Re: [mile] Working group last call for XMPP-grid
Dave Cridland <dave@cridland.net> Thu, 20 April 2017 16:12 UTC
Return-Path: <dave@cridland.net>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3CD8127871 for <mile@ietfa.amsl.com>; Thu, 20 Apr 2017 09:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-j1VjgbUBDL for <mile@ietfa.amsl.com>; Thu, 20 Apr 2017 09:12:11 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67AFE1287A3 for <mile@ietf.org>; Thu, 20 Apr 2017 09:12:11 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id r190so52726992wme.1 for <mile@ietf.org>; Thu, 20 Apr 2017 09:12:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Qts5oE8PEALEjAevpUcpILpetDeYs8+Ezwl0JpRsqMo=; b=PE1mwiVIZKzyPFeb5QMLFcXfq9kKGsWAZZhthtIw2al8FnCRYFmN2h09/MNQQTpzQC jpK/ek9Y7qOThv55r79+hK2FcnFQt3dFSaumxmKU61wqlO+R+TUwAukgvRE7p0aJNI7p lzJsYLTqnghWdNEThAxvJF6LVwDkthRIp8yA4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Qts5oE8PEALEjAevpUcpILpetDeYs8+Ezwl0JpRsqMo=; b=T/BtiL+uFD1wMtfTHPGZtbPPX/Q/VWLkP7UzpE/iChli90m3LJQyJb0AuEBL0QJUKP 3OBOWAYi6kUn8ivIN+8sEhbmU1xxvoRDWZlK76a/7ssvW/UlJGOSY9/NwI/1ZWm+oNKb vr7lqcRe0+FIsVtjhuF/EjQOIvOEncs1LHxiiWlbHXQMpha90nSrHr0C4PonDoNakZ7C FgjQBBcFsmkNdOKcmL6w832KRrdAgpC8pA3qfvHmFoo/L3M4fP7C0p/jP5JzVInAXMr0 PwtcCu2kmBrDDOEpw8pS/e5OvhTrVYOJP9VdPnFkEoTAyURp9ptuC9zIDn5RBrhDJ6cg 4SLw==
X-Gm-Message-State: AN3rC/7RLHfmwbakAK33oIy4aTdOndDjegU2ZXSkDhAP7bq2cG5bQ1Z1 +8GHkb3wx2XGHuWo/pbAH9mmigmylnjrajM=
X-Received: by 10.28.226.11 with SMTP id z11mr3876229wmg.91.1492704729819; Thu, 20 Apr 2017 09:12:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.136.53 with HTTP; Thu, 20 Apr 2017 09:12:09 -0700 (PDT)
In-Reply-To: <000901d2a9d1$eaff3ae0$c0fdb0a0$@nict.go.jp>
References: <000901d2a9d1$eaff3ae0$c0fdb0a0$@nict.go.jp>
From: Dave Cridland <dave@cridland.net>
Date: Thu, 20 Apr 2017 17:12:09 +0100
Message-ID: <CAKHUCzxNUxp15cHXfDA=tZMjYM8EhnsnNVV=TGG4fx_-z_CmEg@mail.gmail.com>
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
Cc: mile@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/EKFnWNrMwLmqijC_HJSCGSC89OQ>
Subject: Re: [mile] Working group last call for XMPP-grid
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 16:12:14 -0000
Folks, TL/DR: This shouldn't be published, possibly ever, certainly not in its current state. I remain bewildered as to what this specification offers above and beyond XEP-0060, and I cannot implement from this specification. This is, in part, because the document is written in essentially two parts - one describes how good it'll be once you've got it, and the other has some very lightweight sketches of what the protocol might look like if it were specified, and most of those appear to be reinventions of existing XMPP protocol extensions. An example is registration. The authors have elected to write their own registration protocol, rather than use XEP-0077. Perhaps this is needed, but it's not clear because the behaviour of a Controller when given a registration request isn't specified. I have no idea what a Controller is meant to do with the registration. Maybe register. But if I don't, does it work anyway? Who knows. It's in an XML namespace which appears to be, at best non-traditional, at worst illegal. The register element, despite being empty, is spelt out "in full" with both opening and closing tags, which seems odd - perhaps the serializer used does this and it's a cut and paste. Then there's a "login" and "logout". A "login" looks reasonable modulo the horrible use of incorrect XML namespacing, though again I have absolutely no idea what it might do, and what the requirement is here. The login result, on the other hand, is special - it's placed in the default namespace (ie, xmlns=""), which really should not be used. It contains a <value/> element, with a default-namespaced attribute. I didn't even know that was legal, so I'm impressed. The meaning of <value/>, and whether xsi:nil can also be set to "false", is not explained. Perhaps that's obvious. Typically, in XMPP, we have used