[Tsv-art] Tsvart last call review of draft-ietf-jmap-websocket-04

Bob Briscoe via Datatracker <noreply@ietf.org> Thu, 19 December 2019 16:41 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tsv-art@ietf.org
Delivered-To: tsv-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A71E1201EF; Thu, 19 Dec 2019 08:41:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Bob Briscoe via Datatracker <noreply@ietf.org>
To: tsv-art@ietf.org
Cc: last-call@ietf.org, draft-ietf-jmap-websocket.all@ietf.org, jmap@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.113.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <157677367852.27417.14108254460834408683@ietfa.amsl.com>
Date: Thu, 19 Dec 2019 08:41:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/cqX1H_l7XFdB2mQ6DT3pGl3JqRI>
Subject: [Tsv-art] Tsvart last call review of draft-ietf-jmap-websocket-04
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 16:41:19 -0000

Reviewer: Bob Briscoe
Review result: Ready with Issues

This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.


==Transport-specific review comments==

The only transport-specific issues that I can think of would relate to 
holding open a connection for a long time, which increases the risk of 
brute-force connection hijacking and has interactions with NATs and 
mobility. However, they are all WebSockets issues, and adding jmap over 
WebSockets doesn't change any of that.

==Non-transport-related review comments==

I found the document readable and comprehensible.

The following is my only concern...

===Shouldn't extensibility be discussed?===

The specification is full of statements saying what peer A MUST do, but 
lacks statements saying what peer B MUST do if peer A doesn't do what it 
is supposed to.  

Perhaps there needs to be a default case for what to do if one peer 
receives a message that violates the Websockets JMAP subprotocol (or at 
least one peer believes it violates the version of the protocol that it 
supports).

Examples:

4.  JMAP Subprotocol
   Binary data MUST NOT be uploaded or downloaded 
   through a WebSocket JMAP connection.
What if they are?

4.1 Handshake
   Other message types MUST
   NOT be transmitted over this connection.
What if they are?

4.2 WebSocket Messages
The lists of allowed messages following "The messages MUST be in the 
form of..." do not say what to do if they are not, and do not seem to 
allow for extensibility.

===Nits===

4.1 Handshake

CURRENT:
   If a client receives a handshake response that does not include
   "jmap" in the "Sec-WebSocket-Protocol" header, ...
PROPOSED:
   If a client receives a handshake response in which the value of the
   "Sec-WebSocket-Protocol" header is not "jmap", ...
REASON:
'include' implies it would have been valid for the server to have sent 
a list of subprotocols.