headers
Lisa Dusseault | 3 Aug 22:26
Favicon

Lisa's Apps Area Activity for July 2007


Report on BoFs attended in Chicago
HTTPBis BOF: sufficient interest, though not overwhelming, in issuing a fixit revision to RFC2616, plus possible work on cookies and on HTTP-related security issues.  Will be seeking volunteers for editing and proposed WG chairs.

VCardDAV BOF: sufficient interest, again not overwhelming, in revising VCard and working on vCardDAV.  (Chris is responsible AD for this and BIFF BOF)

BIFF BOF -- Notifications from Mail Stores: Good discussion on feasibility of doing filtering according to model proposal; definite interest in solving some unspecified use cases and on working to define those use cases and confirm they're of shared interest.


Document Status and Progress

Active Documents: my action
 - draft-saintandre-rfc4622bis: need to do AD evaluation
 - draft-snell-atompub-bidi: need to do AD evaluation and learn about implementations
 - draft-snell-atompub-feature: need to do AD evaluation and learn about implementations
 - draft-saintandre-jabberid: following up on AD evaluation
- draft-ietf-sieve-3028bis: IESG Evaluation phase,  work with Cullen and doc shepherd on multiple redirect issues
 - draft-montemurro-gsma-imei-urn: IESG Evaluation phase,  working with Cullen on DISCUSS and with authors on Informational status and how many URNs to register

Stalled or waiting on other
- draft-crispin-collation-unicasemap: Finished IETF Last Call, waiting for revision (Mark)
- draft-hartman-webauth-phishing: Finished IETF Last Call, waiting for an IESG Evaluation telecon
 - draft-ietf-sieve-body: Finished IETF Last Call, waiting for revision (Philip).
 - draft-ietf-lemonade-rfc2192bis:  finished IETF Last Call and subsequent revision, waiting for IESG Eval telecon
 - draft-ietf-imapext-sort:  Still stalled waiting on unicasemap document 
 - draft-crocker-rfc4234bis: Finished IESG Evaluation, waiting for author to resolve LWSP issue raised in IETF Last Call and IESG Evaluation (Dave or Paul)
 - draft-ietf-widex-requirements: WIDEX closed, this is now an individual submission and soon to be put in stasis. 

Finished processing - RFC queue mostly
- draft-ietf-atompub-protocol:  IESG approved, in RFC queue.
 - draft-nottingham-atompub-feed-history-11.txt :  Entered RFC queue 
 ... 13 sponsored or shepherded documents in RFC queue including above two just added.

WG quick status
WIDEX: Closed.
USEFOR: trundling along on USEPRO issues
SIEVE: processing several active documents
IMAPEXT: Quiescent, waiting on busy authors.
ATOMPUB: Basically finished!
CALSIFY: Finishing RFC2445bis and doing work on iTIP
Permalink | Reply | 0 comments |
headers
Lisa Dusseault | 5 Aug 19:34
Favicon

Fwd: Last Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard

FYI - a fix to allowed characters and their escaping.

lisa

Begin forwarded message:

Date: August 4, 2007 12:42:53 PM PDT
To: IETF-Announce <ietf-announce <at> ietf.org>
Subject: Last Call: draft-saintandre-rfc4622bis (Internationalized  Resource Identifiers (IRIs) and Uniform Resource Identifiers  (URIs) for the Extensible Messaging and Presence Protocol  (XMPP)) to Proposed Standard 

The IESG has received a request from an individual submitter to consider
the following document:

- 'Internationalized Resource Identifiers (IRIs) and Uniform Resource 
   Identifiers (URIs) for the Extensible Messaging and Presence Protocol 
   (XMPP) '
   <draft-saintandre-rfc4622bis-01.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf <at> ietf.org mailing lists by 2007-09-01. Exceptionally, 
comments may be sent to iesg <at> ietf.org instead. In either case, please 
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via


IESG discussion can be tracked via


_______________________________________________
IETF-Announce mailing list

Permalink | Reply | 0 comments |
headers
Eliot Lear | 14 Aug 12:43
Picon
Favicon

[Fwd: Notes from VCardDAV BOF]

Dear all,

Attached minutes that Lisa took for the vcarddav BOF at IETF 69.  The 
BoF chairs would like to thank those who participated, and in 
particular, the presenters.  If you attended, could you please take a 
moment to review Lisa's notes?  These will be the basis for the BoF minutes.

