Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 28 February 2018 01:45 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D610127775; Tue, 27 Feb 2018 17:45:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OoCuzsEIUXU; Tue, 27 Feb 2018 17:45:40 -0800 (PST)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBCDA12DA11; Tue, 27 Feb 2018 17:45:22 -0800 (PST)
Received: by mail-qt0-x234.google.com with SMTP id r16so1087652qtm.4; Tue, 27 Feb 2018 17:45:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1EnFAo4H620efMSO5Rw6D6HRamW3aD5NJJjZy9hb6e0=; b=Ie/D4x9S0kfbSu+3PVkgdDOJ4BowP08QveRLYLHZTSQyt0jMkuN4Pjm6TzfsbqXAEv XmhcXVanFzDRrVjpaBmqsE8bZ3LLpy+6LcLlhyvkmvv7eYYv0DaRSutev2x11t+yHglF 8fRnsO9/yxI+Nzr1bjK0hDA7/8DklpSVgikmXLCNpkqPtj2d6Tn2PJUddQswoawn6zC/ CXE/eyZ7G7If+iDTAEXZy+zKTIUq/88AZzKqmUFygC2n6dxz/UGppKkNx0r5eVXDSnHb tVBEZ45tbmQa/gvpl87EVnZwkJ1FtH3Tmbo5K2XkIfu1fYuklVh8A3R9qarAsU0Z+r1h V3HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1EnFAo4H620efMSO5Rw6D6HRamW3aD5NJJjZy9hb6e0=; b=PhWgVb4mggYKww6CkVXpM9oNWLPqODneJQKFrYpYuw5vhKOcgbNKs0ATpdRIVDJVqg ziGU275H5cO0ZAQgu2sQp4IPlOK+dD+UVMBpG9QcP0rsVR2Ew4RUagR4V/ybuPYVqXCD DDdN6tlKbTCPyRG3zx8AMinCz5TqLM2T+H4osJ1UcUGLIRmaM9PxCo19fmR7einaHAbq H3Vu732HCw3HCQYm7OOzGm/Hzz23f2fiA4kzlxRNGzPOZxzX/3YLZ5JSZLhE/Ep8kL9Z aKG9MVxoANazk+d4BTlXeQXWPiPtVZwoFvhWNWvqzM2d5o7UEYEW49GQ2MsITyg16HQA ZKtA==
X-Gm-Message-State: APf1xPB4vmjZ+3xp46ZHsYuNeGO+Ue2XK02aT0w7H8kBV9ynGJTddFJ1 8CHyNlPkItfqTS4znudsKDUovATD
X-Google-Smtp-Source: AG47ELsgtJV1NgymGiM45rZbEEJwtzM3IM/dyNXmWJXbVkR9qAA/CYH2165a75whipYSukMS91SYPQ==
X-Received: by 10.200.26.55 with SMTP id v52mr22645816qtj.53.1519782321753; Tue, 27 Feb 2018 17:45:21 -0800 (PST)
Received: from [192.168.1.219] (209-6-112-84.s338.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [209.6.112.84]) by smtp.gmail.com with ESMTPSA id p4sm372784qtd.55.2018.02.27.17.45.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Feb 2018 17:45:21 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: iPhone Mail (15D100)
In-Reply-To: <73a19d55-1c62-5129-1c27-fcdfddef96ca@nostrum.com>
Date: Tue, 27 Feb 2018 20:45:20 -0500
Cc: "Schmidt, Charles M." <cmschmidt@mitre.org>, The IESG <iesg@ietf.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "draft-ietf-sacm-nea-swima-patnc@ietf.org" <draft-ietf-sacm-nea-swima-patnc@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C6316533-863B-4750-98E2-4D1E866109FD@gmail.com>
References: <151928167126.21076.15537610321013993844.idtracker@ietfa.amsl.com> <DM5PR0901MB23759B20B46CEC124F38B7EFABC00@DM5PR0901MB2375.namprd09.prod.outlook.com> <CAHbuEH533drhP=JiDLww5isHXrHVbc1O4WNGx01J8ARWtW7GPg@mail.gmail.com> <73a19d55-1c62-5129-1c27-fcdfddef96ca@nostrum.com>
To: Adam Roach <adam@nostrum.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/uxZq1Dkcf5ZwuYJxPoqAWcv8yqA>
Subject: Re: [sacm] Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 01:45:42 -0000
Thank you, all! Sent from my mobile device > On Feb 27, 2018, at 7:19 PM, Adam Roach <adam@nostrum.com> wrote: > > Yes, the latest version addresses my concerns. Thanks to the authors for a rapid turn-around on these edits! > > /a > >> On 2/27/18 3:55 PM, Kathleen Moriarty wrote: >> Adam, >> >> Please confirm if you agree your comments have been addressed. >> >> Thank you! >> Kathleen >> >> On Tue, Feb 27, 2018 at 4:51 PM, Schmidt, Charles M. >> <cmschmidt@mitre.org> wrote: >>> Hello, >>> >>> Thanks a bunch for the feedback. I agree with your comments and believe they are addressed in the new (-03) draft. >>> >>> Thank you, >>> Charles >>> >>>> -----Original Message----- >>>> From: Adam Roach [mailto:adam@nostrum.com] >>>> Sent: Thursday, February 22, 2018 1:41 AM >>>> To: The IESG <iesg@ietf.org> >>>> Cc: draft-ietf-sacm-nea-swima-patnc@ietf.org; sacm@ietf.org; Karen >>>> O'Donoghue <odonoghue@isoc.org>; sacm-chairs@ietf.org; >>>> odonoghue@isoc.org; sacm@ietf.org >>>> Subject: Adam Roach's No Objection on draft-ietf-sacm-nea-swima-patnc-02: >>>> (with COMMENT) >>>> >>>> Adam Roach has entered the following ballot position for >>>> draft-ietf-sacm-nea-swima-patnc-02: No Objection >>>> >>>> When responding, please keep the subject line intact and reply to all >>>> email addresses included in the To and CC lines. (Feel free to cut this >>>> introductory paragraph, however.) >>>> >>>> >>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>>> for more information about IESG DISCUSS and COMMENT positions. >>>> >>>> >>>> The document, along with other ballot positions, can be found here: >>>> https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swima-patnc/ >>>> >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> COMMENT: >>>> ---------------------------------------------------------------------- >>>> >>>> Thanks for everyone's work on this document. I support Ben's DISCUSS, his >>>> concerns regarding