Request for review

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Request for review

Frank Ellermann-3
URI scheme name:
   pack
Status:
   historical
URI scheme syntax:
   There was no pack: syntax compatible with STD 66, cf.
   <http://www.ietf.org/mail-archive/web/uri-review/current/msg00678.html>,
   <http://www.ietf.org/mail-archive/web/uri-review/current/msg00548.html>.
URI scheme semantics:
   n/a due to a lack of STD 66 syntax.
Encoding considerations:
   The pack: encoding assumed US-ASCII after un-escaping percent-encoded
   characters in an encapsulated <authority> (4.c in the expired drafts)
   and case-insensitive US-ASCII in the <path> (5.c in the expired drafts).
Applications/protocols that use this URI scheme name:
   The pack: scheme could not be used as an URI scheme in applications
   or protocols.  Other uses of pack: are noted in the expired drafts.
Interoperability considerations:
   All URI schemes have to follow the generic STD 66 syntax, as that was
   not the case for pack: any "interoperability" would be by the chance
   of similarly broken implementations.
Security considerations:
   The generic and overall URI syntax is specified in STD 66, anything
   else (not limited to pack:) is no URI and could cause havoc, compare
   <http://www.kb.cert.org/vuls/id/358017>.
Contact:
   <[hidden email]> and <[hidden email]> mailing lists.
Author/Change controller:
   IESG (the transition from a "provisional" to "historical" status is
   not covered by BCP 35 section 5.3; maybe the pack: scheme could be
   simply identified as "non-URI" and removed from the scheme registry).
References:
   STD 66 (RFC 3986), I-D.shur-pack-uri-scheme-05 (same as -03 and -04).

Reply | Threaded
Open this post in threaded view
|

Re: [Uri-review] Request for review

Mykyta Yevstifeyev
Frank, all,

20.08.2011 10:25, Frank Ellermann wrote:
> [ . . . ]
>
> Author/Change controller:
>     IESG (the transition from a "provisional" to "historical" status is
>     not covered by BCP 35 section 5.3; maybe the pack: scheme could be
>     simply identified as "non-URI" and removed from the scheme registry).

I suppose this is the best possible way, even despites RFC 4395 has no
mention of how this can be done.  As you've mentioned before, 'pack'
URIs aren't 3986-compatible; this means that they aren't URIs in context
of the current in-force-standard.  Anyway, Andrey Shur was declared to
be "Change controller", and he will have to accept such action.  I'm
cc'ing this message to [hidden email]; so
let's wait the authors to act.

Mykyta

> References:
>     STD 66 (RFC 3986), I-D.shur-pack-uri-scheme-05 (same as -03 and -04).
> _______________________________________________
> Uri-review mailing list
> [hidden email]
> https://www.ietf.org/mailman/listinfo/uri-review
>


Reply | Threaded
Open this post in threaded view
|

Re: Request for review

Bjoern Hoehrmann
In reply to this post by Frank Ellermann-3
* Frank Ellermann wrote:
>Security considerations:
>   The generic and overall URI syntax is specified in STD 66, anything
>   else (not limited to pack:) is no URI and could cause havoc, compare
>   <http://www.kb.cert.org/vuls/id/358017>.

This would need to elaborate on how VU#358017 is relevant here.
--
Björn Höhrmann · mailto:[hidden email] · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Reply | Threaded
Open this post in threaded view
|

Re: Request for review

Frank Ellermann-3
On 23 August 2011 17:57, Bjoern Hoehrmann wrote:

>>Security considerations:
>>   The generic and overall URI syntax is specified in STD 66, anything
>>   else (not limited to pack:) is no URI and could cause havoc, compare
>>   <http://www.kb.cert.org/vuls/id/358017>.

> This would need to elaborate on how VU#358017 is relevant here.

A registration template isn't a good place to discuss problems caused by
non-URIs interpreted as URIs.  VU#358018 had nothing to do with "pack:",
it is an example that problems with broken URIs are not only theoretical.
I suggest to remove that example instead of elaborating it, see below.

-Frank

--------------------------------------------------------------------------
URI scheme name:
  pack
Status:
  historical
URI scheme syntax:
  There was no pack: syntax compatible with STD 66, cf.
  <http://www.ietf.org/mail-archive/web/uri-review/current/msg00678.html>,
  <http://www.ietf.org/mail-archive/web/uri-review/current/msg00548.html>.
URI scheme semantics:
  n/a due to a lack of STD 66 syntax.
Encoding considerations:
  The pack: encoding assumed US-ASCII after un-escaping percent-encoded
  characters in an encapsulated <authority> (4.c in the expired drafts)
  and case-insensitive US-ASCII in the <path> (5.c in the expired drafts).
Applications/protocols that use this URI scheme name:
  The pack: scheme could not be used as an URI scheme in applications
  or protocols.  Other uses of pack: are noted in the expired drafts.
Interoperability considerations:
  All URI schemes have to follow the generic STD 66 syntax, as that was
  not the case for pack: any "interoperability" would be by the chance
  of similarly broken implementations.
Security considerations:
  The generic and overall URI syntax is specified in STD 66, anything
  else (not limited to pack:) is no URI and could cause havoc.
Contact:
  <[hidden email]> and <[hidden email]> mailing lists.
Author/Change controller:
  IESG (the transition from a "provisional" to "historical" status is
  not covered by BCP 35 section 5.3; maybe the pack: scheme could be
  simply identified as "non-URI" and removed from the scheme registry).
References:
  STD 66 (RFC 3986), I-D.shur-pack-uri-scheme-05 (same as -03 and -04).

Reply | Threaded
Open this post in threaded view
|

Re: Request for review

Bjoern Hoehrmann
* Frank Ellermann wrote:
>A registration template isn't a good place to discuss problems caused by
>non-URIs interpreted as URIs.  VU#358018 had nothing to do with "pack:",
>it is an example that problems with broken URIs are not only theoretical.
>I suggest to remove that example instead of elaborating it, see below.

(Removing the reference removes my concern about it.)
--
Björn Höhrmann · mailto:[hidden email] · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/