Re: [Uri-review] percent encoding of '/' in one-segment non-hierarchical path component
Jan Pechanec <jan.pechanec@oracle.com> Wed, 21 August 2013 21:26 UTC
Return-Path: <jan.pechanec@oracle.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0859121F9EDA for <uri-review@ietfa.amsl.com>; Wed, 21 Aug 2013 14:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oyJqSGeHrKWp for <uri-review@ietfa.amsl.com>; Wed, 21 Aug 2013 14:26:19 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 54ED021F9E99 for <uri-review@ietf.org>; Wed, 21 Aug 2013 14:26:19 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r7LLQIB0006511 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <uri-review@ietf.org>; Wed, 21 Aug 2013 21:26:19 GMT
Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7LLQHNE022995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <uri-review@ietf.org>; Wed, 21 Aug 2013 21:26:18 GMT
Received: from abhmt101.oracle.com (abhmt101.oracle.com [141.146.116.53]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7LLQHRg015748 for <uri-review@ietf.org>; Wed, 21 Aug 2013 21:26:17 GMT
Received: from rejewski.us.oracle.com (/10.132.148.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 21 Aug 2013 14:26:17 -0700
Date: Wed, 21 Aug 2013 14:27:14 -0700
From: Jan Pechanec <jan.pechanec@oracle.com>
X-X-Sender: jpechane@rejewski
To: uri-review@ietf.org
In-Reply-To: <alpine.GSO.2.00.1308131709340.19813@rejewski>
Message-ID: <alpine.GSO.2.00.1308211422330.15710@rejewski>
References: <alpine.GSO.2.00.1308131709340.19813@rejewski>
User-Agent: Alpine 2.00 (GSO 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Subject: Re: [Uri-review] percent encoding of '/' in one-segment non-hierarchical path component
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uri-review>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 21:26:26 -0000
On Tue, 13 Aug 2013, Jan Pechanec wrote: hi all, I'd very much appreciate any opinion on the problem I outlined below. As I mentioned in the second part of my email, I'm inclined to allow PKCS#11 URIs to use unencoded '/' in attribute values: pkcs11:object=my-key;object-type=private;pin-source=/etc/pin despite the fact that it would fool generic URI parsers that would be splitting the one-segment path into three separate segments. I still have doubts about it though. thank you, Jan. > hi experts, > > I've recently asked here for your opinion on the PKCS#11 URI >draft. With your review help which I very much appreciated, the scheme >was recently approved as a provisional scheme and I'm getting ready to >put it on RFC tracker. > > however, there is one thing I'm not sure about and I'd like to >ask for your opinion. The following is an example of a pkcs11 URI: > > pkcs11:object=my-key;object-type=private;pin-source=%2Fetc%2Fpin > > now, I have the following paragraph in my draft: > > ... > More specifically, '/' delimiter of generic URI components was > removed from available characters that do not have to be percent- > encoded so that the initial part of a PKCS#11 URI is never confused > with "path-rootless" part of the "hier-part" generic URI component as > defined in Section 3 of [RFC3986]. > ... > > which is not entirely precise (I should also include >"path-noscheme", too) and should be rephrased. Basically what I want to >say is that the scheme requires encoding of '/' so that generic URI >parsers do not split the path into segments and parse the URI above as: > > scheme name: pkcs11 > path-segment-1: object=my-key;object-type=private;pin-source= > path-segment-2: etc > path-segment-3: pin > > I could easily fix the draft but I'm still wondering whether: > > (1) '/' is really needed to be removed from a charset that does >NOT have to be percent-encoded > > (2) to allow non-encoded '/' and mention that if '/' are not >percent encoded the generic URI parser may split the intended >non-hierarchical one-segment path (ie. set of attributes) into multiple >segments > > (3) to allow non-encoded '/' and does not discuss the generic >parser issues > > it's easy to guess that people will use unencoded slashes in the >pin-source attribute no matter what I do and that PKCS#11 URI parsers >will have to accept it. Choosing (1) then seems a bit useless to me. >I'm leaning to (2) but I'm not sure it's permissible to do that. > > I'm reading rfc3986 again. "2.2. Reserved Characters" suggests >that since '/' is not a delimiter in the PKCS#11 URI, it does not have >to be percent encoded. Also, the next paragraph also under 2.2 makes me >think that (2) might be really a good solution since '/' can be part of >the pin-source attribute data: > > ... > URI producing applications should percent-encode data octets that > correspond to characters in the reserved set unless these characters > are specifically allowed by the URI scheme to represent data in that > component. > ... > > however, I'm really not sure and still thinking about generic >parsers splitting the path into multiple segments. I'm hoping you could >help me with some insight. > > best regards, Jan. > > -- Jan Pechanec <jan.pechanec@oracle.com>
- [Uri-review] percent encoding of '/' in one-segme… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Larry Masinter
- Re: [Uri-review] percent encoding of '/' in one-s… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Larry Masinter