Re: [secdir] [Uri-review] End of Last Call for draft-ietf-behave-turn-uri

"Roy T. Fielding" <fielding@gbiv.com> Fri, 13 November 2009 03:31 UTC

Return-Path: <fielding@gbiv.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49E723A69E6; Thu, 12 Nov 2009 19:31:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_37=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bPff8BZ5r+e; Thu, 12 Nov 2009 19:31:11 -0800 (PST)
Received: from spaceymail-a4.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id 75B5F3A6984; Thu, 12 Nov 2009 19:31:11 -0800 (PST)
Received: from rtf.corp.day.com (wsip-98-189-13-228.oc.oc.cox.net [98.189.13.228]) by spaceymail-a4.g.dreamhost.com (Postfix) with ESMTP id C62DF161526; Thu, 12 Nov 2009 19:31:39 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <4AFC4C7D.4040801@acm.org>
Date: Thu, 12 Nov 2009 19:31:40 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <92C70012-D3C0-4421-89F0-B9A5A619B505@gbiv.com>
References: <4AF85F9F.4060407@acm.org> <6e04e83a0911091956v7f70d9c8l54b73b40136ec0d2@mail.gmail.com> <4AFC4C7D.4040801@acm.org>
To: Marc Petit-Huguenin <petithug@acm.org>
X-Mailer: Apple Mail (2.1077)
X-Mailman-Approved-At: Sun, 15 Nov 2009 20:24:48 -0800
Cc: uri-review@ietf.org, Ted Hardie <ted.ietf@gmail.com>, "behave@ietf.org" <behave@ietf.org>, ops-dir@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] [Uri-review] End of Last Call for draft-ietf-behave-turn-uri
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2009 03:31:12 -0000

On Nov 12, 2009, at 9:57 AM, Marc Petit-Huguenin wrote:

> Hi Ted,
> 
> Ted Hardie wrote:
>> Hi Marc,
>> 
>> Thanks for the changes; I thought you had suggested using new
>> productions, rather than re-using the existing ones from the
>> hierarchical
>> URI mechanism.  Sorry if I did not reply on that--I think that would
>> be a good idea, but if there is rough consensus for the current approach,
>> I am happy to go along.
>> 
> 
> OK I'll replace the following text:
> 
> "  turnURI   = scheme ":" host [ ":" port ] [ "?transport=" transport ]
>   scheme    = "turn" / "turns"
>   transport = "udp" / "tcp" / transport-ext
>   transport-ext = 1*unreserved
> 
> <host>, <port> and <unreserved> are specified in [RFC3986].
> 
> Note that the usage of components defined in the [RFC3986] as part of
> a generic hierarchical URI does not mean that a TURN/TURNS URI is
> hierarchical."
> 
> by this text:
> 
> "  turnURI   = scheme ":" host [ ":" port ] [ "?transport=" transport ]
>   scheme        = "turn" / "turns"
>   transport     = "udp" / "tcp" / transport-ext
>   transport-ext = 1*unreserved
>   host          = IP-literal / IPv4address / reg-name
>   port          = *DIGIT
>   IP-literal    = "[" ( IPv6address / IPvFuture  ) "]"
>   IPvFuture     = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
>   IPv6address   =                            6( h16 ":" ) ls32
>                 /                       "::" 5( h16 ":" ) ls32
>                 / [               h16 ] "::" 4( h16 ":" ) ls32
>                 / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
>                 / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
>                 / [ *3( h16 ":" ) h16 ] "::"    h16 ":"   ls32
>                 / [ *4( h16 ":" ) h16 ] "::"              ls32
>                 / [ *5( h16 ":" ) h16 ] "::"              h16
>                 / [ *6( h16 ":" ) h16 ] "::"
>   h16           = 1*4HEXDIG
>   ls32          = ( h16 ":" h16 ) / IPv4address
>   IPv4address   = dec-octet "." dec-octet "." dec-octet "." dec-octet
>   dec-octet     = DIGIT                 ; 0-9
>                 / %x31-39 DIGIT         ; 10-99
>                 / "1" 2DIGIT            ; 100-199
>                 / "2" %x30-34 DIGIT     ; 200-249
>                 / "25" %x30-35          ; 250-255
>   reg-name      = *( unreserved / pct-encoded / sub-delims )
> 
> 
>   <unreserved> <sub-delims> and <pct-encoded> are specified in
>   [RFC3986]."
> 
> I will also add this in the Acknowledgments section:
> 
> "The <port> and <host> ABNF productions have been copied from
> [RFC3986]."

Umm, why don't you just use the RFC3986 ABNF directly, make it
a normative dependency, and not recreate that which is already
a standard?

While you are at it, please redesign the URI to be hierarchical.
The proposed syntax goes out of its way to create arbitrary
differences from STD66.

Transport does not belong as a query parameter.  Transports are
a fundamental part of authority management.  The traditional way
of handling multiple transports is to provide a unique scheme for
each one, since that is how clients will determine which identifier
to use on the basis of whether they support the different transports.
TLS is a transport.

In other words:

 turnURI = "turn" [ "." transport ] "://" authority
 transport = "tls" / "udp" / "sctp"        ; TCP is the default
 authority = <authority, as defined in STD66>

I would also suggest appending path-abempty [ "?" query ]
as well, if there is any chance (no matter how remote) that
you might find a use for path or query information in the future.

Cheers,

Roy T. Fielding
Chief Scientist, Day Software