Re: [Uri-review] Requesting review for 'dvx' provisional registration draft
Ted Hardie <ted.ietf@gmail.com> Thu, 01 July 2021 12:24 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5323A0113 for <uri-review@ietfa.amsl.com>; Thu, 1 Jul 2021 05:24:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ivm0Ks4N11Fl for <uri-review@ietfa.amsl.com>; Thu, 1 Jul 2021 05:24:45 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EF6C3A00E0 for <uri-review@ietf.org>; Thu, 1 Jul 2021 05:24:45 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id 11so7068212oid.3 for <uri-review@ietf.org>; Thu, 01 Jul 2021 05:24:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ir0YkfE3kRPxBeV7SWlx+Q6t/cCh4Vl4VSPytP6tqCA=; b=iWTUuKKo983FtWlxr5AZ+UjSkJSwytEqKzcfDvr+34DTMgTN3zs9oNG/Zty9gr0R8P 9fz884+IUH8WQKX+ClibG4D/Q6cQ26eE++MfpXyES4HGcRCiB0MNO0GtpsLx7EQ6T21E MlioBMuxjsHlE1AZ47OdnO5+u5xFlaHY80FYyeEDva77saF4H0lIipISpCJc3Erd2uEM WcUaaTPRSESC0wnFDh3PBqTLxVmVS7Du9asRjAHQGSh2s7HLrErdLHwlYQc8/jrD/Aik cEugUPRE2aV5MCVsrGiTI7E9SBYyVO8J55qjfJTNZWx9N7bzlfNDvYD7o7kAPulHCKim maYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ir0YkfE3kRPxBeV7SWlx+Q6t/cCh4Vl4VSPytP6tqCA=; b=dUIfrktSq4tKWprmkurmheI262rEOmXibrZCjEb06pfGMHNLRZ2fEauLce2Ss2BEP3 LnmWd0Q5RfwDS/6dt5taOmD2Ho0rO4yMKEDVilWCXiqe+WBSNizPy30Nvwxeths0i9wn vEvaIV/gQ7Lkb++yIRDeP4w0MqKkMGc9fxDJbndykYmCNe4CB+xj5M7gZsK9cvVWgDgs R6a3cTHTkATj7PKKaihzQHlfqBn/N/u62Wd1D4a5ekT8ndbunLffV+GZgnelDaXIzLEh DV5+2amcNPpCPvW6McSmd7LOWc3rEIeOUdJRoeNd56f/JbnowCUszytBC5+BtHK4C8sr tI4A==
X-Gm-Message-State: AOAM531XipT+Ram+zZDV1JD8DeN47/DNuKlhUY4ClIxWgQ970W6pkk+Q 5cOjYPPYthYZ0EEhsNhGz0KkzyEYF4er5RrXYDWNFBNKF4U=
X-Google-Smtp-Source: ABdhPJx3kHBmv+aiIIgL91uB89Gdl7oFh2JUOQq1emi3WAnZfW8kBTopLLlCrPpTNlo16mhoLPR9C6LtUtyK38p+ftg=
X-Received: by 2002:a05:6808:aa6:: with SMTP id r6mr9257577oij.35.1625142283523; Thu, 01 Jul 2021 05:24:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAD2stPT7+5s_+7BC8Xrv-phQj40+oOomT3f3bVarX=AuJXGJ8w@mail.gmail.com>
In-Reply-To: <CAD2stPT7+5s_+7BC8Xrv-phQj40+oOomT3f3bVarX=AuJXGJ8w@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 01 Jul 2021 13:24:17 +0100
Message-ID: <CA+9kkMBv2PP9J=ntZqOOMoxtcQ9afo-RuCvoF+_3-29+N55zwA@mail.gmail.com>
To: "C. Bastian | ORGAPLAN" <clemens.bastian@orgaplan.org>
Cc: uri-review@ietf.org
Content-Type: multipart/alternative; boundary="00000000000084da8305c60eec53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/v68NNjeMXxamEqw_hOfb_hagS5U>
Subject: Re: [Uri-review] Requesting review for 'dvx' provisional registration draft
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 12:24:50 -0000
Hi Clemens, Thanks for your note. There appears to be no collision with an existing registered scheme, so that's good news. In going through the syntax, I did have some questions, if you don't mind. My reading is that there are two current commands, open and close, but that you intend for the syntax to be extensible. The permitted characters for new commands are a-z0-9.+-, and there is no restriction on their ordering. That would mean 99open, +-7a, even + as a bare operator would be valid; is that your intent, or did you also want to have minimum lengths and require certain patterns? For "the interoperability considerations", you might simply mention that there is currently only one known context of use (the ORGAPLAN context, listed below), and that uses of this outside that context may or may not conform. For security considerations, I could not quite parse what you meant: For security reasons it's prohibited to include sensitive or private information in the uri. This applies in particular to the key=value pairs. The restrictions on a requested resource or command need to be checked by the application which evaluates the uri For example, are you indicating that the URI might be carried in a plain text protocol, and thus be observable to an attacker with access to the path? If that's the threat model, it would appear the application that evaluates the URI (on receipt), might be acting too late to prevent observation. In general you might want to reference rFC 3552 for text on how security considerations text is constructed. Thanks again for sending this note, regards, Ted Hardie Your document says "The encoding of the key=value pairs follow the rules defined in RFC3986 "Uniform Resource Identifier (URI): Generic Syntax" Section 2 <https://datatracker.ietf.org/doc/html/rfc3986#section-2>" . It's not entirely clear to me which part of that section you wish to draw the reader's attention to. Is it possible you meant section 3.4, which describes path elements and mentions key value pairs? On Thu, Jul 1, 2021 at 5:54 AM C. Bastian | ORGAPLAN < clemens.bastian@orgaplan.org> wrote: > Hello! I hope you can provide me some feedback on this draft for a > provisional registration of the scheme 'dvx'. > Here's my current draft, any feedback and hints are appreciated. Best > greetings Clemens > > Scheme name: > dvx > > Status: > Provisional > > Applications/protocols that use this scheme name: > The ERP software solution named "DVX" by ORGAPLAN business > solutions (www.orgaplan.org) > > Contact: > Registration applicant: Clemens Bastian <clemens.bastian@orgaplan.org > > > Scheme creator: ORGAPLAN business solutions GmbH <info@orgaplan.org> > > Change controller: > Someone who is verified to represent ORGAPLAN business solutions > GmbH (see 'Contact') > > References: > Specification: > https://api.orgaplan.org/articles/uri-dvx-scheme-specification.html > > _______________________________________________ > Uri-review mailing list > Uri-review@ietf.org > https://www.ietf.org/mailman/listinfo/uri-review >
- [Uri-review] Requesting review for 'dvx' provisio… C. Bastian | ORGAPLAN
- Re: [Uri-review] Requesting review for 'dvx' prov… Ted Hardie
- Re: [Uri-review] Requesting review for 'dvx' prov… C. Bastian | ORGAPLAN
- Re: [Uri-review] Requesting review for 'dvx' prov… Ted Hardie
- Re: [Uri-review] Requesting review for 'dvx' prov… C. Bastian | ORGAPLAN
- Re: [Uri-review] Requesting review for 'dvx' prov… Tim Bray
- Re: [Uri-review] Requesting review for 'dvx' prov… Ted Hardie
- Re: [Uri-review] Requesting review for 'dvx' prov… Ted Hardie
- Re: [Uri-review] Requesting review for 'dvx' prov… C. Bastian | ORGAPLAN