Re: [urn] Comments on PWID -05 - now PWID -06

Peter Saint-Andre <stpeter@stpeter.im> Tue, 30 April 2019 03:13 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 348DD12024F for <urn@ietfa.amsl.com>; Mon, 29 Apr 2019 20:13:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=p5fUqtwV; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MGUpacCY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FdSuiDP2P-TY for <urn@ietfa.amsl.com>; Mon, 29 Apr 2019 20:13:41 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A202C12001E for <urn@ietf.org>; Mon, 29 Apr 2019 20:13:41 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 443D4624; Mon, 29 Apr 2019 23:13:40 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Mon, 29 Apr 2019 23:13:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h= subject:to:cc:references:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=fm2; bh=J 9sHmTvUAPGzaYrc8Q28DeOFksfmapVh5XbnG07OOkw=; b=p5fUqtwV3PeKfQR+V Jd+tnY9s42jdum8o5oexbd0n4gae39yyOZ6k+32sIPGSVDwn+FDP4wE/0wKDRY3T uF6pgkLeQClelKcVyNtQEOIfH2rzlT4/3ERT0svtrKyAEuCumGUnWjMlyTa7pDUD SOe7LQyWS12lbCJV+HLnEkukiEFfTItKDjhxONYmEsJSgxnwY/CW1WFR4MdBZ8Ru y0fGHBHzyPpUZtXqMiAcRadQgNKo3kosEnc0codNMw89M/9nP203lewCpN4njfFb IduNuKTrCNxdj6vq/EsYTLqfTeu16VqQFC1Ryfd8uGpyE+uAUqlKeXZJeMtdwV2N xwmBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=J9sHmTvUAPGzaYrc8Q28DeOFksfmapVh5XbnG07OO kw=; b=MGUpacCYN7B9B/7wjotSqeRYKSMFOIf//OnvF9zeUE/5aMy7x5KZA2Ds2 04BB3JvAQ0ejL4na0z9Xf5nBkWe14FNtk5LPgWIqyOW1lC1hH4hu7eKmSCsr4TOX kJW3tFnBQsGf2gkZttybIgd4i2NyU9Bvij0Io4EkFuJXqi7B7GLb2uBQELt0LbR+ o+PdNGzc5qcy7azfSvye8FT6CFQ+zYLnwSr3PPy+/OI7bQ5wN28shYBCErqc2phZ Zafr4+uju3LZaIqwk1l/73dU1aVt0Ur5//t5pa6IPxekHZZwQYVnJ/SqDLo86nd5 AHK/OYGR3LDj6lPaQ2EYd+33tJNYw==
X-ME-Sender: <xms:Yr3HXPTaMr-H0wy5AomsiI5KgIw6ZSHzspgQHG4cwdTwEhgrBusEAw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrieefgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefrvghtvghr ucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqeenuc ffohhmrghinhepihgvthhfrdhorhhgnecukfhppeejiedrvdehrdefrdduhedvnecurfgr rhgrmhepmhgrihhlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrdhimhenucevlh hushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:Yr3HXMeq9P0cNWU3CGiJtNvsZCHEmhNz4l-CqWdTUUyVEQfpx5BMrg> <xmx:Yr3HXBSChCRJS3AJhqTfvgZteXTfyuhyQ5LWpgOv4iBWf0fjYsCBiQ> <xmx:Yr3HXIIy1zdtiR9KhtFzsrqSvaDaMuy3y5qrCEkcJrE4HujFOuqvdg> <xmx:Y73HXMh2goOO6kQ55IsYvWWoIApQyLUhEeCkSY17-803vd51-7IDwg>
