Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 27 February 2018 21:56 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CE1612E045; Tue, 27 Feb 2018 13:56:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iIL4NL5bvgB9; Tue, 27 Feb 2018 13:56:30 -0800 (PST)
Received: from mail-ot0-x235.google.com (mail-ot0-x235.google.com [IPv6:2607:f8b0:4003:c0f::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E323B126B6D; Tue, 27 Feb 2018 13:56:29 -0800 (PST)
Received: by mail-ot0-x235.google.com with SMTP id l12so352400otj.7; Tue, 27 Feb 2018 13:56:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+Lwkt7vXUORB6EkQ4HeYa/uYn4jo36gHyQiREYNLB2k=; b=qF9uRIGNmA1c/Sn9jlcoE4boscQTzppBytSQ4L6I45z1M2jtngXVTisfkPsNNNs8qI 9s0eNE/q5PFKfeYplnFpANw1Dk5lRrRBGIv2sLmcb/ZNDTr4vqwA4McfE5Zcn5oOkDEx RHqS/dtE21RM5ja5709YO2E+lnGj0Pswwpw00Qp5+glhV5ExjEjDDevLublWOQE6ZPzF XxzAQOwznHp3QgngDRyeNOBPZzNyDCjBfLYXYwHjzq6xnoflpx/2vgac44yRecivuvRd 9G20Nc1ueThtOPjbHY/ICtJYTBufDCkf3KeQvqEbwhS1yxJlX1/zTURcbkeLWDJyolq2 Wg4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+Lwkt7vXUORB6EkQ4HeYa/uYn4jo36gHyQiREYNLB2k=; b=VGxTrD39RmMGqKpd5z03ILn76Eea+ROZ7pBjWu4tqH4qZ8Tt1S2z/1BALqiXc1rGHy +v2GiDVMlwFm5lqnLEGhX8xcnUlVM3cagioZw9akFu84sJrCXSHHl8Zrv2IiIjI8MN1F 77Xm2pynfFhClIuDVxAw48QLeVsdBmv9P4qTzjl5Ry2qBIGXv4JvxMAM8YrWaVChKpzH WnvaSliKzJ7SIyoqNRPSQq4c7veKNpQoPuGPToejw7Ga1uZik/OUAoSf2GA2EQVSaK3a t7pMVQxxFtNbhTOjHMwL85KxF624swfcUHsiYKJImOJNfHlGQl+wjVs/Fy4+tJRp+W7E N4Yw==
X-Gm-Message-State: APf1xPArjajZXWkomp6wfNXss7W6TJp1/UxVIqZ89Tn0lXv2TmA5oz/N Ov1ZoVMBhiALlAO8wqXFe3mAKt90tMbononrH1I=
X-Google-Smtp-Source: AG47ELsuMNqk0cNFHAaO/JXQ7xP68J6+4TlnSendCI/qfiNxHHJSxE5dSIkmCeC/k2hBzhUb7yVDILIhKl2OW1UUXFg=
X-Received: by 10.157.64.189 with SMTP id n58mr10600285ote.215.1519768589202; Tue, 27 Feb 2018 13:56:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.119 with HTTP; Tue, 27 Feb 2018 13:55:48 -0800 (PST)
In-Reply-To: <DM5PR0901MB23759B20B46CEC124F38B7EFABC00@DM5PR0901MB2375.namprd09.prod.outlook.com>
References: <151928167126.21076.15537610321013993844.idtracker@ietfa.amsl.com> <DM5PR0901MB23759B20B46CEC124F38B7EFABC00@DM5PR0901MB2375.namprd09.prod.outlook.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 27 Feb 2018 16:55:48 -0500
Message-ID: <CAHbuEH533drhP=JiDLww5isHXrHVbc1O4WNGx01J8ARWtW7GPg@mail.gmail.com>
To: "Schmidt, Charles M." <cmschmidt@mitre.org>
Cc: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "draft-ietf-sacm-nea-swima-patnc@ietf.org" <draft-ietf-sacm-nea-swima-patnc@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/IEmWEf4D2jLaj9wI0K7eTH_HYA4>
Subject: Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 21:56:33 -0000
Adam, Please confirm if you agree your comments have been addressed. Thank you! Kathleen On Tue, Feb 27, 2018 at 4:51 PM, Schmidt, Charles M. <cmschmidt@mitre.org> wrote: > Hello, > > Thanks a bunch for the feedback. I agree with your comments and believe they are addressed in the new (-03) draft. > > Thank you, > Charles > >> -----Original Message----- >> From: Adam Roach [mailto:adam@nostrum.com] >> Sent: Thursday, February 22, 2018 1:41 AM >> To: The IESG <iesg@ietf.org> >> Cc: draft-ietf-sacm-nea-swima-patnc@ietf.org; sacm@ietf.org; Karen >> O'Donoghue <odonoghue@isoc.org>; sacm-chairs@ietf.org; >> odonoghue@isoc.org; sacm@ietf.org >> Subject: Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: >> (with COMMENT) >> >> Adam Roach has entered the following ballot position for >> draft-ietf-sacm-nea-swima-patnc-02: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swima-patnc/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for everyone's work on this document. I support Ben's DISCUSS, his >> concerns regarding the treatment of privacy in §8, and EKR's concerns >> regarding the phrasing "not generally considered to be sensitive." >> >> I also have a few very important comments about this document's >> handling of URIs. >> >> §3.4.4: >> > The location is expressed as a URI string consisting of a scheme and >> > path. [RFC3986] The location URI does not include an authority part. >> > The URI schema describes