Re: [Wpack] package: URL scheme
Ted Hardie <ted.ietf@gmail.com> Thu, 11 June 2020 21:07 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E5B13A08E1 for <wpack@ietfa.amsl.com>; Thu, 11 Jun 2020 14:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWHOGUP_UQEy for <wpack@ietfa.amsl.com>; Thu, 11 Jun 2020 14:07:24 -0700 (PDT)
Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0843A08DB for <wpack@ietf.org>; Thu, 11 Jun 2020 14:07:24 -0700 (PDT)
Received: by mail-oi1-x235.google.com with SMTP id p70so6709771oic.12 for <wpack@ietf.org>; Thu, 11 Jun 2020 14:07:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+m5ri6waean7hoFr7XmJCp0PdsARpVSJlaeQluXCro0=; b=ga5oyxoKnA8JRzG1pUTy22o91L6t14X/Qi5WPd8Y8g3KXZjmHo/GOAeBgAu78rDOST gtdEzDZFbyiGhQQg4aCZzdCoIdHU14gLRUCa5ow8Yxqbb6qzgxRo7+rpx4RgxlupsdYb AdP1jKkhOYbthc2W3S3b0Xs40XTmDUq36GTb4bzRDFxQGf/+Cqhkr+BSIPyoNSzDMLBD OwWaB8eSO9+C8Gpmh1EynSZ7jENp5xS1w571/i18Y5pHRd13xxHhv63OqcoasSxW+a/L 8N+b+cDOTcTTh5fUw8TwuhkIHW76Iu3FDKjbRo4vbHAZ6Y01fovvi7JqPso6I3nOAiA3 s+wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+m5ri6waean7hoFr7XmJCp0PdsARpVSJlaeQluXCro0=; b=XUBDxnLl0AelEFKAj6H6MoMmSwNXpETjd5uorQgQGFJWUQLHb2mRoCQSgbhRO/75SA bwcvQbcjLFwEME3IisWYFSDxrrTLg13MyNQRjSEws4yoXv3FWFBUnwhmmf0ImYo+1ajP BHVEAJznNALK9hsXTFvuZ25ILuyU78zypZG3WbxYGAJywzR8+B5ssja8lYlMxonsxeAU cjWSXSquy+Bnl+FeDvwHmilDkioWPfevYydsyzECF8GTQYl4SkV28icAC0mmhYVMFODl cUnjPzb2TgqHSdKg3G/vF8PDps3lnvyCn7EGTbs92EWSb8Po3UtLdHmn3VZ8zf3wLDBR M9+w==
X-Gm-Message-State: AOAM5310oE1ExxVx6mM1Z5pAnE5TrIJwd93X70npQiVZuhMXu1O+cml9 X2bsggNR+kIyKC+Q0F5IeiYgql37hMQhdlcshJbt4A==
X-Google-Smtp-Source: ABdhPJyy5O2WIX/V4trfAQq4THMluc2+jUE1ZqxLd0/10P/tLNCw8XLSBHk3Wpu+AYPOGb3RFpHIsYzbPAnwO1cFJRM=
X-Received: by 2002:a54:4795:: with SMTP id o21mr7508734oic.74.1591909644059; Thu, 11 Jun 2020 14:07:24 -0700 (PDT)
MIME-Version: 1.0
References: <CANh-dXndPaue3zAADhpc+wyNb8dxs=nVKOAp1n=6SMCKoUe=eQ@mail.gmail.com> <CA+9kkMAPqvXUwq3XqeqzkurmPbMVvR3bc_YPG6xQK0PUS4em-Q@mail.gmail.com> <CANh-dX=AAuQ2Q0fmu6ApU7vtUNm0+KfqbD+VTWD5DMgi0kzHzA@mail.gmail.com>
In-Reply-To: <CANh-dX=AAuQ2Q0fmu6ApU7vtUNm0+KfqbD+VTWD5DMgi0kzHzA@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 11 Jun 2020 14:06:57 -0700
Message-ID: <CA+9kkMBxJ3Jb2mD27hRgD_+eGbsfXX=MDDZEo6yFzuaAF9Ta4Q@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@chromium.org>
Cc: Jeffrey Yasskin <jyasskin=40google.com@dmarc.ietf.org>, WPACK List <wpack@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d949c205a7d55864"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/FGDVAaeiObZHKC06QMVv6Ls9M1E>
Subject: Re: [Wpack] package: URL scheme
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 21:07:27 -0000
