Content Distribution Network Interconnection (CDNI) Logging Interface
draft-ietf-cdni-logging-27

I am very concerned about the syntax specification here. I'm not convinced it's complete and correct. I am certainly willing to be talked out of my concern, but I think this could use a massive edit by someone who knows ABNF, as well as a discussion about intended contents. Details:

3.1: I always prefer to import the rules you are using simply by reference rather than of copying them. Prevents silly errors.

On these, let's see if you really mean what you say you mean:

      NAMEFORMAT = ALPHANUM *(ALPHANUM / "_" / "-")
      
So, are you really OK with a NAMEFORMAT of "1---___---"? Often what people really want is:

      NAMEFORMAT = ALPHANUM *(["_" / "-"] ALPHANUM)
      
Is that what you want?

On the next bit:

      QSTRING = DQUOTE *NDQUOTE DQUOTE ; where

         NDQUOTE = <any OCTET excluding DQUOTE> / 2DQUOTE ; whereby a
         DQUOTE is conveyed inside a QSTRING unambiguously by repeating
         it.

      NHTABSTRING = *NHTAB ; where

         NHTAB = <any OCTET excluding HTAB, CR and LF>

(By way of formatting, outdent NDQUOTE and NHTAB, and get rid of "; where".)

When you say <any OCTET excluding ...>, is that what you really mean? You want to allow control characters? Seems to me that that is going to introduce a whole new set of security considerations. Also, the fact that you call these things xSTRING sends up a flag for me that you maybe want them to be textual. Are you allowing for things outside of US-ASCII? Section 3.2 seems to say only US-ASCII. Finally, do you really want NDQUOTE to allow for CR, LF, and HTAB? That means that parsers have to be a bit smarter, and the line in 3.2 that says, "Each line ... MUST contain either a directive of a CDNI Logging Record", and the line in 3.4 that says, "CDNI Logging Fields MUST be separated by the HTAB character", both seem bogus. So, assuming you want only US-ASCII and that you don't want CR LF or HTAB in any of these, these should be:

      QSTRING = DQUOTE *NDQUOTE DQUOTE

      NDQUOTE = SP / %x21 / %x23-7E / (DQUOTE DQUOTE)
       ; DQUOTE is conveyed inside a QSTRING unambiguously by repeating
       ; it.

      NHTABSTRING = *NHTAB

      NHTAB = SP / VCHAR

or if you like, simply:

      NHTABSTRING = *( SP / VCHAR )

If you want non-US-ASCII, I'd include UTF-8 and call that out. I can tell you how to do that, but I hope you're not doing that.

If you want CR and LF in both QSTRING and NHTABSTRING, and HTAB in QSTRING, you need to fix the lines in 3.2 and 3.4. If don't want them, you're going to have to describe how to unfold and de-tab the HTTP header field values somewhere.

3.2:

      RECLINE = <CDNI Logging Record> CRLF

      RECGROUP = *RECLINE

      <CDNI Logging File> = 1*<DIRGROUP RECGROUP>
    
These seem kind of a cop-out. Seems like you could easily define RECLINE as:

       RECLINE    = date HTAB time HTAB time-taken HTAB ...
       date       = DATE
       time       = TIME
       time-taken = DEC
       [...]

The last line is nowhere near legitimate ABNF. How about just defining a proper LOGFILE as:

       LOGFILE    = 1*(DIRGROUP RECGROUP)
    
If you're going to bother with ABNF, use ABNF. The explanations can still appear in 3.3 and 3.4.1.

3.3: The top-level ABNF for DIRNAME and DIRVAL give the implementer no help with regard to what is legitimate syntax. You mention the syntax for DIRNAME in 6.1, but that's not where it belongs. At least you should put in:

       DIRNAME = NAMEFORMAT

For DIRVAL, you should probably have at least the most general format of:

       DIRVAL = NHTABSTRING / QSTRING

and then give specifics below. But you could also change 3.2 and say something like:

        DIRGROUP = version
                   uuid
                   [claimed-orig]
                   [established-orig]
                   1*record-type
                   1*fields
                   [integrity-hash]
                   *new-dir

Then in 3.3, you could define:

        version   = "Version:" HTAB "CDNI" "/" 1*DIGIT "." 1*DIGIT
        uuid      = "UUID:" HTAB NHTABSTRING
        ...
        new-dir   = <Newly registered directives>

and indicate that unknown directives must be ignored, or something like that.

This is wrong:

   o  Fields:

      *  format: FIENAME *<HTAB FIENAME>

Angle brackets don't appear like that in ABNF.

3.4: Again, incorrect ABNF, if that's what it's meant to be.

I'm concerned that the information model of this log format encourages the sharing of far more granular information than is justified by the use cases.  All of the use cases in Section 2 are focused on statistical information, in which case collecting things like individual IP addresses and ports is unnecessary.