Regards,

Eliot
Favicon
From: Lisa Dusseault <lisa <at> osafoundation.org>
Subject: Notes from VCardDAV BOF
Date: 2007-07-26 21:11:43 GMT

VCardDAV BoF

1.  Cyrus Daboo presented "VCard Issues".  

Even though VCARD 3.0 has been around for nine years, many mobile devices still use the old 2.1 specification, either alone or with non-IETF extensions.  Some of the issues a WG could deal with include a lack of internationalization support, a few issues that have been found to be ambiguous, and a clear extensibility model.  

Cyrus proposes to do one new document merging RFC2425 and RFC2426 into one, in which extensions become part of the core proposal.  A new MIME type could advertise proper UTF/8 support.  An XML-based variant of vCard would be good to define -- one in which the semantics are identical and mapping can be automated -- because XML-formatted vCards are already in use at least in XMPP.

Announcement: vCard workshop is planned by the CalConnect consortium, September 18th 2007 (see http://www.calconnect.org/vcardworkshop.shtml  ).

2.  Cyrus Daboo on CardDAV

Generally, an access protocol for vCard could easily follow the model of CalDAV.  There's already been some comments leading to somewhat different syntax, but no argument over the basic architecture. Some of the longstanding WebDAV functional alternatives come up here again, like HTTP caching and whether the data of a vcard should be treated as resource content (body) or properties (metadata).  

Both CalDAV and CardDAV could use better synchronization functionality.  One approach is described in draft-daboo-webdav-sync-00, which also covers non-application-specific use cases.  A feature that would avoid polling the server to see changes would be good too.  Otherwise, CardDAV would actually be simpler than CalDAV because there are fewer complicating issues such as recurrences and timezones.

A mailing list has been set up at vcarddav <at> ietf.org.
Comments:
 - Rohan Mahy pointed out the draft he authored with notification mechanisms for HTTP resources, which could apply to WebDAV collections or CardDAV resources.

3.  Alexey Melnikov: LDAP and vCard

Could we use LDAP as an access protocol for vCards?  It's good for partial retrieval of this kind of information.  Many vCard properties map one-to-one to standard LDAP attributes already.  

On the other hand, vCard allows all kinds of extensibility which LDAP does not.  Similarly there are LDAP attributes that can't be represented in vCard. The InetOrgPerson is the closest LDAP object class to a vCard, and this is not a standard (although that could be fixed).

Perhaps most importantly on the "con" side of using LDAP for this purpose, write access is not common on LDAP servers.  It's a matter of policy often to keep corporate directory information carefully regulated.  We assume that we'll need write access so that people can store their address books containing all kinds of arbitrary entries, not just corporate directory entries.   

People's address books, today commonly stored locally in vCard format and varations, commonly contain not only cards for people and organizations and places well beyond just one organization, but they also contain more than one contact number or address for certain people.  LDAP is more tailored to one organization, so it does not provide a natural way of providing both a "work" and  a "home" address for an individual. 

Comments
 - Cyrus Daboo pointed out that we will need vCard mapping.  A system where the LDAP directory is exposed as a read-only address book in CardDAV is quite easy to imagine.  Alexey added that there are already email clients that can fetch address books from LDAP although they can't edit those.
 - Kurt Zeilenga says that LDAP is good for storing blobs, but as soon as you want to do stuf with blobs it's not as good.
 - Dave Crocker asked a clarification of whether we were proposing of defining a generic vCard/LDAP mapping to support existing use cases, but not turn LDAP into a data model for storing an address book because it would be a crippled mechanism.  Asked for clarification of the LDAP writeability issue.
 - Leif Johansen asked about whether mappings can be completely automated?