Howdy, On Thu, Jun 11, 2020 at 11:47 AM Jeffrey Yasskin <jyasskin@chromium.org> wrote: > On Wed, Jun 10, 2020, 3:44 PM Ted Hardie <ted.ietf@gmail.com> wrote: > >> Hi Jeffrey, >> >> On Wed, Jun 10, 2020 at 3:00 PM Jeffrey Yasskin <jyasskin= >> 40google.com@dmarc.ietf.org> wrote: >> >>> Hi all, >>> >>> I wanted to raise awareness of a discussion about the URL scheme for >>> addressing resources within bundles (draft-yasskin-wpack-bundled-exchanges). >>> >>> We seem to be heading toward a URL of the form >>> package:<encoded-package-url>$<encoded-resource-uri>, which for a package >>> URL of https://distributor.example/package.wbn and resource URI of >>> https://publisher.example/page.html?q=query would lead to a URL of: >>> >>> >>> *package:https:,,distributor.example,package.wbn;q=query$https:,,publisher.example/page.html?q=query* >>> >>> RFC 3986, section 2.2 notes: >> >> If data for a URI component would conflict with a reserved >> character's purpose as a delimiter, then the conflicting data must be >> percent-encoded before the URI is formed. >> >> Wouldn't that apply to a couple of the delimiters in the package example >> above, e.g. the ":" in "https:"? If so, that seems like it would change >> the display form a bit (though not the basic idea). If that is needed, I >> think it reinforces the notion that showing these to users or expecting the >> users to grok them is a non-starter. >> >> regards, >> >> Ted Hardie >> > > I looked at that, and I think it's ok to leave the `:` unescaped. > Specifically, since `:` is only used as a delimiter to separate the scheme, > the later `:`s in the package and resource URLs don't conflict. blob: URLs > <https://w3c.github.io/FileAPI/#blob-url> already do this, and go a bit > farther in leaving their `/`s unescaped too. > It's certainly the case that some schemes permit ":" after the scheme to be presented unescaped (URNs require one, separating the NID from NSS). My concern here is really that these constructions, including the later ":"s , are actually being used in ways that might be read as conflicting with their original purpose as delimiters. "https:" occurs multiple times with contextual cues on meaning, in essence. That might be okay, but I think the percent encoded version might match expected practice bit better. It's unreadable to the end user, but I think that true either way. Is your concern with that approach that the origin-matching code might have forgiving algorithms for matching against percent-encoded elements of URIs? regards, Ted > > We could probably get away without escaping the `/`s here too: the > origin-finding algorithm would split on `$` instead of looking for the > first `/`, but I worry that it would be easier to write bugs in that case, > which could give packaged resources access to their distributor's storage. > > > Jeffrey >
- [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Ted Hardie
- Re: [Wpack] package: URL scheme Larry Masinter
- Re: [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Ted Hardie
- Re: [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Larry Masinter
- Re: [Wpack] package: URL scheme Martin Thomson
- Re: [Wpack] package: URL scheme Larry Masinter
- Re: [Wpack] package: URL scheme Mallory Knodel
- Re: [Wpack] package: URL scheme Larry Masinter
- Re: [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Larry Masinter
- Re: [Wpack] package: URL scheme Martin Thomson
- Re: [Wpack] package: URL scheme Jeffrey Yasskin
- Re: [Wpack] package: URL scheme Jeffrey Yasskin