Skip to main content

URI Fragment Identifiers for the text/plain Media Type
draft-wilde-text-fragment-09

Revision differences

Document history

Date Rev. By Action
2012-08-22
09 (System) post-migration administrative database adjustment to the No Objection position for Lisa Dusseault
2012-08-22
09 (System) post-migration administrative database adjustment to the No Objection position for Tim Polk
2007-11-28
09 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2007-11-28
09 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2007-11-28
09 (System) IANA Action state changed to In Progress from Waiting on Authors
2007-11-27
09 (System) IANA Action state changed to Waiting on Authors from In Progress
2007-11-27
09 (System) IANA Action state changed to In Progress
2007-11-27
09 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2007-11-26
09 Amy Vezza IESG state changed to Approved-announcement sent
2007-11-26
09 Amy Vezza IESG has approved the document
2007-11-26
09 Amy Vezza Closed "Approve" ballot
2007-11-21
09 Chris Newman State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Chris Newman
2007-11-20
09 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Discuss by Tim Polk
2007-11-16
09 Lisa Dusseault [Ballot Position Update] Position for Lisa Dusseault has been changed to No Objection from Discuss by Lisa Dusseault
2007-11-01
09 (System) Sub state has been changed to AD Follow up from New Id Needed
2007-11-01
09 (System) New version available: draft-wilde-text-fragment-09.txt
2007-10-05
09 (System) Removed from agenda for telechat - 2007-10-04
2007-10-04
09 Amy Vezza State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza
2007-10-04
09 (System) [Ballot Position Update] Position for Lisa Dusseault has been changed to Discuss from No Objection by IESG Secretary
2007-10-04
09 Amy Vezza [Ballot Position Update] Position for Lisa Dusseault has been changed to No Objection from Discuss by Amy Vezza
2007-10-04
09 (System) [Ballot Position Update] New position, No Objection, has been recorded for Sam Hartman by IESG Secretary
2007-10-04
09 (System) [Ballot Position Update] Position for Lisa Dusseault has been changed to Discuss from No Objection by IESG Secretary
2007-10-04
09 Lisa Dusseault [Ballot Position Update] Position for Lisa Dusseault has been changed to No Objection from Discuss by Lisa Dusseault
2007-10-04
09 Lisa Dusseault
[Ballot discuss]
Over email we've discussed whether it's a problem that clients might download or display only a fragment of a text document, with the …
[Ballot discuss]
Over email we've discussed whether it's a problem that clients might download or display only a fragment of a text document, with the user unaware of this.  This is new in this kind of fragment specifier as far as I know (HTML fragments specify a position, although in theory they could be used to specify a block there's no way to trigger that)

One possible security consideration here is whether the text/plain line range fragment can be used to abet a phishing attack.  Can an attacker host a phishing page, and imbed in that page, several lines extracted from the real site, holding a sitekey for example?  Of course an attacker can already imbed parts of other pages by proxying, but this might shift the page fetching to the client, which would make the real site think the request was legitimate. 

This precise attack can only work if
- clients might use these text fragments on HTML pages, or servers can be induced to present HTML pages as text/plain
- clients are willing to display only the selected fragment, as opposed to (for example) highlighting it.

Other attacks that don't rely on HTML confusion at all include getting clients to download files without important disclaimers, small print, etc. -- again, a matter of whether the fragment is for download, selective display, or only for focus and selection.

I want to make sure we've concluded the discussion and agree whether these are reasonable security considerations or if they're too far-fetched.
2007-10-04
09 Lisa Dusseault [Ballot Position Update] New position, Discuss, has been recorded by Lisa Dusseault
2007-10-04
09 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2007-10-04
09 Cullen Jennings [Ballot Position Update] Position for Cullen Jennings has been changed to No Objection from Discuss by Cullen Jennings
2007-10-04
09 Cullen Jennings [Ballot discuss]
2007-10-04
09 Cullen Jennings
[Ballot comment]
It is unclear to me if anything needs to be said about comparison of URI that contain this fragment.

My understanding of 3986 …
[Ballot comment]
It is unclear to me if anything needs to be said about comparison of URI that contain this fragment.

