Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
Adam Roach <adam@nostrum.com> Wed, 28 February 2018 00:19 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5762F12EAC9; Tue, 27 Feb 2018 16:19:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTjSAgCSn71m; Tue, 27 Feb 2018 16:19:50 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9274812EAC2; Tue, 27 Feb 2018 16:19:50 -0800 (PST)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w1S0JmHE045821 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 27 Feb 2018 18:19:49 -0600 (CST) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "Schmidt, Charles M." <cmschmidt@mitre.org>
Cc: The IESG <iesg@ietf.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "draft-ietf-sacm-nea-swima-patnc@ietf.org" <draft-ietf-sacm-nea-swima-patnc@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
References: <151928167126.21076.15537610321013993844.idtracker@ietfa.amsl.com> <DM5PR0901MB23759B20B46CEC124F38B7EFABC00@DM5PR0901MB2375.namprd09.prod.outlook.com> <CAHbuEH533drhP=JiDLww5isHXrHVbc1O4WNGx01J8ARWtW7GPg@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <73a19d55-1c62-5129-1c27-fcdfddef96ca@nostrum.com>
Date: Tue, 27 Feb 2018 18:19:48 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAHbuEH533drhP=JiDLww5isHXrHVbc1O4WNGx01J8ARWtW7GPg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/fcZ9I5SoUvW_w2h4b63PuBTTCdA>
Subject: Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 00:19:53 -0000
Yes, the latest version addresses my concerns. Thanks to the authors for a rapid turn-around on these edits! /a On 2/27/18 3:55 PM, Kathleen Moriarty wrote: > Adam, > > Please confirm if you agree your comments have been addressed. > > Thank you! > Kathleen > > On Tue, Feb 27, 2018 at 4:51 PM, Schmidt, Charles M. > <cmschmidt@mitre.org> wrote: >> Hello, >> >> Thanks a bunch for the feedback. I agree with your comments and believe they are addressed in the new (-03) draft. >> >> Thank you, >> Charles >> >>> -----Original Message----- >>> From: Adam Roach [mailto:adam@nostrum.com] >>> Sent: Thursday, February 22, 2018 1:41 AM >>> To: The IESG <iesg@ietf.org> >>> Cc: draft-ietf-sacm-nea-swima-patnc@ietf.org; sacm@ietf.org; Karen >>> O'Donoghue <odonoghue@isoc.org>; sacm-chairs@ietf.org; >>> odonoghue@isoc.org; sacm@ietf.org >>> Subject: Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: >>> (with COMMENT) >>> >>> Adam Roach has entered the following ballot position for >>> draft-ietf-sacm-nea-swima-patnc-02: No Objection >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swima-patnc/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> >>> Thanks for everyone's work on this document. I support Ben's DISCUSS, his >>> concerns regarding the treatment of privacy in §8, and EKR's concerns >>> regarding the phrasing "not generally considered to be sensitive." >>> >>> I also have a few very important comments about this document's >>> handling of URIs. >>> >>> §3.4.4: >>>> The location is expressed as a URI string consisting of a scheme and >>>> path. [RFC3986] The location URI does not include an authority part. >>>> The URI schema describes the context of the described location. For >>>> example, in most cases the location of the installed software product >>>> will be expressed in terms of its path in the filesystem. For such >>>> locations, the location URI scheme MUST be "file" or the URI MUST >>>> appear without a scheme. (I.e., "file" is default scheme.) It is >>>> possible that other schemes could be used to represent other location >>>> contexts. Apart from reserving the "file" scheme, this specification >>>> does not reserve schemes. When representing software products in >>>> other location contexts, tools MUST be consistent in their use of >>>> schemes, but the exact string used in those schemes is not >>>> normatively defined here. >>> Please cite RFC 8098 in this paragraph. >>> >>> Saying that a URI can appear without a scheme is at least confusing and >>> probably >>> ambiguous. For example, I can't tell which of the following syntaxes are >>> expected and/or allowed: >>> >>> 1. :///Applications/TurnipTwaddler >>> 2. ///Applications/TurnipTwaddler >>> 3. /Applications/TurnipTwaddler >>> >>> Read literally, the quoted paragraph describes the first. It probably means to >>> describe the second (maybe?), but I suspect some implementors will >>> interpret >>> it as the third. >>> >>> This becomes even more problematic for Windows, where it might be >>> interpreted >>> to mean any of *four* things (where the final one is clearly wrong due to >>> potential confusion between drive letters and URI schemes -- but which I'm >>> sure will be implemented if not clearly spelled out): >>> >>> 1. :///C:/Program%20Files/TurnipTwaddler >>> 2. ///C:/Program%20Files/TurnipTwaddler >>> 3. /C:/Program%20Files/TurnipTwaddler >>> 4. C:/Program%20Files/TurnipTwaddler >>> >>> To be clear, whatever you define in this document cannot allow the omission >>> of a >>> scheme to result in Form #4 above, as this is syntactically ambiguous. >>> >>> It also probably bears reiterating that omitting the "file" scheme from a URI >>> doesn't exempt it from encoding according to RFC 8089 section 4 (e.g., >>> including an unescaped space, as in "Program Files", would be syntactically >>> invalid). >>> >>> Finally, I question the assertion that "The location URI does not include an >>> authority part." It's been a while since I used Windows on a regular basis, but >>> my recollection is that files -- including applications -- can be accessed from >>> a CIFS filesystem without associating a local mount point with them. It would >>> be >>> impossible to describe the location of such applications if the authority is >>> required to be omitted. It is easy to anticipate that future iterations of, >>> e.g., Linux may have similar properties. (Popular desktops already allow >>> userland access of files on unmounted access using full URIs, which >>> necessarily >>> include authority components; it is not far-fetched to imagine that this >>> functionality might be incorporated into the kernel at some point). >>> >>> --------------------------------------------------------------------------- >>> >>> The following appears in several places: >>> >>>> | Software | A string containing the Software Locator value. | >>>> | Locator | This is expressed as a URI. This field value | >>>> | | MUST be normalized to Network Unicode format as | >>>> | | described in Section 3.4.4. This string MUST NOT | >>>> | | be NULL terminated. | >>> Section 3.4.4 doesn't describe the use of Network Unicode format, so this >>> text >>> is confusing. I'll note that file URIs are generally going to be percent >>> encoded, so they shouldn't contain any non-ASCII characters. Section 4 of >>> RFC >>> 8089 deals with encoding considerations for file URIs. Other URIs have their >>> own >>> encoding considerations, and it would be somewhat ambitious for this >>> document to >>> take on any encoding specification above and beyond what is already >>> defined for >>> each scheme. >>> >>> > >
- [sacm] Adam Roach's No Objection on draft-ietf-sa… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Ted Hardie
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty