Re: [Uri-review] The registration request for “cstr” URI scheme

"wangshu@cnic.cn" <wangshu@cnic.cn> Sat, 07 May 2022 07:51 UTC

Return-Path: <wangshu@cnic.cn>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42184C15E3F6 for <uri-review@ietfa.amsl.com>; Sat, 7 May 2022 00:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cnic.cn
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KiP523ccWAen for <uri-review@ietfa.amsl.com>; Sat, 7 May 2022 00:51:33 -0700 (PDT)
Received: from cstnet.cn (smtp21.cstnet.cn [159.226.251.21]) by ietfa.amsl.com (Postfix) with ESMTP id EF575C15E3EC for <uri-review@ietf.org>; Sat, 7 May 2022 00:51:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cnic.cn; s=dkim; h=Received:Date:From:To:Cc:Subject:References: Mime-Version:Message-ID:Content-Type; bh=sHrUJs+/+0FYVLI5X61IdCB SZpDjLVM/KtB/5zto9eQ=; b=TZEVSBa6sq4YCUdIwkP1gK0eahwpYjUkKOzE+1A qRpMPr2Le6Q8xgV9QYJFb1oG1OzLE1PdZAMHPdux1Bf0Pa518n21oRNkQRXsxlDG +IjQdNvzADdrTSG3j5A9LNReLQORpUwxr1SVVs9b3N/VJh9Rc+sOYEs44cx5RhGY CMKQ=
Received: from LAPTOP-9CSFLTGI (unknown [223.193.3.100]) by APP-01 (Coremail) with SMTP id qwCowADHzIT7JHZiyapiBA--.3248S2; Sat, 07 May 2022 15:51:23 +0800 (CST)
Date: Sat, 07 May 2022 15:51:24 +0800
From: "wangshu@cnic.cn" <wangshu@cnic.cn>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: uri-review <uri-review@ietf.org>, liujia <liujia@cnic.cn>
References: <2022042617064765004922@cnic.cn>, <CA+9kkMA4JZw6cBDUzJQsvgOfveKYkw8u3P1hm60_pDkfQP1MtQ@mail.gmail.com>, <202205061436003998902@cnic.cn>, <CA+9kkMBsewwjGHeVscb4A6grtX+tgehEi0=7oRQeTRr6V9WM4g@mail.gmail.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.20.273[cn]
Mime-Version: 1.0
Message-ID: <202205071551237758145@cnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart037618581423_=----"
X-CM-TRANSID: qwCowADHzIT7JHZiyapiBA--.3248S2
X-Coremail-Antispam: 1UD129KBjvJXoWxtw45KF45Gw45Wr18CF45ZFb_yoW3Xw18pF W7G34DCan3G342vw4xZa18uFy09ayfK3y7tr95Jw18J390gFyIyr10kw4Yqa48G3s5Jw1j va1jgF1fWw1kZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUQC14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4U JVW0owA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40Eb7x2x7xS6r1j6r4UMc02F40Ew4AK 048IF2xKxVWUJVW8JwAqx4xG6xAIxVCFxsxG0wAqx4xG6I80eVA0xI0YY7vIx2IE14AGzx vEb7x7McIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC 6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4xvF2 IEb7IF0Fy264kE64k0F24lFcxC0VAYjxAxZF0Ex2IqxwCF04k20xvY0x0EwIxGrwCFx2Iq xVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r106r1rMI8I3I0E7480Y4vE14v26r 106r1rMI8E67AF67kF1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AK xVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7 xG6rWUJVWrZr1UMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_ Jr0_Gr1l6VACY4xI67k04243AbIYCTnIWIevJa73UjIFyTuYvjfUOwIDUUUUU
X-Originating-IP: [223.193.3.100]
X-CM-SenderInfo: 5zdqw2lkx6u0llfou0/
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/X8KS1eO6-4Qo0E8C5CW1nojiUgY>
X-Mailman-Approved-At: Sat, 07 May 2022 03:43:38 -0700
Subject: Re: [Uri-review] The registration request for “cstr” URI scheme
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2022 07:51:38 -0000

Dear Ted Hardie and others,
Thank you for all your comments, The application of cstr is in the initial stage, so we are not sure all the security considerations at the time of registration.
we have already updated the CSTR specification again. https://cstr.cn/doc/specification/   
CSTR and the registration agency code are separated by the ASCII character ":" (octet 0x3A), and the rest of the parts are separated by the ASCII character "." (octet 0x2E).
The "cstr" scheme is specified as follows:
 
Scheme name: cstr
 
Status: Provisional
 
Applications/protocols that use this scheme name: 
A "cstr" URI is used to express an identifier that is for common science and technology resources.
Applications that use this scheme name provide services for the persistent identification, inluding citation, statistics and traceability of science and technology resources.
 
Security considerations:
   The general security considerations from Section 7 of RFC 3986
apply, but no other security considerations have been identified at the 
time of registration.
 
Contact: Wang Shu (wangshu@cnic.cn)
 
Change controllers:
  - Wang Shu (wangshu@cnic.cn)
  - Computer Network Information Center,Chinese Academy of Sciences 
 
References:
[1] https://www.cstr.cn/en/
[2] https://cstr.cn/doc/specification/
 
Please let me know if you have any questions about cstr.
Looking forward to your reply.
Best wishes.
Shu



wangshu@cnic.cn
 
发件人: Ted Hardie
发送时间: 2022-05-06 16:11
收件人: wangshu@cnic.cn
抄送: uri-review; liujia
主题: Re: Re: [Uri-review] The registration request for “cstr” URI scheme
Dear Wang Shu,

Thank you for this update.  I have now reviewed the specification at https://cstr.cn/doc/specification/ .  I have a small number of follow-up questions. First, the specification notes that the internal identifier does not have a fixed length, but it does not note how it is composed.  Is it composed of digits as are the agency code and type code, or of alphabetic characters, or a mix of the two?