Received: from aither.local (unknown [76.25.3.152]) by mail.messagingengine.com (Postfix) with ESMTPA id B484AE40C1; Mon, 29 Apr 2019 23:13:37 -0400 (EDT)
To: Eld Zierau <elzi@kb.dk>
Cc: "urn@ietf.org" <urn@ietf.org>
References: <2870fa7971294156b2e2ad240c9584c3@kb.dk>
From: Peter Saint-Andre <stpeter@stpeter.im>
Openpgp: preference=signencrypt
Autocrypt: addr=stpeter@stpeter.im; prefer-encrypt=mutual; keydata= mQINBFETDzsBEAC0FOv1N3ZJzIIxN6cKD475KVS9CHDPeYpegcOIPnL5eY1DCHeh/IwS1S7R CePtmiybNoV9FsI4PKUknzXQxA6LVEdAR/LUlhgJKjq+gsgp8lqbEILhg13ecH66HwLS9rar bQkC47T7kL8miIPBFC6E3A4Lq1L+eueO6UcLhKgoYkMxOjdiWrMgKTnVpch5ydLkPm/z0Zo8 zRgqlPuTLeCrXXZYnjHXLVFN2xy04UzOs7P5u5KVfx5Z7uQisr8pXtyLd6SpTZo6SHgKBv15 uz0rqXhsJojiGtOXfWznAjaS5FUOORq9CklG5cMOUAT8TNftv0ktsxaWDL1ELDVQPy1m7mtz o+VREG+0xmU6AjMo/GHblW1UU7MI9yCiuMLsp/HLrFuiosqLVZ85wuLQ2junPe3tK8h15Ucx IXAcpQ1VqIaDQFbeuLOXJTF8YHpHdpHYt/ZM1ll7ZBKGAo8yd7uF7wJ9D3gUazwdz9fFjWV7 oIk7ATwOlFllzmWDn+M2ygbHOGUGMX5hSaa8eDSieiR2QoLdn27Fip7kMBTJ2+GISrfnJTN/ OQvmj0DXXAdxHmu2C4QgmZbkge35n129yzXn9NcqzrGLroV62lL3LgX6cSbiH5i7GgWY6CAP b1pMogV0K475n9FvOSDRiG4QSO5yqKiA3OP5aKrIRp2TNAk4IwARAQABtCZQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBzdHBldGVyLmltPokCOQQTAQIAIwUCURMPOwIbAwcLCQgHAwIB BhUIAgkKCwQWAgMBAh4BAheAAAoJEOoGpJErxa2p6bgQAKpxu07cMDOLc4+EG8H19NWXIVVy bOEvfGuHYZaLKkPrhrMZwJiOwBpyISNRt9qzX1eLCVaojaoEVX6kD8MGc5zKFfiJZy3j7lBW l+Ybr7FfXYy2BbAXKx49e1n6ci9LmBrmVfAEaxtDNPITZ9N9oUAb9vS0nrG036EwteEHAveQ vlDjO7lhz6+Cv7lZQgBj9rZ6khfcQ4S3nSCQaKLQ9Iav4fqxI7SfuPKnx6quHX3JNLGnVo3w l+j/foCK0iTrmtHxCI3kc/bx6g32pRjHEPX0ALMBhmzU2uca+TE0zCEC96mgYXAUCwdnCFWy beIEbt6pz65iML13kAVAq0H/GqncnMGN0MbOatnw1Tdz/vkLojIy7QbPcQ0plUFxv5491xPf IrHhOWdRXp6WUt88fcqhT6MHZpVRtusj2ornKVVn+Y0GLsMMCTcrXJRG7Ao1YV72t/pJpzfG WSaaxolxDIZ6B+76jrIhUhiWgo/4nf+DN6BIlCZQ6j6xxjjx462cu02kuhIILTk2pzaMOufT BWx0uJhZk/KP2Fay/41pX7pvVOwRC4uIlKsLnJKLPS7EDa4BUUxENfd/9LqOGwlII8BbSe98 PLMI8sXkcigc3UXMVda9ll0YhQa+lbP1NaszmnBhwuiCsgnPGbImsJuRzgEEgckwP/dNeyr6 