the treatment of privacy in §8, and EKR's concerns >>>> regarding the phrasing "not generally considered to be sensitive." >>>> >>>> I also have a few very important comments about this document's >>>> handling of URIs. >>>> >>>> §3.4.4: >>>>> The location is expressed as a URI string consisting of a scheme and >>>>> path. [RFC3986] The location URI does not include an authority part. >>>>> The URI schema describes the context of the described location. For >>>>> example, in most cases the location of the installed software product >>>>> will be expressed in terms of its path in the filesystem. For such >>>>> locations, the location URI scheme MUST be "file" or the URI MUST >>>>> appear without a scheme. (I.e., "file" is default scheme.) It is >>>>> possible that other schemes could be used to represent other location >>>>> contexts. Apart from reserving the "file" scheme, this specification >>>>> does not reserve schemes. When representing software products in >>>>> other location contexts, tools MUST be consistent in their use of >>>>> schemes, but the exact string used in those schemes is not >>>>> normatively defined here. >>>> Please cite RFC 8098 in this paragraph. >>>> >>>> Saying that a URI can appear without a scheme is at least confusing and >>>> probably >>>> ambiguous. For example, I can't tell which of the following syntaxes are >>>> expected and/or allowed: >>>> >>>> 1. :///Applications/TurnipTwaddler >>>> 2. ///Applications/TurnipTwaddler >>>> 3. /Applications/TurnipTwaddler >>>> >>>> Read literally, the quoted paragraph describes the first. It probably means to >>>> describe the second (maybe?), but I suspect some implementors will >>>> interpret >>>> it as the third. >>>> >>>> This becomes even more problematic for Windows, where it might be >>>> interpreted >>>> to mean any of *four* things (where the final one is clearly wrong due to >>>> potential confusion between drive letters and URI schemes -- but which I'm >>>> sure will be implemented if not clearly spelled out): >>>> >>>> 1. :///C:/Program%20Files/TurnipTwaddler >>>> 2. ///C:/Program%20Files/TurnipTwaddler >>>> 3. /C:/Program%20Files/TurnipTwaddler >>>> 4. C:/Program%20Files/TurnipTwaddler >>>> >>>> To be clear, whatever you define in this document cannot allow the omission >>>> of a >>>> scheme to result in Form #4 above, as this is syntactically ambiguous. >>>> >>>> It also probably bears reiterating that omitting the "file" scheme from a URI >>>> doesn't exempt it from encoding according to RFC 8089 section 4 (e.g., >>>> including an unescaped space, as in "Program Files", would be syntactically >>>> invalid). >>>> >>>> Finally, I question the assertion that "The location URI does not include an >>>> authority part." It's been a while since I used Windows on a regular basis, but >>>> my recollection is that files -- including applications -- can be accessed from >>>> a CIFS filesystem without associating a local mount point with them. It would >>>> be >>>> impossible to describe the location of such applications if the authority is >>>> required to be omitted. It is easy to anticipate that future iterations of, >>>> e.g., Linux may have similar properties. (Popular desktops already allow >>>> userland access of files on unmounted access using full URIs, which >>>> necessarily >>>> include authority components; it is not far-fetched to imagine that this >>>> functionality might be incorporated into the kernel at some point). >>>> >>>> --------------------------------------------------------------------------- >>>> >>>> The following appears in several places: >>>> >>>>> | Software | A string containing the Software Locator value. | >>>>> | Locator | This is expressed as a URI. This field value | >>>>> | | MUST be normalized to Network Unicode format as | >>>>> | | described in Section 3.4.4. This string MUST NOT | >>>>> | | be NULL terminated. | >>>> Section 3.4.4 doesn't describe the use of Network Unicode format, so this >>>> text >>>> is confusing. I'll note that file URIs are generally going to be percent >>>> encoded, so they shouldn't contain any non-ASCII characters. Section 4 of >>>> RFC >>>> 8089 deals with encoding considerations for file URIs. Other URIs have their >>>> own >>>> encoding considerations, and it would be somewhat ambitious for this >>>> document to >>>> take on any encoding specification above and beyond what is already >>>> defined for >>>> each scheme. >>>> >>>> >> >> >
- [sacm] Adam Roach's No Objection on draft-ietf-sa… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Ted Hardie
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty
- Re: [sacm] Adam Roach's No Objection on draft-iet… Schmidt, Charles M.
- Re: [sacm] Adam Roach's No Objection on draft-iet… Adam Roach
- Re: [sacm] Adam Roach's No Objection on draft-iet… Kathleen Moriarty