IETF Logo Mail Archive

Re: [xmpp] [Technical Errata Reported] RFC7622 (5769)

Florian Schmaus <flo@geekplace.eu> Tue, 02 July 2019 07:25 UTC

Return-Path: <fschmaus@gmail.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E1AC1201D7 for <xmpp@ietfa.amsl.com>; Tue, 2 Jul 2019 00:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zXp3ShflQIQJ for <xmpp@ietfa.amsl.com>; Tue, 2 Jul 2019 00:25:53 -0700 (PDT)
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1A4B120183 for <xmpp@ietf.org>; Tue, 2 Jul 2019 00:25:52 -0700 (PDT)
Received: by mail-wm1-f49.google.com with SMTP id g135so1807529wme.4 for <xmpp@ietf.org>; Tue, 02 Jul 2019 00:25:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=8ND/DZfsodE5nyiWjUcPrgZJU71Mzhnn99fJ6Z99rjE=; b=TntFU96AGb9mhNLeE5XaP0MxsF9tKyOWrnQR6dPN4REcz9qvFOnuWP7PMYeKifIfaM 2AvqLNQr3leAEa4vL+i6OmptCkR097TJWSKT/sC+s7FlGm0a//2yPPD2jiJ54gctg0Te ULH3ine/tM5b5m4B0Q02QdbGE/Axws6hf0zR4CbU6P7jAru9kfU0CZzfTn13dn5mQZv2 PYKC5w5P9YYJPPrTS5QyhtOuQoYcYqC5S2TkkRVauT8PgVXyPK0Gol5Z+h6xYTodRmQH R1eGQxn9KzoMRxsdNj2YFc9V0jW0WZtRxeqLFgc9mM7X7oHJZXYi0J0kTc24YKof14ak NaCQ==
X-Gm-Message-State: APjAAAXuB/6jPyGWZWwuZfgfEJL3IWGXFdrt5Q9Lt1B+pmccSLbp4tpR VNZRFCRZ/al1842sIE/gqjk=
X-Google-Smtp-Source: APXvYqybpUO1vZxkJBAQKY86FSTaN6Sn55gWCGalTwPFgcic9C4sFskXltRWPV4EHbG0ypZb+GZvHA==
X-Received: by 2002:a1c:f009:: with SMTP id a9mr2161993wmb.32.1562052350938; Tue, 02 Jul 2019 00:25:50 -0700 (PDT)
Received: from [10.188.34.160] (nat-inf.rrze.uni-erlangen.de. [131.188.6.45]) by smtp.googlemail.com with ESMTPSA id w20sm27639832wra.96.2019.07.02.00.25.49 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jul 2019 00:25:49 -0700 (PDT)
To: Dave Cridland <dave@cridland.net>, Barry Leiba <barryleiba@computer.org>
Cc: Joe Hildebrand <hildjj@cursive.net>, Alexey Melnikov <aamelnikov@fastmail.fm>, XMPP Working Group <xmpp@ietf.org>, Peter Saint-Andre <stpeter@stpeter.im>, RFC Errata System <rfc-editor@rfc-editor.org>
References: <20190630214921.40238B81D6A@rfc-editor.org> <CALaySJJ0t58BgMYE6G9XLFc-ydskvV6CS48d9++8xBfNZ_cLDg@mail.gmail.com> <9c33c9d6-3bfb-78bb-f684-0a8fc078ac4a@geekplace.eu> <CALaySJKztZ40OLNL6Jsvt1wzFgjYzqxUNq3Xj60KwOkAvJGxZA@mail.gmail.com> <CAKHUCzwg6sPtN0Dp6zPfKT75+DbfE0xies3Wv7GujXes6jY0Ng@mail.gmail.com>
From: Florian Schmaus <flo@geekplace.eu>
Openpgp: preference=signencrypt
Autocrypt: addr=flo@geekplace.eu; prefer-encrypt=mutual; keydata= mQENBEw8UF4BCAC4H+pf0bJjP8iUvOXtyfM052WptOwK+YCVWx5y8TExQ6u2WuKnsLC5AhdQ qChyLU08zIkno2dvfhyRxxMqhUPmo60ckn6AjLrif28vZiHJRWCfJTipxL2mZO0xNW68d23k 9G4f7+hzNyjWV5SpFG2qg4DWKmwIonZHZMZAK3NtWK7h+3uIVXk32Veuseh/qACZRI63EuQH e+BhnHDFLbb7gYhm78tuzVobU1mEqiNSA783BpxoVUSCEine1/qB5kObmq9Nno0cwnPui8GS sAUmNItKC270UdwLimFdCnV8qEbVEVj+Nh+nE+LVMdNZJa95x/4HHz9oIj8TGc1/RNiXABEB AAG0IkZsb3JpYW4gU2NobWF1cyA8ZmxvQGdlZWtwbGFjZS5ldT6JAVcEEwEIAEECGwMFCwkI BwMFFQoJCAsFFgMCAQACHgECF4ACGQEWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxDQUJ EsBHrwAKCRCMrCqWeFSONWwyB/9GdtTjAryks1OR5kbhSKiw132im4/Z0eDs681qHJlG/lyC