IETF Logo Mail Archive

Re: [Uri-review] URI Scheme "ves:"

Michael Wojcik <Michael.Wojcik@microfocus.com> Mon, 20 December 2021 14:27 UTC

Return-Path: <Michael.Wojcik@microfocus.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34CAF3A0DD6 for <uri-review@ietfa.amsl.com>; Mon, 20 Dec 2021 06:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUBLXfhvoaoZ for <uri-review@ietfa.amsl.com>; Mon, 20 Dec 2021 06:26:59 -0800 (PST)
Received: from m4a0092g.houston.softwaregrp.com (m4a0092g.houston.softwaregrp.com [15.124.2.142]) (using TLSv1.2 with cipher DHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49EA83A0DD4 for <uri-review@ietf.org>; Mon, 20 Dec 2021 06:26:58 -0800 (PST)
Received: FROM m4a0092g.houston.softwaregrp.com (15.120.17.147) BY m4a0092g.houston.softwaregrp.com WITH ESMTP FOR uri-review@ietf.org; Mon, 20 Dec 2021 14:25:57 +0000
Received: from M9W0067.microfocus.com (15.121.0.190) by m4w0335.microfocus.com (15.120.17.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2375.17; Mon, 20 Dec 2021 14:25:23 +0000
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (15.124.72.10) by M9W0067.microfocus.com (15.121.0.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.12 via Frontend Transport; Mon, 20 Dec 2021 14:25:23 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CbIRFBIt22BWBu8Lalk1aVoYx1JNaOeUuC68LMcKm0fy+Uo5nXMf5fSAqRWjsnhnBEnzJCQf2HuC9N6JbGee/JruZmohPzyEtAXQ8kgY3OjR9kGbBOUTB+kjRLowsw0WRHm0BbScKfAuRJ6YjaRg/jD/z9JpWsGgt6dC+Fltfb9iGQH2eqWf9KN1jBVZgBn+n3mKIW8UcU3qKiq8maV44MxnO7n7w5QrmGdnL07KOb4AJbawltdKwxSKt6H2R0c3k2Jk7Xvtww8Vcq9gUb3Sym/pI+N8gysA0djeHNSJUZw9zL47dE5gOBdihFHnjhTEncfxvY1ENIbVAH5EPMKSpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YtKdZjrvKqDUPRHt9IOYb9HGHWFhQCAmHik2NZ8ZXuI=; b=UMNZ6eGHTpeAAN0ygkQlMx9NmpEaVpc+9wn4WP00rA7D4b3bGpUchdPEecTMbbr2wermpRIARGMNq1OauwiQfxCdwbLsneoxJG5hr66pnnS0T5NcQWe3PloxjHMCBfbD1X4XTEX3JXEH+LlJ6v/oX1bpHr7lV1RBr00Dt2aiOxgPSf7PIE0m7+x7rVZdW97jWlUyc7tWXS68pEokzWIE8/ooFbFQt8Cf1zXnZ6hfW1rXX0ofNE2xlBe6gA6thjCSYxObD1Xx/4CXGfDYDB1RpWzdTOrsoWmjHFXzCCMKPnJw6EvKkAcJnWVx957p1i+HLEyxex2cByt8ldB2ME8DJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microfocus.com; dmarc=pass action=none header.from=microfocus.com; dkim=pass header.d=microfocus.com; arc=none
Received: from DM6PR18MB2700.namprd18.prod.outlook.com (2603:10b6:5:172::30) by DM6PR18MB3442.namprd18.prod.outlook.com (2603:10b6:5:28e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14; Mon, 20 Dec 2021 14:24:24 +0000
Received: from DM6PR18MB2700.namprd18.prod.outlook.com ([fe80::3d70:c738:ca03:891a]) by DM6PR18MB2700.namprd18.prod.outlook.com ([fe80::3d70:c738:ca03:891a%5]) with mapi id 15.20.4801.020; Mon, 20 Dec 2021 14:24:24 +0000
From: Michael Wojcik <Michael.Wojcik@microfocus.com>
To: "uri-review@ietf.org" <uri-review@ietf.org>