4.  Discussion of Proposed Charter

The charter was posted to the Apps Discuss mailing list.  Chris asked that it be reposted to the vcarddav mailing list.  Kurt pointed out that we may get participation from people not yet in this room, at the CalConnect workshop and from OMA.  

Comments:
 - ??? questioned 
 - Cyrus Daboo points out that there will be OMA people at the CalConnect workshop.
 - Rohan Mahy: The charter needs to say whether synchronization is in or out of scope.  

CONSENSUS CALLs: 

CALL: Is this work that is appropriate for the IETF to undertake?  Consensus in favour.

CALL: Who in this room will actively contribute to the effort if it becomes an IETF effort?  Significant portion of the room was interested in contributing.

CALL: Is the LDAP mapping appropriate IETF work? Consensus yes.

CALL: Who would contribute? Only a couple hands.

CALL: Is developing a vCard access protocol IETF work?  Consensus yes

CALL: Who would contribute?  half dozen hands.

Pete Resnick, Alexey Melnikov and Dave Crocker volunteered to edit the vCard base spec.

Eliot asked also for volunteers for a chair of the WG to speak to Chris Newman.  Chris will be looking for a process chair and a newbie chair. 


Permalink | Reply | 0 comments |
headers
Mark Nottingham | 20 Aug 05:39
Favicon
Gravatar

Re: Straw-man charter for http-bis

http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i74

On 10/06/2007, at 6:05 PM, Martin Duerst wrote:

> - RFC 2616 prescribes that headers containing non-ASCII have to use
>   either iso-8859-1 or RFC 2047. This is unnecessarily complex and
>   not necessarily followed. At the least, new extensions should be
>   allowed to specify that UTF-8 is used.

--
Mark Nottingham     http://www.mnot.net/
Permalink | Reply | 0 comments |
headers
Mark Nottingham | 20 Aug 05:40
Favicon
Gravatar

Character encodings in headers [i74][was: Straw-man charter for http-bis]

On 10/06/2007, at 6:05 PM, Martin Duerst wrote:
> - RFC 2616 prescribes that headers containing non-ASCII have to use
>   either iso-8859-1 or RFC 2047. This is unnecessarily complex and
>   not necessarily followed. At the least, new extensions should be
>   allowed to specify that UTF-8 is used.

My .02;

I'm concerned about allowing UTF-8; it may break existing  
implementations.

I'd like to see the text just require that the actual character set  
be 8859-1, but to allow individual extensions to nominate encodings  
*like* 2047,without being restricted to it. For example, the encoding  
specified in 3987 is appropriate for URIs. However, it *has* to be  
explicit; I've heard some people read this requirement and think that  
they need to check *every* header for 2047 encoding.

So, I think this means;

1) Change
   "Words of *TEXT MAY contain characters from character sets other  
than ISO-8859-1 [22] only when encoded according to the rules of RFC  
2047 [14]."
to
   "Words of *TEXT MUST NOT contain characters from character sets  
other than ISO-885901 [22]."
and,

2) Identify headers that may have non-8859 content and explicitly say  
how to encode them (IRI, 2047, whatever; the existing ones will have  
to be 2047, I believe), modifying their BNF to suit.

3) When we document extensibility, require new headers to nominate  
any encoding explicitly.

--
Mark Nottingham     http://www.mnot.net/
Permalink | Reply | 15 comments |
headers
Keith Moore | 20 Aug 08:56
Picon

Re: Character encodings in headers [i74][was: Straw-man charter for http-bis]

Mark Nottingham wrote:
> On 10/06/2007, at 6:05 PM, Martin Duerst wrote:
>> - RFC 2616 prescribes that headers containing non-ASCII have to use
>>   either iso-8859-1 or RFC 2047. This is unnecessarily complex and
>>   not necessarily followed. At the least, new extensions should be
>>   allowed to specify that UTF-8 is used.
>
> My .02;
>
> I'm concerned about allowing UTF-8; it may break existing
> implementations.
concur.  though at least it is possible to distinguish utf-8 from 8859-1. 