MlFMyfaeuQINBFETDzsBEADBzOsEHpUmhkRUjH9Tek87dn5P/Yh/L/HptgCGk40TL/C+kYdk d3HyteMEf061PNmsS/Rq8k37Fu3VODYb9SPYKxtgksKSYUtIkPKvao09K9QNWPqyWuNf0F+i AjVMUudaEVFJ7bHF310RDwLY5IvLeCXxtvG+Vv/i+g77d2WdPDp+zLJ8306C4yBKjSJV8xW0 cn2fd7NviIEN6cNHTsZNDZVMlgYPrxnwSq8GTEPGC7HsLIwGcx3hIe9QjnPw9CpAmQENpDEy WcxgF5uwo2NJECoDswKz1Nb0gfawF3ZIbD+GcLujTu94iJuVg25jATWm9wTgcfZo4UPllRGX dIb8uWwUFQlLQgd4ROLZZtXNGmHIymJrV2crx53gxup+1j0XqhlzKg8xbImWhEfS9oHZkRK8 VHgmWSIt7TNwNir6N5j3lqwWVBhnu6GzF01sKGNySlqNRbd0fqhakCkK71b8ot8tYTcYG5Lg 10z6HTbgQx2UwLthUjqbblDQ+GLmrOhiWklLXRsnlnPMwnEyFePAnsT5tasy2Cn9qjpttNDa h7PB8iFUi9mtTF/XDVgpFaB5G3CDV7Q2NgbAI6g6QhLIAmXzSP635G83mda0TKXHQXHDyLJT Tn+WVFU7t4m4uLt+0DsWU8jXHQWyUTNG9WPUrXhusDUAPHxFCQ/n/lQVBwARAQABiQIfBBgB AgAJBQJREw87AhsMAAoJEOoGpJErxa2pqfgP/ApN+TRu2bBIgaw1dr3AznSSha84DIpXUDh3 udZvQrGbUtz8/mA+e3iZEN/cmmBw2LGlAuQoJNILTZQ318yTP+E5QU7fJH7FVsohUyvrMfyt 3IMA9jg0Z9MuloLezvIjjMfFeNa0ROgDb/ubOT7JQzi1kwN8Lu3lO80HwqBHXEeOLoislUSn ZajRKvITbKWkZ6PHRjlMw1Wk4oIi6VLHgGgj79zzL3uhML2663m7imShvz1QcHTwvyR5i8cZ bNOEkotZyERiA1p7YHuruS+QvTi3ZPoQbnMUB3a7py9d11bw1+w3LiAUGZE/z5hBWOFxYtw+ w/U/Vx0BwJGYlwU3M2W20uEXe+qxz7wnakygKjmLiD2z4njfKjcNCiV3FmXrpmWgADln1c4j fxDh0NrndrsM8FPDf1TMPtOZgFDkKripc9xkZ/25P6xn27oTOHWKcAC0QhxSH+HuVBBRk8Ag F+zAbDZe4/L6+kanSrycIXW+wCzwBq61aWsz2QhhuKjozVkhk4dRG+CfjzAFjnyxwYERn3uX VKQAwTwcdNcTI9RV98IsNrw9Y4lJEAg6CjNPmiD5+EASycqaOuToRSGukr8sOQLWLPyTnez/ aG8Xf7a+fntWzK2HuDYoSDhJJrylWw/lMklOBm4wtMeNA0zcQH6AQV/GzQVQkSGqrLuMVIV/
Message-ID: <9dcb0c25-a48e-e206-da26-a588f07d3dce@stpeter.im>
Date: Mon, 29 Apr 2019 21:13:36 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <2870fa7971294156b2e2ad240c9584c3@kb.dk>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/-fUYDd6cnrrOuQp-89gsPJrxbpU>
Subject: Re: [urn] Comments on PWID -05 - now PWID -06
X-BeenThere: urn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Revisions to URN RFCs <urn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/urn>, <mailto:urn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn/>
List-Post: <mailto:urn@ietf.org>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/urn>, <mailto:urn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 03:13:44 -0000