Thread-Topic: [Uri-review] URI Scheme "ves:"
Thread-Index: AQHX893Mw/sT/8QqK0ujmGxfQeTV4Kw4js0AgAAQqoCAABtpgIAABMyAgAKSLYCAAB4GEA==
Date: Mon, 20 Dec 2021 14:24:24 +0000
Message-ID: <DM6PR18MB27007CD6DFFA9D5C9AAB2C5DF97B9@DM6PR18MB2700.namprd18.prod.outlook.com>
References: <e2dbbdce-f91d-a555-20c5-53a971be8d20@vesvault.com> <CAHBU6ivqJ8GL=gM35K33h0YRzrO0Bs4cd+To6YPezL78+aNNTQ@mail.gmail.com> <17b8d4be-9ba1-e3b5-b84a-6185185dc8ba@vesvault.com> <6280a74d-04aa-8ca8-5df9-3fd8e73afa92@gmx.de> <4A853B10-1BD5-4334-9588-0759BB1D3327@commercebyte.com> <a531d37d-cdc5-8f77-735c-9e842c0d3eb1@gmx.de>
In-Reply-To: <a531d37d-cdc5-8f77-735c-9e842c0d3eb1@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microfocus.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86a83d9c-d0dc-42ff-6dd7-08d9c3c46c07
x-ms-traffictypediagnostic: DM6PR18MB3442:EE_
x-microsoft-antispam-prvs: <DM6PR18MB344284F17FB6CE05E2FD7EA6F97B9@DM6PR18MB3442.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZdJuBvIELXcK/5fq6TCpDoTWL7JaijEx0uiR1WlDX9o2Tl+N36BlN76baEWQxBw7BLVN4Q/IGPmN12pgYDlCajlHxVXkoOs48ywfkfEecg2ZtKVjAiu1HGgGA4SFq0jlPluLWcSVJU0cXv5PX5U2QQlU6XTqR3zgZN3aVwLHXVNKyyvEgX9Ga51gqgxL/AtEO6PzffI+Nl7CDk5hPsmjiHPRXI2oYXGdthfci7jJwJN+yZh4HIkMV39hCUiHU4Gs7LnjwC00osowV6zA3/93V9taA4fW8DJIxOXR8uVhH17PXzRNF5bYN8OxJqJvDiaPWDOo9eIzRJICLqJRZzzhW6N2WiH1OoHGHkt8KS8UURCTlFoHD+JNGuElKyvKqCBTkGN6CQTYuD6d+ho+lxhrqlWQ/f7hWySmw+IWIRvLTkkJw76/MaPxmRRysAewFeEzZJCXTqX9uO5VFredItP5E/vLa3pyqfL6HLpToUjyrte735vdasSQkiBUi54l+yuQcanYKdfh2W3Ray1GBj3iGzVJxSkEQWEVWbt+9iuIQCcbvGb+Ojbz0vTHgK4EN0rQ4ojYkwg9Qf7UyWDTYfi+mkqtmSO/i+jfP7Gpl75F2jREKIQlnzsCTJnXgA3aFDGWOKd/5OVMS0pArw6pxJErcgifgYE33nEmakiMYgRqyB6+a3zb2TKGCzjxy/pOzLlmJzSaCRg8YLRq1KgloDbFnQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR18MB2700.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(76116006)(508600001)(38070700005)(186003)(66476007)(33656002)(9686003)(64756008)(2906002)(66446008)(66556008)(38100700002)(66946007)(26005)(4744005)(122000001)(86362001)(316002)(55016003)(6506007)(52536014)(5660300002)(8676002)(71200400001)(66574015)(6916009)(7696005)(83380400001)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: gT75nFGgVhWbY40qrObjRssHMNQ5H7GDJYwY5ZrBlkNNZCCezbDE5h2J+6r42hEU+RSkrAnvZ7vT+B0Zsnk8/2VQ+JE3r6Ux7bA1ibhB+uEWs/wRrKUi2r99XmieSoJC19M0524JIgVcA5OTHD8Zq6BoLdSjtN4wg0PJiQH2HoVovjb0Nvcm/TKR6hz6h2KaPzuUzICtAufUaQ22vA9NsVDnSickaWwwdC9Yr+CoiJUJpYiRyI3HoekTpI05lPfgtCUavmyE4onJyBjY7bxooJWPQo1FNBBYropGmgDbASvPyfnq1MhwMc4hYrHUEMqzbbSAF1g9Y7N4CsBH7lkCprQ1Pp14AyPOK5JmqZL4qG2p3QTOsV+4IkaC4WwuIZaIBw1dUSSbzqCD5XriX/mTyAnx1x9BSIIaX97D2tHOvgs3KfGrW6xyS6qZ5DcupmoA1Yj5rF0a0V77AY7F8RtwJUUveQVilCvXWjlPwKVL4Ef8zvd24M45lFOHQY5OsgvHzyJWqXivVtAaQeoLRCo4MH9p3wrEEXPW3QYF1USfIE9Ba0owTRHQ1Ne/L0+m9dnPSn4INvY7YnOVkfcNCBNhTaK+S5UtNomca8RKALu5asO2J+s4lTEnFs0o/eQYdd132xEv8xWmc9veeO