uPORV+ru0fxxSNY4QxydG7+pJtJfaTtEn2562ziqr/peqtLdWw+F5RctJbiJD+TPEdAUdxA0 FlTdQoaGz3sC9NxVfYXDGTGGTvC2GUjI2PWgM6RCH1UA3/eWtDogypl4eXHJpjMwDclUxi/X rQjd65gCEAAt5YK+lF3cnvrVzc4AWHoVShVfPePyKAhJOdvFZn9f+3uRcNv5OsZUVZ8ZwAWv dqDp2MO1pjOTyO7aFc2sISjoXc5DQ+74F6e41/KyDImH6ims3mE5taD0RpgDfDxOMxaNvIGU MrzrmFbiuQENBEw8UF4BCADoJRRtsvwu0qPbYKZGxa+sJ44zDX8oLBr/UD8aESTPi7nXtc5V FRQ7v66JEKkKTYq9T/J29P5HsdxMomiR5pbaRUaAjeENscxzXY8BZTZVzSotqQ6ZHyOeGqkK XhNNVUx7pFZF1AO46bk8Ob++6jEFNCSIUNgiDsFggGwd3ngPLrpDblQQujC5pAT9JB6X+OnE 41cYSS5rCbDPaBKHtIyTftcCPwjsgic0qKMhXgthR86Qmna4ZUeHN9+8cEszk/LSEJysDv4Q +j9HiezRQxFXgKjsMyTdD8TAo3uVpZXc7vOrGagi7agK4QAMuozmbwVbOohYvR0w6mZmYEsE uh9fABEBAAGJATwEGAEIACYCGwwWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxIwUJEsBH xQAKCRCMrCqWeFSONQdGB/9qe949moyhflZf/Gj8B4D7RQ+8z4taoo3LBbxl9Kp0gz2C0wgh kkeHDVt2Kf8yiRLkH9DdFnqowYb19qWHJ3+1dmUU2S8VWk24NYDE7svgw2lQOE8/pItXTG/C m9s7Rp8DHcTE1dqPwIGR7LhLtt/+U/NMZi8+cr/AiYlUCD88NcHEScqnO6srTzEWFye2BYRp m3ayR/DN2gJTIdWSqODT/yN07cFphYozg5aIgGzzy4nGGQnm5sLNmsvmu1oY2aAaK5LafqzA 60zEcnRKmX/MsGK7SiOHPIQrot33gjvhnhrtDcVfna26fTvdjkpZoczmpsQhjZdj0kU3VDyP yNkluQENBFdWjtMBCAC9XPyeOKXvBPiwMMqAZIXiqTpy7uKmElD1RpXYl/0ZC+oEvXhlYZE5 sAm3uRN3hulH86wNAP1lvV5nSRa/r4pPr1I8zqzfl1EN0CmVdeIR77UZOhfgLtEKRmUUf3YK 2ZIjVJ9zhYfBZpuuRd6ckoUzZsp2MgdID2ezxcpuBNL8EVkr15p5sEkEU+pqY/QUuXY1MCtf Cs0q4RWUO9UOiAX2tCbMVvDAxtItBEVIwJ5p94glK3tfaBfHE6787KbN5a5AV3vgKVGjlKHA FPr8yY+F5lj9fKjxCjgkga3nwz0vF+FX/8BbErBHU/gUgnFzbwZxq/+XtQxK297k5hc6kEVH ABEBAAGJArsEGAEIACYCGwIWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxOAUJB6YJZQGJ wL0gBBkBCABmBQJXVo7TXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au ZmlmdGhob3JzZW1hbi5uZXQ5Nzc1MDU5RjNBMjFEQ0UxNkJFNEZCQUUyMjM5QTdFOEY1ODUy MDUyAAoJECI5p+j1hSBS7FsIAJVU3gkZdex8Tj+vwHeLdtupi5iGtcnkijnFyhC7Fbkzn83y Jj2QsYVpPGVC1X2zDFoqoV15GTqBnYoL3QayMZM4zglTP81nBSNbrOai2RYFnTMNv2ivgWPN j38y07+T0Z+boJ+0xrsTT5QYkk75cv8X694YhyaHTcljDwK56dhY+9i/h9cfPZON/cwWoymA PUxNsVqovUfFF+eX9gmZHjzqjEdsdcS5eXb1kr8sdXIhwYRfPeZutTzuKHEYzw1bIidxZeX8 +Q+qbZxC/IOTpE/JC++IAdABExtuZaaABirXXqXNTZPPROcF8Rfo9IoBuJ5s/2zR2j664fB/ p5JQyRwJEIysKpZ4VI41iYkIALMQ/+GvcUhdr0H8iYb1HeijZ2eTQRAv3j7cEAK+8dbBslYr b8eG7pO6swnuhXzEwuxSqoq1UA50sa7L++cN0oJk7S0FDkhVb7vDU1BNQ1DXTeiNbQpvLqXB Y7/drAwHGMo6PS4IkEhzBZfs7FP/Tewpr8LC9i4FdlzDcCxj5rHUVS/+aerd8KZtRKmXmes7 gBxZ+Klwj8eizPmLp4lRxwVjOLQxOSEielhWiuzSzlZGvz5RmBqumVc0sUSB/GTBKYpcIhP/ mBKGNutYkMzCK/JJ5LID/MCpsRsjH8Syd5aRg4shE0aeh1KV9WF/YiQPC/V03LO5Fx2JULpg wmAlqFE=
Message-ID: <9150b28a-d773-853e-845f-6de4632ed836@geekplace.eu>
Date: Tue, 02 Jul 2019 09:25:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAKHUCzwg6sPtN0Dp6zPfKT75+DbfE0xies3Wv7GujXes6jY0Ng@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="93NntvTPrKgF6FfoR7TdPCTdLStX5y9ZX"
Archived-At: <https://mailarchive.ietf.org/arch/msg/xmpp/eXxIOOYKjLi-dnYQaTqRVmQfb8k>
Subject: Re: [xmpp] [Technical Errata Reported] RFC7622 (5769)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 07:25:56 -0000

