Re: [secdir] Secdir review of draft-ietf-6man-uri-zoneid-05
Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 23 November 2012 07:50 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3030721F8872; Thu, 22 Nov 2012 23:50:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.581
X-Spam-Level:
X-Spam-Status: No, score=-101.581 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uO12qe9XL1Ua; Thu, 22 Nov 2012 23:50:29 -0800 (PST)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id EF4F921F8878; Thu, 22 Nov 2012 23:50:27 -0800 (PST)
Received: by mail-wg0-f44.google.com with SMTP id dr13so299655wgb.13 for <multiple recipients>; Thu, 22 Nov 2012 23:50:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=WXWx8xYSJskGtNJ+/mUriu5QwTEGpzbL5egm0LK47ck=; b=maVURukA4aEGD2sfryGqfrXKGE+NBIm2aloPX7Y0CUdfel1L3JDm8Fd3dbtzIXej9p oQ8oOTB2fAouyPR7TCQEBuhKClZNT/tARsqFnhyeAJOb0S6b/A0gW2Ch/Yuy75V4aJOs t5U4XIps7dv1RbjSCUB+isnO+rUFJhZCxmF7k1v4oKvbNioAe2mTEYvjKuDMPl/0ND1t I6EdLeuV7Ect73r5aDhd74xr6GLuqxEdCuTsU9l5BnVxegxXPelh9Yhs322rE49VCUoI RPUbQB0IPS5M6RaTtIJrWtuRu+QQDnIN6okaQik3Hi89fm4wgRwYxsR5eC7wv0HAmswu 3msA==
Received: by 10.180.87.40 with SMTP id u8mr8175462wiz.3.1353657016908; Thu, 22 Nov 2012 23:50:16 -0800 (PST)
Received: from [192.168.1.65] (host-2-102-219-114.as13285.net. [2.102.219.114]) by mx.google.com with ESMTPS id bn7sm8288510wib.8.2012.11.22.23.50.14 (version=SSLv3 cipher=OTHER); Thu, 22 Nov 2012 23:50:15 -0800 (PST)
Message-ID: <50AF2ABE.4020901@gmail.com>
Date: Fri, 23 Nov 2012 07:50:22 +0000
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Radia Perlman <radiaperlman@gmail.com>
References: <CAFOuuo5SbxQL-mFx9MOmpFgRybTV0qcu7pXZTnvRE=3NVSh7xQ@mail.gmail.com>
In-Reply-To: <CAFOuuo5SbxQL-mFx9MOmpFgRybTV0qcu7pXZTnvRE=3NVSh7xQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-6man-uri-zoneid.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-6man-uri-zoneid-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2012 07:50:30 -0000
Thanks Radia. The WG reached consensus on a SHOULD-based version. The whole issue of browser behaviour is contentious, so changing to MUST would be a WG issue, above my pay grade as a document editor. I will wait for instructions. Thnaks for the readability comments, we can work those in. Regards Brian On 23/11/2012 06:29, Radia Perlman wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document provides syntax for specifying a port within a URI for an > IPv6 link-local address. > I find no security-specific issues with this draft, but I do think the > clarity of the draft > could be improved a lot, and also, I think that the draft allows options of > what is or is not allowed, > which could cause confusion for a human using this, since some strings will > work sometimes. I think it would > be better to lock down what is and is not allowed. > > I'm not fond of the term "zone identifier" (I had to do some Internet > searching to figure out what it was). It would > only take a sentence to explain it in this draft. Admittedly, not many > people will be reading this draft out of > context (like me). > > An example of where the wording is needlessly hard to read, and where I > think the rule should be a MUST: > > " A <zone_id> SHOULD contain only ASCII characters classified > in RFC 3986 <http://tools.ietf.org/html/rfc3986> as "unreserved", which > conveniently excludes "]" in order > to simplify parsing." > > That wording could mean that ] is reserved or it could mean that it is not > reserved. > Turns out (by referring to RFC 3986) "]" is actually reserved. > And also, with my preference for specifying mandatory behavior rather than > recommendation... > perhaps saying something like > > " A <zone_id> MUST NOT contain ASCII characters classified > in RFC 3986 <http://tools.ietf.org/html/rfc3986> as "reserved". The > character "]" is reserved, so MUST NOT > be used in the zone ID. > > > --------- > Again, > "The rules in [RFC5952 <http://tools.ietf.org/html/rfc5952>] SHOULD be > applied in producing URIs." > Why not MUST be applied? > > ---------- > "we recommend that URI parsers accept bare "%" signs...make it easy for a > user to copy and > paste a string..." > > again, I'd think it would be better to specify what parsers MUST do, rather > than saying some parsers > can be more lenient, so that the same string will create the same behavior > regardless of the implementation > parsing it. > > --------- > similarly > > "To limit this risk, implementations SHOULD NOT allow use of this > format except for well-defined usages such as sending to link local > addresses under prefix fe80::/10." > > I'd think it would be better to say MUST NOT, and also, to specify what it > should > do if it receives such a thing. > > Radia >
- [secdir] Secdir review of draft-ietf-6man-uri-zon… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-6man-uri… Brian E Carpenter
- Re: [secdir] Secdir review of draft-ietf-6man-uri… Barry Leiba
- Re: [secdir] Secdir review of draft-ietf-6man-uri… Brian E Carpenter
- Re: [secdir] Secdir review of draft-ietf-6man-uri… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-6man-uri… Brian E Carpenter