also, I'll note that supporting utf-8 in a way that is backward
compatible with existing implementations is almost certainly more
complex (and thus more costly, error-prone, etc) than supporting rfc 2047.
>
> I'd like to see the text just require that the actual character set be
> 8859-1, but to allow individual extensions to nominate encodings
> *like* 2047,without being restricted to it. For example, the encoding
> specified in 3987 is appropriate for URIs. However, it *has* to be
> explicit; I've heard some people read this requirement and think that
> they need to check *every* header for 2047 encoding.
2047 was specifically not intended for use with protocol elements that
have meaning to protocol engines.  how many HTTP headers contain text
that is intended solely for human use?
Permalink | Reply | 2 comments |
headers
John C Klensin | 20 Aug 09:22

Re: Character encodings in headers [i74][was: Straw-man charter for http-bis]


--On Monday, 20 August, 2007 13:40 +1000 Mark Nottingham
<mnot <at> mnot.net> wrote:

> On 10/06/2007, at 6:05 PM, Martin Duerst wrote:
>> - RFC 2616 prescribes that headers containing non-ASCII have
>> to use either iso-8859-1 or RFC 2047. This is unnecessarily
>>   complex and not necessarily followed. At the least, new
>>   extensions should be allowed to specify that UTF-8 is used.
> 
> My .02;
> 
> I'm concerned about allowing UTF-8; it may break existing
> implementations.

And whatever is done about it should be consistent with the EAI
work.  Otherwise, we are likely to find ourselves in big trouble
going down the line.

> I'd like to see the text just require that the actual
> character set be 8859-1, but to allow individual extensions to
> nominate encodings *like* 2047,without being restricted to it.
> For example, the encoding specified in 3987 is appropriate for
> URIs. However, it *has* to be explicit; I've heard some people
> read this requirement and think that they need to check
> *every* header for 2047 encoding.

Sigh.  My own sense is that, going forward, we need to lose
8859-N, not make it the default (or only) character set for more
protocols.  It is, to put it mildly, a little Euro-centric (and
not even completely suitable for Europe).  Much of the advantage
of Unicode is that one does not need to designate/ nominate a
particular CCS or encoding and then maintain state for it... and
that is a fairly large advantage.  See also
draft-klensin-unicode-escapes-03.txt(probably expired, but you
should be able to find a copy somewhere -- I'll get back to it
sometime soon) for a discussion of issues in ASCII encoding of
multioctet character sets.   The IRI spec may constrain things
to encoding of octets, but that doesn't make it a good idea.

If we are going to consider changes in this area, let's make
them improvements.  Locking in 8859-1 is not an improvement: it
would, IMO, be better to deprecate its use and require explicit
charset designation always if that is the only choice.

     john
Permalink | Reply | 8 comments |
headers
Clive D.W. Feather | 20 Aug 09:54

Re: Character encodings in headers [i74][was: Straw-man charter for http-bis]

John C Klensin said:
> If we are going to consider changes in this area, let's make
> them improvements.  Locking in 8859-1 is not an improvement: it
> would, IMO, be better to deprecate its use

+1

--

-- 
Clive D.W. Feather  | Work:  <clive <at> demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive <at> davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
THUS plc            |                            |
Permalink | Reply | 0 comments |
headers
Martin Duerst | 20 Aug 09:54
Picon
Gravatar

Re: Character encodings in headers [i74][was: Straw-man charter for http-bis]

Hello Mark,

Thanks for giving this an issue number.

At 12:40 07/08/20, Mark Nottingham wrote:
>On 10/06/2007, at 6:05 PM, Martin Duerst wrote:
>> - RFC 2616 prescribes that headers containing non-ASCII have to use
>>   either iso-8859-1 or RFC 2047. This is unnecessarily complex and
>>   not necessarily followed. At the least, new extensions should be
>>   allowed to specify that UTF-8 is used.
>
>My .02;
>
>I'm concerned about allowing UTF-8; it may break existing  
>implementations.
>
>I'd like to see the text just require that the actual character set  
>be 8859-1, but to allow individual extensions to nominate encodings  
>*like* 2047,without being restricted to it.

