Re: [Uri-review] percent encoding of '/' in one-segment non-hierarchical path component
Jan Pechanec <jan.pechanec@oracle.com> Tue, 27 August 2013 18:05 UTC
Return-Path: <jan.pechanec@oracle.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 616FD21E809F for <uri-review@ietfa.amsl.com>; Tue, 27 Aug 2013 11:05:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.063
X-Spam-Level:
X-Spam-Status: No, score=-6.063 tagged_above=-999 required=5 tests=[AWL=-0.534, BAYES_00=-2.599, DATE_IN_PAST_06_12=1.069, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdjU8Z8yRe7X for <uri-review@ietfa.amsl.com>; Tue, 27 Aug 2013 11:05:16 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 07AFF21F9F8E for <uri-review@ietf.org>; Tue, 27 Aug 2013 11:05:09 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r7RI4wCS019734 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 Aug 2013 18:04:59 GMT
Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7RI4v8o027895 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Aug 2013 18:04:58 GMT
Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7RI4vBH027887; Tue, 27 Aug 2013 18:04:57 GMT
Received: from rejewski.us.oracle.com (/10.132.148.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 27 Aug 2013 11:04:57 -0700
Date: Mon, 26 Aug 2013 23:05:11 -0700
From: Jan Pechanec <jan.pechanec@oracle.com>
X-X-Sender: jpechane@rejewski
To: Larry Masinter <masinter@adobe.com>
In-Reply-To: <C68CB012D9182D408CED7B884F441D4D3472A4792F@nambxv01a.corp.adobe.com>
Message-ID: <alpine.GSO.2.00.1308262256270.24199@rejewski>
References: <alpine.GSO.2.00.1308131709340.19813@rejewski> <alpine.GSO.2.00.1308211422330.15710@rejewski> <C68CB012D9182D408CED7B884F441D4D3472A4792F@nambxv01a.corp.adobe.com>
User-Agent: Alpine 2.00 (GSO 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "uri-review@ietf.org" <uri-review@ietf.org>
Subject: Re: [Uri-review] percent encoding of '/' in one-segment non-hierarchical path component
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uri-review>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2013 18:05:23 -0000
On Sat, 24 Aug 2013, Larry Masinter wrote: hi Larry, thank you for your answer. Comments inline. >If you would like your URIs to be parsable by generic URI parsing, >then they need to follow the generic URI syntax. yes, I'd like that. I assume all URI schemes should be correctly parsable by generic URI parsers, shouldn't they? >Since the URI consists of attribute value pairs why not just make the >whole thing a query string, by starting off with ? > >pkcs11:?object=my-key;object-type=private;pin-source=/etc/pin I understand why you suggest it but I think it would make it harder for people to use it. They would just not understand. Also, the PKCS#11 token provides flat space which can be seen as one level hierarchy so that's why I used the path. >or even > >pkcs11:/my-key?object-type=private;pin-source=/etc/pin >(make one value, e.g., 'object', be the path) there are more attributes that could be used as path, "id" which is supposed to be unique. However, I can see the point. all attributes can be used to identify the object in the one level hierarchy aside from the "pin-source" attribute. That one may be needed to access the object but it does not define its location. That one would fit into the query component and that's the one I had issues with about the slashes. the following might be an option: pkcs11:token=mytoken;object=my-key;object-type=private?pin-source=/etc/pin I have to think about it more. Thanks! Jan >> -----Original Message----- >> From: uri-review-bounces@ietf.org [mailto:uri-review-bounces@ietf.org] On >> Behalf Of Jan Pechanec >> Sent: Wednesday, August 21, 2013 11:27 PM >> To: uri-review@ietf.org >> Subject: Re: [Uri-review] percent encoding of '/' in one-segment non- >> hierarchical path component >> >> On Tue, 13 Aug 2013, Jan Pechanec wrote: >> >> hi all, I'd very much appreciate any opinion on the problem I >> outlined below. As I mentioned in the second part of my email, I'm >> inclined to allow PKCS#11 URIs to use unencoded '/' in attribute values: >> >> pkcs11:object=my-key;object-type=private;pin-source=/etc/pin >> >> despite the fact that it would fool generic URI parsers that >> would be splitting the one-segment path into three separate segments. >> I still have doubts about it though. >> >> thank you, Jan. >> >> >> > hi experts, >> > >> > I've recently asked here for your opinion on the PKCS#11 URI >> >draft. With your review help which I very much appreciated, the scheme >> >was recently approved as a provisional scheme and I'm getting ready to >> >put it on RFC tracker. >> > >> > however, there is one thing I'm not sure about and I'd like to >> >ask for your opinion. The following is an example of a pkcs11 URI: >> > >> > pkcs11:object=my-key;object-type=private;pin-source=%2Fetc%2Fpin >> > >> > now, I have the following paragraph in my draft: >> > >> > ... >> > More specifically, '/' delimiter of generic URI components was >> > removed from available characters that do not have to be percent- >> > encoded so that the initial part of a PKCS#11 URI is never confused >> > with "path-rootless" part of the "hier-part" generic URI component as >> > defined in Section 3 of [RFC3986]. >> > ... >> > >> > which is not entirely precise (I should also include >> >"path-noscheme", too) and should be rephrased. Basically what I want to >> >say is that the scheme requires encoding of '/' so that generic URI >> >parsers do not split the path into segments and parse the URI above as: >> > >> > scheme name: pkcs11 >> > path-segment-1: object=my-key;object-type=private;pin- >> source= >> > path-segment-2: etc >> > path-segment-3: pin >> > >> > I could easily fix the draft but I'm still wondering whether: >> > >> > (1) '/' is really needed to be removed from a charset that does >> >NOT have to be percent-encoded >> > >> > (2) to allow non-encoded '/' and mention that if '/' are not >> >percent encoded the generic URI parser may split the intended >> >non-hierarchical one-segment path (ie. set of attributes) into multiple >> >segments >> > >> > (3) to allow non-encoded '/' and does not discuss the generic >> >parser issues >> > >> > it's easy to guess that people will use unencoded slashes in the >> >pin-source attribute no matter what I do and that PKCS#11 URI parsers >> >will have to accept it. Choosing (1) then seems a bit useless to me. >> >I'm leaning to (2) but I'm not sure it's permissible to do that. >> > >> > I'm reading rfc3986 again. "2.2. Reserved Characters" suggests >> >that since '/' is not a delimiter in the PKCS#11 URI, it does not have >> >to be percent encoded. Also, the next paragraph also under 2.2 makes me >> >think that (2) might be really a good solution since '/' can be part of >> >the pin-source attribute data: >> > >> > ... >> > URI producing applications should percent-encode data octets that >> > correspond to characters in the reserved set unless these characters >> > are specifically allowed by the URI scheme to represent data in that >> > component. >> > ... >> > >> > however, I'm really not sure and still thinking about generic >> >parsers splitting the path into multiple segments. I'm hoping you could >> >help me with some insight. >> > >> > best regards, Jan. >> > >> > >> >> -- >> Jan Pechanec <jan.pechanec@oracle.com> >> _______________________________________________ >> Uri-review mailing list >> Uri-review@ietf.org >> https://www.ietf.org/mailman/listinfo/uri-review > -- Jan Pechanec <jan.pechanec@oracle.com>
- [Uri-review] percent encoding of '/' in one-segme… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Larry Masinter
- Re: [Uri-review] percent encoding of '/' in one-s… Jan Pechanec
- Re: [Uri-review] percent encoding of '/' in one-s… Larry Masinter