3kzgJzRD19FQGn7HkxVJP2sfrr1WWl6qq7mcncPfuewGKqGD9GYc5z0BcVRN1G4KWZjEtByga75+up0Nnf9f4snEjo/Hcr6gUMmo8hTiCAyf7Hhw8YdbnSUPv3xHZxn5Lt+wkIDbpE9pBHwv3lj9mEv6DXUXRDM8IWav87q8m2TkLF45KrzqlB1q+I/nQ7kHCgDovVhJMM+9CeusGY1MNc/D+Qf+kJphV20X4kIGHBtdLwCPXk0TPklvHQ2kQbIIuN+npfFkwXdqs4y2hI+6ulhEm8IKE0VnZUK8jwu0J/kwR+ChCnz8ACWxHc4Kw3v5oaqoym/83K+TD74D1fMqpKmEt4lE6JT+9rOYP3RP58xfqj0OCCgxFHvCWg2PcOgJieVaRMrbKo8cwo25pES5cbMArL0y42gBzrKOeIOFViF894EyLdHwoqvbRh4iIVD8YL4kKtQFnHRyLdZs4P7KW4gl/VW4h+wrJf7+uD1PrPo6dR8TiVN/mOg1bzemLaP/Vfv/6Wszsvhf/T7VShqOwzHY5AZc9ivbZxMFcr6XQem6Bo3oeQDryYGCGRDgX81c1EMnmZne1DBHC3wFYavoxjNuEGOgmMkg3+Ln0kCI6liW+yN10ArpEXwVyTQSClKXkhb8bFs30QQUtyaC8vd1fAJOI1VLxEv+m3s3x3qniOfEFjtHw13GIgcM3z6VWHuUFSNaQn6VDVhDGMCfijrJhfxxDJSEep9VuxOphCYpiha254ISRfjhi4Hfe11CntdBz6UI02d7+Ys0/NjMmoYwboDtnbM4NloUkEt4R5F+2CUge4s+jVmBkt+/rGomGnDbREIqkGbfxxE2J+Wyx8/eT68SX98r1xCsNF2jtJKqkU2EKoz45ho4qBQ91cK1loQ+OpzxKkxv2dC2n9MSEnv5C/TfG5ytaDQslV2WCtgAB/U7+a7JUbWttem92OaKHoubYn8DkwVSdSG0FXLn2UyqMBp2WyUTRNabI09Lu675se/ix+4/+phGIAoKTx3TPxQ9rvY6fQvA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR18MB2700.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86a83d9c-d0dc-42ff-6dd7-08d9c3c46c07
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2021 14:24:24.1662 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 856b813c-16e5-49a5-85ec-6f081e13b527
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7l/lQNOvewIP4+4jo1HFfq6R7bHMYHjmv9RHUBf92wzmp6Bk7rdKV0i/jr0vxvt+L8rYPMJPeZlh3yxBgUg5lgHQt7SFlPRU7kx2MB3Q7MI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR18MB3442
X-OriginatorOrg: microfocus.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/c-b1o3SUoTz7XfZBpSDF7on5nlo>
Subject: Re: [Uri-review] URI Scheme "ves:"
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2021 14:27:04 -0000

> From: Uri-review <uri-review-bounces@ietf.org> On Behalf Of Julian Reschke
> Sent: Monday, 20 December, 2021 05:26
> 
> Am 18.12.2021 um 22:10 schrieb Jim Zubov:
> > ...
> >
> > I specified the violations, specifically stripped url encoding, that the
> > software SHOULD understand, and libVES is fact DOES understand. The uri
> > parts is still recommended to be properly url encoded to comply with the
> > standards.
> > ...
> 
> I believe this is an incredibly bad decision, because it means that
> consumers of the URIs can't simply use conforming URI parsers.

Historically, this sort of thing has also led to security vulnerabilities, due to mismatches in the tolerances of filters and end servers. Non-canonical UTF-8 sequences are one example.

The Postel Interoperability Principle was useful in the early days of internets (and then of *the* Internet) to get things off the ground. These days it's a liability. Be strict in what you accept.

-- 
Michael Wojcik

v2.23.0 | Report a Bug | By Email