Hello Eld,

Your proposed syntax (with "~") looks fine to me.

The ABNF definition of your proposed syntax does not conform to RFC
5234. You can check the ABNF using this tool:

https://tools.ietf.org/tools/bap/abnf.cgi

In particular, it's not clear to me what a rule like this is intended to
mean:

   registered-archive-id = +( unreserved )

Do you mean that a registered-archive-id can include one or more
instances of characters from the `unreserved` rule? If so, change "+" to
"*".

To simplify the ABNF, you could use the datetime rules from RFC 3339.

Please don't use `URI` as the name of an ABNF rule because that's
already defined in RFC 3986 and could cause confusion. Perhaps call it
`uri-string`.

Personally I found the `precision-spec` categories difficult to
understand and sometimes ambiguous. For instance:

* A precision level of "part" seems to be an HTML file only (at least in
the case when "it refers to an html web element"), however a URI can
point to many file types other than HTML files. Perhaps "single" (as in
a single file) would be clearer; it would also be good to specify how
this is handled in the case of file types other than HTML.

* Does a precision level of "page" apply only to HTML pages with all
"referenced web parts"? (By the latter term I think you mean what the
HTML 5.2 specification defines as "embedded content"; in general it
would be good to align terminology.)

As to the registration, instead of version 6 it should be version 1
because this is the initial registration (i.e., whenever we are finished
with this process it will be the initial version, whereas if you update
the entire registration in the future that would be version 2).

The security considerations strike me as underspecified. An archived web
page or part could be just as dangerous as a "live" page or part; for
instance, it could include insecure scripts, malware, trackers, etc.
Furthermore, an archived page could in fact be more dangerous, because
it could include outdated scripts with known vulnerabilities that can
never be patched because the script is archived for all time in a
vulnerable state (an attack of this sort was recently discovered in the
wild).

Best Regards,

Peter

On 4/29/19 6:10 AM, Eld Zierau wrote:
> Did any of you have comments to my previous mail?
> Is there any action you want me to take in order to get it accepted?
> Best Regards, Eld
> 
> -----Original Message-----
> From: Eld Zierau 
> Sent: Friday, March 1, 2019 1:29 PM
> To: 'Martin J. Dürst' <duerst@it.aoyama.ac.jp>; 'Dale R. Worley' <worley@ariadne.com>
> Cc: 'urn@ietf.org' <urn@ietf.org>; 'L.Svensson@dnb.de' <L.Svensson@dnb.de>
> Subject: [urn] Comments on PWID -05 - now PWID -06
> 
> I have now uploade a new version: draft-pwid-urn-specification-06
>  - and thanks again for comments and suggestions
> 
> Regarding the suggestion from Martin (included below), I can as a computer scientist certainly see the reasoning as quite obvious. However, my experience with presentation of the PWID is that syntax based on computational reasoning is something that users find illogically, e.g. that the archived-item-id (usually URI) is included in the end of the PWID. I believe that adding a "~" for identifiers that are registered separately is acceptable for such users, but I am also convinced that a "+" before a domain will be something that confuses (non-computer science) users a lot. 
> Also, as said in my previous mail, it is highly unlikely that there will ever be a case where "~" is the first character in a domain for a web archive. Therefore, it seems that it should not be necessary. 
> A minor extra thing is that all existing PWIDs (and tools providing and resolving PWIDs) would not comply, which they would otherwise (none of these use registered identifiers yet only domains and URIs).
> In other words: I will be very sorry to add a "+" to domains, and I believe it is not necessary.
> 
> The uploaded version  does not include a "+" to domains, - If required, I will of course add it (although sorry to do so)
> 
> Please let me know if it acceptable, and I will act accordingly.
> 
> Best regards, Eld 
> 
> 
> On 2019/03/01 11:31, Dale R. Worley wrote:
>> Martin J. Duerst <duerst@it.aoyama.ac.jp> writes:
>>>> [...]  E.g., one could require that any archive-id that is not 
>>>> intended to be interpreted as a DNS name to start with one of "-", 
>>>> ".", "_", "~".
>>>
>>> I haven't looked into the details, but in general, I think this is a 
>>> bad idea. It is much better to have an explicit distinction than to 
>>> rely on some syntax restrictions. Such syntax restrictions may or may 
>>> not actually hold in practice. It's very easy to create a DNS name 
>>> starting with '-' or '_', for example, even though officially, that's not allowed.
>>
>> I may agree with you ... But what do you mean by "an explicit 
>> distinction"?  E.g., I would tend to consider "archive-ids starting 
>> with '~' are registered archive names, and archive-ids that do not are 
>> considered DNS names" to be an "explicit" distinction, but you mean 
>> something else.
> 
> Well, the explicit distinction would be "if it starts with '~', what follows is a registered archive name, and if it starts with '+', what follows is a DNS name" or some such. This would not exclude any leading characters in either archive names or DNS names.
> 
> Regards,   Martin.
> 
>> Or maybe the right question is, What do you propose as an alternative?
> _______________________________________________
> urn mailing list
> urn@ietf.org
> https://www.ietf.org/mailman/listinfo/urn
>