presence to indicate client availability - but without knowing whether this is what's intended with the login/logout construct, I have no idea if that meets the requirements - it's only mentioned in passing in §2.4. The "getCapabilityListRequest", which is also in the default namespace, is another example of reinventing a perfectly serviceable wheel. XEP-0030 includes a full suite of discovery, and for that matter the XMPP community has been using "versioned" namespaces to offer parallel revisions of services for many years, with much success. In this entirely new capability discovery, however, the response includes a set of triples of "id", "name", and "version". None of these are explained. The example contains a lengthy list of capabilities, none of which seem to be documented anywhere. Next up - sorry, there's nothing so simple as section numbers here - there's DiscoveryQuery, which looks suspiciously like it might be a rendition of Java introspection over XMPP. It says it responds with a hostname; it doesn't, instead it responds with a Jid. Again, this kind of discovery is supported within XEP-0030 - it's a disco#items request, so not search-based, but the functionality is there nonetheless, and certainly doesn't need rewriting from scratch. Publisher registration is, I think, new - XEP-0060 does not have anything similar that I can immediately think of. Subscription, on the other hand, is very much within XEP-0060. I have literally no idea why this isn't used. Publishing actually does, here, use XEP-0060 - though no mention of the fact is made, and there's no documentation of the payload format. The security considerations section seems mostly OK, but please note that §5.3.1 suddenly decides to replace the transport layer with HTTP, which is mildly confusing to say the least. How we're supposed to authenticate over XMPP using an HTTP authentication mechanism is unknown. So what we have here is a vast amount of NIH, plus - if my understanding is correct - one added feature, that'd make a two-page XEP. This is *not* to say that XMPP has no place in CTI sharing; in fact I think it's very useful. But by departing from existing, well-defined XMPP protocol extensions, this specification promptly loses many advantages. As an example, while XEP-0060 provides a reasonably complete pubsub service on its own, it can be enhanced by XEP-0314 into permitting originator-controlled data labelling, which in turn can be used for access control, highly useful in federated environments. Instead of poorly describing a new protocol extension which duplicates existing work, it'd be much better if the document described how to use existing protocol effectively - and indeed, where the document is doing so, it works well. Dave. (Personal opinion, not as XMPP Council or XMPP Standards Foundation). On 31 March 2017 at 04:50, Takeshi Takahashi <takeshi_takahashi@nict.go.jp> wrote: > Hello all, > > This is a WGLC for draft-ietf-mile-xmpp-grid. > The version to be reviewed is > https://tools.ietf.org/id/draft-ietf-mile-xmpp-grid-02.txt > > We will have 1 month for this call. > Please provide comments before May 1st and provide your support and/ or > raise any issue you feel are yet to be addressed. > > Thank you. > Take > > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile
- Re: [mile] Working group last call for XMPP-grid Panos Kampanakis (pkampana)
- Re: [mile] Working group last call for XMPP-grid Dave Cridland
- Re: [mile] Working group last call for XMPP-grid Adam Montville
- Re: [mile] Working group last call for XMPP-grid Peter Saint-Andre
- Re: [mile] Working group last call for XMPP-grid Dave Cridland
- Re: [mile] Working group last call for XMPP-grid Nancy Cam-Winget (ncamwing)
- Re: [mile] Working group last call for XMPP-grid Nancy Cam-Winget (ncamwing)
- Re: [mile] Working group last call for XMPP-grid Nancy Cam-Winget (ncamwing)
- Re: [mile] Working group last call for XMPP-grid Henk Birkholz
- [mile] Working group last call for XMPP-grid Takeshi Takahashi