Re: [Uri-review] URI scheme registration request - dchub

[Eric Johnson <eric@tibco.com>]

Am I missing something here? I'm not one to typically comment on these, 
but I was unaware of the NMDC protocol. So I'm glad to see this attempt 
to register, which will raise awareness of the protocol. However, the 
proposed URI scheme registration document utterly confuses me.

The syntax section:

  * discusses semantics. For example: "The client should download the
    user's file list if path is omitted".
  * doesn't actually reference the syntax components of RFC 3986. It
    doesn't explicitly exclude possible portions of the syntax, such as
    fragment identifiers and queries. Am I to assume that those are
    allowed, but not specified in their use, or disallowed?
  * seems to allow "dchub://" as a valid URI, however, if I follow RFC
    3986 properly, that is not a valid URI, and at least a "host" is
    required.
  * Is RFC 3986 "userinfo" allowed in the URI? If so, how does that
    interact with the protocol?


The semantics section:

  * should steal the portions from the syntax section that address the
    meaning of a particular form, and further ought to tie that to
    specific portions of the spec. As in "download the user's file list"
    - which NMDC messages does this correspond to?
  * doesn't discuss at all how one might compare two of these URIs. Is
    the user name case-sensitive? If characters occur that require
    encoding via %xx, should those be normalized first before comparison?
  * Since the URI contains a path, does the path need to be normalized
    before comparison?

Under the "use" section:

  * An interoperability point is raised here that should be in the
    "interoperability" section.

The "interoperability" section:

  * What about case-sensitivity of the individual parts?
  * The use section flags interoperability considerations that aren't
    flagged here.
  *

The security section:

  * Future implementations may care about using TLS to secure
    communications. Will that need the use of "dchubs://", or is the
    intent that the "dchub:" scheme can serve both purposes?
  * Might one want to actually include some sort of indicator (such as a
    hash) in the URI (as part of a query) so that a client can request a
    file, and if the user or path has changed, and now points to a
    completely different file, that the provider and consumer of said
    URI will be able to detect the discrepancy?
  * What of using weird constructs like "../../../foo/bar", as in
    "dc-hub://host/myname/../../../foo" - does this need to make sure
    that cannot be used to retrieve a file that wasn't shared, or wasn't
    intended to be shared with the specific user.
  * DOS attacks, or DDOS attacks?
  * Homographs?
  * ...

The references section

  * doesn't actually include a formal reference to the specification of
    the protocol, which appears to be
    http://nmdc.sourceforge.net/Versions/NMDC-1.1.html


The protocol itself ought to be filed as an RFC. That would pretty much 
guarantee permanence of the reference.

Just my 2 cents.

Eric.

On 2/20/13 12:26 PM, Fredrik Ullner wrote:
> Hi,
>
> This is a request for registration of an URI scheme, dchub. The scheme 
> can be viewed at <http://nmdc.sourceforge.net/nmdc-uri-scheme.txt>.
>
> The URI scheme should meet the necessary requirements for a Permanent 
> URI scheme, as indicating in RFC 4395. The scheme specifies encoding, 
> interoperability and security aspects (and more). If the scheme should 
> not provide enough information for a Permanent scheme, please specify 
> what is lacking or at least consider a Provisional request instead.
>
> -- 
> Fredrik Ullner
>
>
> _______________________________________________
> Uri-review mailing list
> Uri-review@ietf.org
> https://www.ietf.org/mailman/listinfo/uri-review