IETF Logo Mail Archive

Re: [Uri-review] Requesting review for 'dvx' provisional registration draft

Ted Hardie <ted.ietf@gmail.com> Thu, 01 July 2021 12:24 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5323A0113 for <uri-review@ietfa.amsl.com>; Thu, 1 Jul 2021 05:24:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ivm0Ks4N11Fl for <uri-review@ietfa.amsl.com>; Thu, 1 Jul 2021 05:24:45 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EF6C3A00E0 for <uri-review@ietf.org>; Thu, 1 Jul 2021 05:24:45 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id 11so7068212oid.3 for <uri-review@ietf.org>; Thu, 01 Jul 2021 05:24:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ir0YkfE3kRPxBeV7SWlx+Q6t/cCh4Vl4VSPytP6tqCA=; b=iWTUuKKo983FtWlxr5AZ+UjSkJSwytEqKzcfDvr+34DTMgTN3zs9oNG/Zty9gr0R8P 9fz884+IUH8WQKX+ClibG4D/Q6cQ26eE++MfpXyES4HGcRCiB0MNO0GtpsLx7EQ6T21E MlioBMuxjsHlE1AZ47OdnO5+u5xFlaHY80FYyeEDva77saF4H0lIipISpCJc3Erd2uEM WcUaaTPRSESC0wnFDh3PBqTLxVmVS7Du9asRjAHQGSh2s7HLrErdLHwlYQc8/jrD/Aik cEugUPRE2aV5MCVsrGiTI7E9SBYyVO8J55qjfJTNZWx9N7bzlfNDvYD7o7kAPulHCKim maYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ir0YkfE3kRPxBeV7SWlx+Q6t/cCh4Vl4VSPytP6tqCA=; b=dUIfrktSq4tKWprmkurmheI262rEOmXibrZCjEb06pfGMHNLRZ2fEauLce2Ss2BEP3 LnmWd0Q5RfwDS/6dt5taOmD2Ho0rO4yMKEDVilWCXiqe+WBSNizPy30Nvwxeths0i9wn vEvaIV/gQ7Lkb++yIRDeP4w0MqKkMGc9fxDJbndykYmCNe4CB+xj5M7gZsK9cvVWgDgs R6a3cTHTkATj7PKKaihzQHlfqBn/N/u62Wd1D4a5ekT8ndbunLffV+GZgnelDaXIzLEh DV5+2amcNPpCPvW6McSmd7LOWc3rEIeOUdJRoeNd56f/JbnowCUszytBC5+BtHK4C8sr tI4A==
X-Gm-Message-State: AOAM531XipT+Ram+zZDV1JD8DeN47/DNuKlhUY4ClIxWgQ970W6pkk+Q 5cOjYPPYthYZ0EEhsNhGz0KkzyEYF4er5RrXYDWNFBNKF4U=
X-Google-Smtp-Source: ABdhPJx3kHBmv+aiIIgL91uB89Gdl7oFh2JUOQq1emi3WAnZfW8kBTopLLlCrPpTNlo16mhoLPR9C6LtUtyK38p+ftg=
X-Received: by 2002:a05:6808:aa6:: with SMTP id r6mr9257577oij.35.1625142283523; Thu, 01 Jul 2021 05:24:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAD2stPT7+5s_+7BC8Xrv-phQj40+oOomT3f3bVarX=AuJXGJ8w@mail.gmail.com>
In-Reply-To: <CAD2stPT7+5s_+7BC8Xrv-phQj40+oOomT3f3bVarX=AuJXGJ8w@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 01 Jul 2021 13:24:17 +0100
Message-ID: <CA+9kkMBv2PP9J=ntZqOOMoxtcQ9afo-RuCvoF+_3-29+N55zwA@mail.gmail.com>
To: "C. Bastian | ORGAPLAN" <clemens.bastian@orgaplan.org>
Cc: uri-review@ietf.org
Content-Type: multipart/alternative; boundary="00000000000084da8305c60eec53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/v68NNjeMXxamEqw_hOfb_hagS5U>
Subject: Re: [Uri-review] Requesting review for 'dvx' provisional registration draft
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 12:24:50 -0000

Hi Clemens,

Thanks for your note.  There appears to be no collision with an existing
registered scheme, so that's good news.  In going through the syntax, I did
have some questions, if you don't mind.

My reading is that there are two current commands, open and close, but that
you intend for the syntax to be extensible.  The permitted characters for
new commands are a-z0-9.+-, and there is no restriction on their ordering.
That would mean 99open, +-7a, even + as a bare operator would be valid; is
that your intent, or did you also want to have minimum lengths and require
certain patterns?

For "the interoperability considerations", you might simply mention that
there is currently only one known context of use (the ORGAPLAN context,
listed below), and that uses of this outside that context may or may not
conform.

For security considerations, I could not quite parse what you meant:

For security reasons it's prohibited to include sensitive or private
information in the uri. This applies in particular to the key=value pairs.
The restrictions on a requested resource or command need to be checked by
the application which evaluates the uri

For example, are you indicating that the URI might be carried in a plain
text protocol, and thus be observable to an attacker with access to the
path?  If that's the threat model, it would appear  the application that
evaluates the URI (on receipt), might be acting too late to prevent
observation.   In general you might want to reference rFC 3552 for text on
how security considerations text is constructed.

Thanks again for sending this note,

regards,

Ted Hardie


Your document says "The encoding of the key=value pairs follow the rules
defined in RFC3986 "Uniform Resource Identifier (URI): Generic Syntax"
Section 2 <https://datatracker.ietf.org/doc/html/rfc3986#section-2>" .
It's not entirely clear to me which part of that section you wish to draw
the reader's attention to.  Is it possible you meant section 3.4, which
describes path elements and mentions key value pairs?




On Thu, Jul 1, 2021 at 5:54 AM C. Bastian | ORGAPLAN <
clemens.bastian@orgaplan.org> wrote:

> Hello! I hope you can provide me some feedback on this draft for a
> provisional registration of the scheme 'dvx'.
> Here's my current draft, any feedback and hints are appreciated. Best
> greetings Clemens
>
> Scheme name:
>       dvx
>
> Status:
>      Provisional
>
> Applications/protocols that use this scheme name:
>      The ERP software solution named "DVX" by ORGAPLAN business
> solutions (www.orgaplan.org)
>
> Contact:
>      Registration applicant: Clemens Bastian <clemens.bastian@orgaplan.org
> >
>      Scheme creator: ORGAPLAN business solutions GmbH <info@orgaplan.org>
>
> Change controller:
>      Someone who is verified to represent ORGAPLAN business solutions
> GmbH (see 'Contact')
>
> References:
>      Specification:
> https://api.orgaplan.org/articles/uri-dvx-scheme-specification.html
>
> _______________________________________________
> Uri-review mailing list
> Uri-review@ietf.org
> https://www.ietf.org/mailman/listinfo/uri-review
>

v2.23.0 | Report a Bug | By Email