Second, the specification notes that the separators are "half-width characters".  RFC 3986 sets out the syntax of URIs with reference to the ASCII character set (See section 2.2 for the reserved characters, which include ":", and section 2.3 for the unreserved characters, which include ".").  Can you clarify that you are using these characters, rather than those drawn from Unicode Halfwidth and Fullwidth range ( U+FF1A and U+FF0E from https://www.unicode.org/charts/PDF/UFF00.pdf)?

For the security considerations, section 3.7 of RFC 7595 gives guidelines (https://datatracker.ietf.org/doc/html/rfc7595#section-3.7).  In a case like yours might make reference to Section 7 of RFC 3986 and then go on to say whether you know of any other issues.  If the internal identifier encodes a specific individual, for example, you might note that.  If there are no other considerations, something like this:

The general security considerations from Section 7 of RFC 3986
apply, but no other security considerations have been identified at the 
time of registration.

Thanks again for the opportunity to review the scheme.

best regards,

Ted Hardie

On Fri, May 6, 2022 at 7:36 AM wangshu@cnic.cn <wangshu@cnic.cn> wrote:
Dear Ted Hardie,
Thank you for your reply, we have already updated the security considerations and references including the cstr specification.The "cstr" scheme is specified as follows:
 
Scheme name: cstr
 
Status: Provisional
 
Applications/protocols that use this scheme name: 
A "cstr" URI is used to express an identifier that is for common science and technology resources.
Applications that use this scheme name provide services for the persistent identification, inluding citation, statistics and traceability of science and technology resources.
 
Security considerations:
   Unknown, use with care.
 
 
Contact: Wang Shu (wangshu@cnic.cn)
 
Change controllers:
  - Wang Shu (wangshu@cnic.cn)
  - Computer Network Information Center,Chinese Academy of Sciences 
 
References:
[1] https://www.cstr.cn/en/
[2] https://cstr.cn/doc/specification/
 
Please let me know if you have any questions about cstr.
Looking forward to your reply.
Best wishes.
Shu



wangshu@cnic.cn
 
发件人: Ted Hardie
发送时间: 2022-04-26 17:42
收件人: wangshu@cnic.cn
抄送: uri-review; liujia
主题: Re: [Uri-review] The registration request for “cstr” URI scheme
Dear Wang Shu,

Thank you for your message.  According to the guidelines in RFC 7595 for Provisional registrations:

For a 'provisional' registration, the following apply:
   o  The scheme name must meet the syntactic requirements of
      Section 3.8.
   o  There must not already be an entry with the same scheme name.  In
      the unfortunate case that there are multiple, different uses of
      the same scheme name, the Designated Expert can approve a request
      to modify an existing entry to note the separate use.
   o  Contact information identifying the person supplying the
      registration must be included.  Previously unregistered schemes
      discovered in use can be registered by third parties (even if not
      on behalf of those who created the scheme).  In this case, both
      the registering party and the scheme creator SHOULD be identified.
   o  If no permanent, citable specification for the scheme definition
      is included, credible reasons for not providing it SHOULD be
      given.
   o  The scheme definition SHOULD include clear security considerations
      (Section 3.7) or explain why a full security analysis is not
      available (e.g., in a third-party scheme registration).
   o  If the scheme definition does not meet the guidelines laid out in
      Section 3, the differences and reasons SHOULD be noted.

I did not see a security considerations section in your message, and it would be helpful if you could update to provide one.  Also, I assume the reference provided was intended to give a pointer to the full syntax of a CSTR.   I did not, however, find a link on that page to the syntax or a specification of CSTRs.  If you could update the link to point directly to that specification, that would also be appreciated.  If it would be simpler, you could also provide the syntax to CSTR directly in the registration.  Section 8 of RFC 7595 has an example of how to do that.

best regards,

Ted Hardie


On Tue, Apr 26, 2022 at 10:33 AM wangshu@cnic.cn <wangshu@cnic.cn> wrote:
Dear:
I am Wang Shu from Computer Network Information Center,Chinese Academy of Sciences, We plan to request a provisional URI scheme for cstr, that is an identifier for common science and technology resources, to provide identification service for science data repositories and data centers. The "cstr" scheme is specified as follows:
 
Scheme name: cstr
 
Status: Provisional
 
Applications/protocols that use this scheme name: 
A "cstr" URI is used to express an identifier that is for common science and technology resources.
Applications that use this scheme name provide services for the persistent identification, inluding citation, statistics and traceability of science and technology resources.
 
 
Contact: Wang Shu (wangshu@cnic.cn)
 
Change controllers:
  - Wang Shu (wangshu@cnic.cn)
  - Computer Network Information Center,Chinese Academy of Sciences 
 
References:
[1] https://www.cstr.cn/en/
 
 
Looking forward to your reply.
Best wishes.
Shu



wangshu@cnic.cn
_______________________________________________
Uri-review mailing list
Uri-review@ietf.org
https://www.ietf.org/mailman/listinfo/uri-review