On 02.07.19 00:10, Dave Cridland wrote:
> On Mon, 1 Jul 2019 at 14:18, Barry Leiba <barryleiba@computer.org
> <mailto:barryleiba@computer.org>> wrote:
> 
>     > > 1. Is this bit of text intended to say that "domainpart" has to
>     > > *consist of* NR-LDH labels and U-labels, rather than to contain
>     > > characters valid for those?
>     >
>     > XMPP domainparts may contain
>     > - IPv4/v6 addresses
>     > - DNS names
>     > - "Hostnames" (more or less arbitrary XMPP service identifiers)
>     >   Those are potentially longer strings then DNS labels are allowed to
>     >   be.
> 
>     OK, so there's more to it than that.
> 
> 
> Hold your horses - I'm not sure that's actually true.
> 
> In particular:
> 
> a) I don't think that IPv4/IPv6 addresses actually belong there. Some
> existing client libraries and servers can handle that, but it's not
> clear it works outside a single server (ie, with S2S links). At best,
> this would be a SHOULD NOT in my opinion. For a start, most of the rest
> of the langauge makes no sense, since it assumes these things can be the
> subject of a DNS request - see, for
> example, https://tools.ietf.org/html/rfc6120#section-3.2

Even assuming that IPv4/v6 addresses in domainparts would not work
outside a single server, they are useful in test deployments and the
like, and hence it does not appear to be sensible to strictly forbid
them in domainparts.

You obviously do not need a DNS lookup if you already have an IP. I do
not think that RFC6120 needs to explicitly mention that, but maybe it
does not hurt either.

> b) Arbitrary labels are syntactically the same as U-Labels. If anyone
> wants them to be different, I'm willing to mud-wrestle them for it, and
> nobody should want that.

Depends on your definition of "arbitrary labels" I guess. Are they
allowed to contain other code points besides those valid in U-labels?
How long are they allowed to be? U-labels come with an indirect length
restriction. POSIX limits the maximum hostname, which is sometimes used
as domainpart, to 255 bytes, but this would exceed the maximum of 63
bytes of a DNS label.

> c) I don't think we want A-Labels. It's just going to cause confusion -
> is 商业.中国 the same as xn--vhqr8o.xn--fiqs8s? They always look up the
> same in DNS, after all, by definition. I can't see why we'd think
> allowing them wasn't going to cause problems.

I can not remember that I ever ran into problems caused by A-labels in
domainparts. And hence I assume that the cost of explicitly disallowing
them isn't worth the gain. If we can, we should not make the PRECIS
operations on the domainpart to require anything besides the
"inspection" of every code point, with as less as possible context
around the inspected code point involved.

Note that instead of forbidding A-labels / ACE in domainparts, RFC7622
currently states in § 5.

  XMPP applications MUST support IDNA2008 for domainparts

which I interpret as "use U-labels of your DNS name in the domainpart
(if applicable)".

- Florian

v2.23.0 | Report a Bug | By Email