the context of the described location. For >> > example, in most cases the location of the installed software product >> > will be expressed in terms of its path in the filesystem. For such >> > locations, the location URI scheme MUST be "file" or the URI MUST >> > appear without a scheme. (I.e., "file" is default scheme.) It is >> > possible that other schemes could be used to represent other location >> > contexts. Apart from reserving the "file" scheme, this specification >> > does not reserve schemes. When representing software products in >> > other location contexts, tools MUST be consistent in their use of >> > schemes, but the exact string used in those schemes is not >> > normatively defined here. >> >> Please cite RFC 8098 in this paragraph. >> >> Saying that a URI can appear without a scheme is at least confusing and >> probably >> ambiguous. For example, I can't tell which of the following syntaxes are >> expected and/or allowed: >> >> 1. :///Applications/TurnipTwaddler >> 2. ///Applications/TurnipTwaddler >> 3. /Applications/TurnipTwaddler >> >> Read literally, the quoted paragraph describes the first. It probably means to >> describe the second (maybe?), but I suspect some implementors will >> interpret >> it as the third. >> >> This becomes even more problematic for Windows, where it might be >> interpreted >> to mean any of *four* things (where the final one is clearly wrong due to >> potential confusion between drive letters and URI schemes -- but which I'm >> sure will be implemented if not clearly spelled out): >> >> 1. :///C:/Program%20Files/TurnipTwaddler >> 2. ///C:/Program%20Files/TurnipTwaddler >> 3. /C:/Program%20Files/TurnipTwaddler >> 4. C:/Program%20Files/TurnipTwaddler >> >> To be clear, whatever you define in this document cannot allow the omission >> of a >> scheme to result in Form #4 above, as this is syntactically ambiguous. >> >> It also probably bears reiterating that omitting the "file" scheme from a URI >> doesn't exempt it from encoding according to RFC 8089 section 4 (e.g., >> including an unescaped space, as in "Program Files", would be syntactically >> invalid). >> >> Finally, I question the assertion that "The location URI does not include an >> authority part." It's been a while since I used Windows on a regular basis, but >> my recollection is that files -- including applications -- can be accessed from >> a CIFS filesystem without associating a local mount point with them. It would >> be >> impossible to describe the location of such applications if the authority is >> required to be omitted. It is easy to anticipate that future iterations of, >> e.g., Linux may have similar properties. (Popular desktops already allow >> userland access of files on unmounted access using full URIs, which >> necessarily >> include authority components; it is not far-fetched to imagine that this >> functionality might be incorporated into the kernel at some point). >> >> --------------------------------------------------------------------------- >> >> The following appears in several places: >> >> > | Software | A string containing the Software Locator value. | >> > | Locator | This is expressed as a URI. This field value | >> > | | MUST be normalized to Network Unicode format as | >> > | | described in Section 3.4.4. This string MUST NOT | >> > | | be NULL terminated. | >> >> Section 3.4.4 doesn't describe the use of Network Unicode format, so this >> text >> is confusing. I'll note that file URIs are generally going to be percent >> encoded, so they shouldn't contain any non-ASCII characters. Section 4 of >> RFC >> 8089 deals with encoding considerations for file URIs. Other URIs have their >> own >> encoding considerations, and it would be somewhat ambitious for this >> document to >> take on any encoding specification above and beyond what is already >> defined for >> each scheme. >> >> > -- Best regards, Kathleen
- [sacm] Adam Roach's No Objection on draft-ietf-sa… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Ted Hardie
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty