl1zr0h55uqY3MhMgFAHq5BxPxPXn36fLqvhISQ5ykyqUZqUd1jhnM/Mbva2XLV /LIEzaL2KoAZhJekBPedneT7f699rEueMcbwHiStu2b2gG2awIPAgTtUp75uqlx0KezvZHXQ52V4 xLohP3/oRwYuMQX8WQaaSSaRcFTFxaRvADgOuFdAU5fRzM/QzQW9/IoH33AG8ECuCwECazCwODtO F78PiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1VQ58xe/l rqiRGalI3YPsxOTrFXToVyBmRCgQVX6zVyFUu8qzeMQP6uTHL0d9UjfYgBBNGjSbbSRA1Z+Pmb5M C1YFvf25LVONYbYifH5OzZDcG6hsRQZiAIgw+z837AqgX7ewI8e1h7RITgN14BHmGVt/ReJ9Mfhz zmbKTH7wI9GEU1utNskUAORCV2WFZX0jzGZRlI8hjqXLR7nYt7cDdOkKGP9ktTEytgd2lQdzoWxJ tHgUrLTRPkiFAlGoyrfUDRojSVizNl0ce/s7u0P9b9Tml6eOMCV9kYYwkPx6ZsXvIUzTXkDAiiJi mGhLUFuSOTgtjQWHblEKb/bSn512w10o+3E43bTPPf1/B1NJ/2rZcpPgEJKLbDyaC/LdLvvYp0XB eBIPSKHd8mIWbuaa6vpVB9v9zY0h8asEYmbGGsJkWjQ4xyeNtxxq2TXT/AfNqZxkXhUY59DeWb1s 4dj5thX0XF3qP/dj48psOHFCwviQxKSBCGH0S84CnKX/NUAV3jR5NeVaJQBh0uawl0Cg8nrgSS6D 7FozWS6JHKREtqdEPzY64lXv2dr2sny4a4Sj0cqzvWDlDrFILmNCVZ/264kd2x35zAiBFPp64JaI ysAWfpirH8g1GOR1IFGt5BWm
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/J7abV7EJEMjiP80ZwNLcWqqQczQ>
Subject: Re: [OPSAWG] Last Call Review of draft-ietf-opsawg-mud-acceptable-urls-10
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 01:48:59 -0000


On 2/29/2024 3:31 PM, Michael Richardson wrote:
> 
> Christian, I don't know if I am understanding your shotgun parser comment
> right.  My understanding is that I have unwittingly invoked one via my
> informal description how URLs should be matched, and that this is something
> to avoid.
> 
> I have written the following diff:
> 
> https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/3/files#diff-7aca3461cf4d4087c17882e209f0b93f8c2b26fafa0d9a985555b097db3ea3ceR266-R272
> 
> which essentially says:
>        Section 3.3 of {{RFC3986}} explains how the different parts of the URL are
>        described.
>        As explained in that section, a _path_ component consists of a series of
>        _segment_ seperated by slash ("/") characters.
>        The new URL is considered acceptable if it contains the same series of
>        segments in its path, excepting that the last segment may be different.
> 
> I have further created headings for "Small Changes to MUD URL" and "Big Changes
> to MUD URL" to explain the two mechanisms.  I hadn't really thought of it as
> two mechanisms, but it's a good observation.

Yes, your new text is fine. The whole point is that one should not push 
developers to do random things like "first / from the right". Their 
parsers should be driven by the syntax, otherwise bad things will happen.
> 
> I'm not sure if this rewrite is what you had in mind.
> I struggled with this for a few days now thinking that you were asking for
> something much more formal, but finally came to this short description.
> Does it work for you?
> 
> As for your comments about signature verification, I have made some small
> changes at:
> 
> https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/4/files
> 
> I hope to hear from you soonish if you are happy or unhappy with these
> changes, and I'll post a new version on Friday March 1.

I did approve those changes in GitHub. The draft looks better now... 
Once you have a version N+1, I will update my review. But I am not sure 
I can do this before Monday evening, as I will be traveling.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email