What do you mean by "encodings *like* 2047"? And why do you think
that UTF-8 may break existing implementations? UTF-8 has virtually
the same footprint in terms of bytes as ISO-8859-1: All bytes
above 0x7F may be used. Implementations that have to deal with
ISO-8859-1 usually do this by just being 8-bit-transparent;
that works for UTF-8, too.

If your opinion is that UTF-8 cannot be allowed at all, then
that's going to be a problem for cases where it's already in
use, see e.g. earlier posts in the http list.

It's easy to say "may break existing implementations",
but in over 10 years of being involved in the Web, I haven't
heard about that happening. If you or anybody have, please
speak up.

>For example, the encoding  
>specified in 3987 is appropriate for URIs.

As one of the authors of RFC 3987, I know what you mean, but
"the encoding specified in 3987" wouldn't be enough for a spec.
Also, it's not really very well suited to the job, because
%hh-encoding is used to escape any bytes, not only UTF-8,
and there is a considerably length increase for some scripts.

>However, it *has* to be  
>explicit; I've heard some people read this requirement and think that  
>they need to check *every* header for 2047 encoding.

I have read it that way, too. If it can be safely argued that
it was never intended that way, and that no harm is produced
if this is restricted, then I'd befine with restricting it,
because checking everything for 2047 is indeed tough, but
I'd really like to make sure that this isn't creating problems.
(i.e. that a careful examination of the various headers makes
some reasonably conservative assumptions).

>So, I think this means;
>
>1) Change
>   "Words of *TEXT MAY contain characters from character sets other  
>than ISO-8859-1 [22] only when encoded according to the rules of RFC  
>2047 [14]."
>to
>   "Words of *TEXT MUST NOT contain characters from character sets  
>other than ISO-885901 [22]."
>and,
>
>2) Identify headers that may have non-8859

There are many parts to ISO-8859, not just ISO-8859-1.

>content and explicitly say  
>how to encode them (IRI, 2047, whatever; the existing ones will have  
>to be 2047, I believe), modifying their BNF to suit.
>
>3) When we document extensibility, require new headers to nominate  
>any encoding explicitly.

If that includes UTF-8, I'd be fine with it. If it excludes
UTF-8, I think that would be a problem.

Regards,    Martin.

#-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
#-#-#  http://www.sw.it.aoyama.ac.jp       mailto:duerst <at> it.aoyama.ac.jp
Permalink | Reply | 2 comments |
headers
Martin Duerst | 20 Aug 10:10
Picon
Gravatar

Re: Character encodings in headers [i74][was: Straw-man charter forhttp-bis]

At 15:56 07/08/20, Keith Moore wrote:
>Mark Nottingham wrote:
>> On 10/06/2007, at 6:05 PM, Martin Duerst wrote:
>>> - RFC 2616 prescribes that headers containing non-ASCII have to use
>>>   either iso-8859-1 or RFC 2047. This is unnecessarily complex and
>>>   not necessarily followed. At the least, new extensions should be
>>>   allowed to specify that UTF-8 is used.
>>
>> My .02;
>>
>> I'm concerned about allowing UTF-8; it may break existing
>> implementations.
>concur.  though at least it is possible to distinguish utf-8 from 8859-1. 

In practice indeed this can be done with high reliability; please
see http://www.ifi.unizh.ch/mml/mduerst/papers/PDF/IUC11-UTF-8.pdf
for details. For iso-8859-1, see in particular p. 21.

>also, I'll note that supporting utf-8 in a way that is backward
>compatible with existing implementations is almost certainly more
>complex (and thus more costly, error-prone, etc) than supporting rfc 2047.

Well, if "backwards compatible" means also supporting RFC 2047,
then that's a tautology. If the choice is between UTF-8 and RFC 2047,
however, then I'd take UTF-8 any time, because RFC 2047 includes
UTF-8 as well as many other encodings.

Regards,    Martin.

#-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
#-#-#  http://www.sw.it.aoyama.ac.jp       mailto:duerst <at> it.aoyama.ac.jp
Permalink | Reply | 1 comment |

Gmane