[apps-discuss] Applications Area Directorate Review of draft-ietf-weirds-using-http-07
Larry Masinter <masinter@adobe.com> Wed, 31 July 2013 12:20 UTC
Return-Path: <masinter@adobe.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27AB421F9D4F; Wed, 31 Jul 2013 05:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.165
X-Spam-Level:
X-Spam-Status: No, score=-6.165 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DJYbFUlTZA5; Wed, 31 Jul 2013 05:20:04 -0700 (PDT)
Received: from exprod6og121.obsmtp.com (exprod6og121.obsmtp.com [64.18.1.237]) by ietfa.amsl.com (Postfix) with ESMTP id 3D99E11E8109; Wed, 31 Jul 2013 05:19:54 -0700 (PDT)
Received: from outbound-smtp-1.corp.adobe.com ([192.150.11.134]) by exprod6ob121.postini.com ([64.18.5.12]) with SMTP ID DSNKUfkA4/lK6gscMteS3sg4ZXgZhqd9jDFZ@postini.com; Wed, 31 Jul 2013 05:20:00 PDT
Received: from inner-relay-1.corp.adobe.com ([153.32.1.51]) by outbound-smtp-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r6VCGKD8003949; Wed, 31 Jul 2013 05:16:20 -0700 (PDT)
Received: from nahub01.corp.adobe.com (nahub01.corp.adobe.com [10.8.189.97]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r6VCJk6A015506; Wed, 31 Jul 2013 05:19:46 -0700 (PDT)
Received: from nambxv01a.corp.adobe.com ([10.8.189.95]) by nahub01.corp.adobe.com ([10.8.189.97]) with mapi; Wed, 31 Jul 2013 05:19:45 -0700
From: Larry Masinter <masinter@adobe.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "draft-ietf-weirds-using-http.all@tools.ietf.org" <draft-ietf-weirds-using-http.all@tools.ietf.org>
Date: Wed, 31 Jul 2013 05:19:43 -0700
Thread-Topic: Applications Area Directorate Review of draft-ietf-weirds-using-http-07
Thread-Index: Ac6Nz4HgsEdEJiu8Snq4ImZz3TCMIw==
Message-ID: <C68CB012D9182D408CED7B884F441D4D3472734D7F@nambxv01a.corp.adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [apps-discuss] Applications Area Directorate Review of draft-ietf-weirds-using-http-07
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 12:20:34 -0000
I have been selected as the Applications Area Directorate reviewer for this draft (for background on appsdir, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-weirds-using-http-07 Title: HTTP usage in the Registration Data Access Protocol (RDAP) Reviewer: Larry Masinter Review Date: 7/31/2013 IETF Last Call Date: [include if known] IESG Telechat Date: On agenda of 2013-08-15 IESG telechat Summary: The document needs quite a bit of editorial work, but the protocol itself seems OK, modulo a few questions. Major Issues/Minor issues: I think the document suffers enough editorial confusion that they rise to the level of "Major" Please define what "Registration Data" is on first use. Please define what "Registration Data Directory Services" are. Please supply a reference for "RESTful" Please explain what you mean by "better" in: "By giving the various Directory Services common behavior, a single client is better able to retrieve data from Directory Services adhering to this behavior." Better how? Please explain or give an example about what is insufficient in: "the WHOIS protocol is insufficient to modern registration data service requirements." The sentence ” Where complexity may reside, it is the goal of this document..." is awkward, suggest just striking "Where complexity may reside". Please explain who "SSAC" is and why their opinion about WHOIS is relevant. in " As is noted in SSAC Report ..." Please give a reference for RDAP Section 2 Terminology: " In this document, an RDAP client is an HTTP User Agent performing an RDAP query, and an RDAP server is an HTTP server providing an RDAP response. RDAP query and response formats are described in other documents in the collection of RDAP specifications, while this document describes how RDAP clients and servers use HTTP to exchange queries and responses." I think you're defining a way of layering RDAP-like functionality using HTTP instead of something lower level. This doesn't seem like "terminology" -- this document defines a kind of RDAP client and a kind of RDAP server. Section 3 "Design Intents" Neither "design intents" or "design ctriteria" seems to fit what you're talking about. "Design constraints"? "Design considerations" ? Notable "design decisions" ? I don't understand whether restricting responses to zero or one result is a difficult or onerous constraint. "First, each query is meant ..." Each RDAP query itself? In all RDAP applications ever? If not, in what circumstances? Which RDAP queries have this constraint? Is it the "semantics" of the "request/response" that allows for future response formats? I think you're saying something about the protocol being extensible in the future to allow other formats than JSON. Moving "including cache control, authorization, compression, and redirection" to after "HTTP offers a number of mechanisms" (surrounded by parentheses) will make the sentence clearer. However, I'm not convinced that you can avoid giving more specific advice about how cache control, authorization, compression and redirection work with RDAP. For example, the cache-busting section indicates that cache control headers aren't sufficient. How will RDAP over HTTP work on a hotel network which redirects HTTP requests each day at noon? " an RDAP specific JSON media type, the generic JSON media type, or both." Please be explicit "application/json" for "the generic JSON media type" and give an explicit example of "an RDAP specific JSON media type" and provide references where those are defined. 5.1 Positive Answers can you be more explicit about what kind of response is expected? Please address the use of HTTPS with TLS vs. HTTP. I question the use of 404 Not Found to indicate "no information regarding the query", since it doesn't distinguish between "no information" and "wrong query". Please be more explicit about "a RDAP-HTTP Server" rather than "a server" in 5.3, 5.4 etc. " Optionally, it MAY include additional information regarding the negative answer in the HTTP entity body." how can this be used interoperably with such little specified? I admit I am baffled by the Extensibility section 6, since I can't see how it allows extensions.... for what? Under what cicumstances? How do you distinguish between known and unknown extensions? Section 7: Security Considerations Normally, a security considerations section might outline threats and mitigations for them. This section doesn't seem to. Section 9.1 URIs and IRIs This is confusing, of course clients can use whatever internally they want. How is a "URI" used in a response? The response is RDAP information. Transforming URIs to IRIs is a potentially buggy heuristic process and should not be recommended here. 9.2 "Under most scenarios" -- a few scenarios would be helpful.
- [apps-discuss] Applications Area Directorate Revi… Larry Masinter
- Re: [apps-discuss] Applications Area Directorate … Olaf Kolkman
- Re: [apps-discuss] Applications Area Directorate … Barry Leiba
- Re: [apps-discuss] Applications Area Directorate … Barry Leiba
- Re: [apps-discuss] Applications Area Directorate … Barry Leiba
- Re: [apps-discuss] Applications Area Directorate … Olaf Kolkman
- Re: [apps-discuss] Applications Area Directorate … Andy Newton
- Re: [apps-discuss] Applications Area Directorate … Martin J. Dürst
- Re: [apps-discuss] Applications Area Directorate … Mark Baker
- Re: [apps-discuss] Applications Area Directorate … Spencer Dawkins