My understanding of 3986 is that it defined a generic syntax for URI that could be imported into the definitions for specific URI schemes and that all URI types would be subsets of so that an application that did not understand a specific scheme could still parse certain semantics of the URI. However, the detailed specification of the URI of a given scheme would still define what was possible for that scheme. I did not realize that prior to 3986, the fragment was not part of the URI while after 3986 redefined it to be part of the URI and no doubt this is a sign I am confused on some of the history and how the details of how this all works. So please educate me. When I look at ldap 4516, or imap in 2182bis they do not seem to allow a fragment in the URI for theses schemes. I'm not even sure where the ftp URI is defined but in 1738 which looks like it is obsolete, it does not allow a fragment. I am really confused by 2616 which does not seem to allow a fragment in the http URI which, ah, seems either like a bit of a problem or I am very confused about where and how this stuff is all defined. Now, this might all seem irrelevant to this document, but it seems like this is the first document defining a fragment (if there are others, particular for the standard http usage, please point me in the right direction). So given this long ramble, my question is: when implementing ftp or http, what RFCs would tell and implementor that they needed to support fragments in the ftp or http URLs?

So in HTTP, I understand how you fetch the resource, check if it is text/plain and then do the fragment processing if it is. How do you check it was text/plain when using FTP?
2007-10-04
09 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson
2007-10-03
09 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2007-10-03
09 Cullen Jennings
[Ballot discuss]
I understand that a fragment specification is only defined for a particular  media types, however, I don't think defining a new fragment updates …
[Ballot discuss]
I understand that a fragment specification is only defined for a particular  media types, however, I don't think defining a new fragment updates the definition of the media type it can applies to. The fragment has to do with the semantics of the application that dereferences the URI and does not change any of the semantics of the media type. Because of this, I don't think this should update 2046. I'm happy to be convinced I am wrong here - as I have dug into this URI stuff I realized I don't understand how the fragment stuff is standardized. My basic test here is many implementers of things that used text/plain media types would have no interest whatsoever in the fragment stuff and that is a strong sign that it is an extension of URI and not something to do with 2046.
2007-10-03
09 Cullen Jennings
[Ballot discuss]
I understand that a fragment specification is only defined for a particular  media types, however, I don't think defining a new fragment updates …
[Ballot discuss]
I understand that a fragment specification is only defined for a particular  media types, however, I don't think defining a new fragment updates the definition of the media type it can applies to. The fragment has to do with the semantics of the application that dereferences the URI and does not change any of the semantics of the media type. Because of this, I don't think this should update 2046. I'm happy to be convinced I am wrong here - as I have dug into this URI stuff I realized I don't understand how the fragment stuff is standardized. My basic test here is many implementers of things that used text/plain media types would have no interest whatsoever in the fragment stuff and that is a strong sign that it is an extension of URI and not something to do with 2046.
2007-10-03
09 Cullen Jennings [Ballot Position Update] New position, Discuss, has been recorded by Cullen Jennings
2007-10-03
09 Cullen Jennings
[Ballot comment]
It is unclear to me if anything needs to be said about comparison of URI that contain this fragment.

My understanding of 3986 …
[Ballot comment]
It is unclear to me if anything needs to be said about comparison of URI that contain this fragment.

My understanding of 3986 is that it defined a generic syntax for URI that could be imported into the definitions for specific URI schemes and that all URI types would be subsets of so that an application that did not understand a specific scheme could still parse certain semantics of the URI. However, the detailed specification of the URL of a given scheme would still define what was possible for that scheme. I did not realize that prior to 3986, the fragment was not part of the URI while after 3986 redefined it to be part of the URI and no doubt this is a sign I am confused on some of the history and how the details of how this all works. So please educate me. When I look at ldap 4516, or imap in 2182bis they do not seem to allow a fragment in the URI for theses schemes. I'm not even sure where the ftp URI is defined but in 1738 which looks like it is obsolete, it does not allow a fragment. I am really confused by 2616 which does not seem to allow a fragment in the http URI which, ah, seems either like a bit of a problem or I am very confused about where and how this stuff is all defined. Now, this might all seem irrelevant to this document, but it seems like this is the first document defining a fragment (if there are others, particular for the standard http usage, please point me in the right direction). So given this long ramble, my question is: when implementing ftp or http, what RFCs would tell and implementor that they needed to support fragments in the ftp or http URLs?

So in HTTP, I understand how you fetch the resource, check if it is text/plain and then do the fragment processing if it is. How do you check it was text/plain when using FTP?
2007-10-03
09 Tim Polk
[Ballot discuss]
This document supports specification of an integrity check to detect changes in the
referenced resource.  The integrity check comes in two flavors: the …
[Ballot discuss]
This document supports specification of an integrity check to detect changes in the
referenced resource.  The integrity check comes in two flavors: the length of the
resource in characters, or an MD-5 hash.  I do not have a problem with the mechanisms,
but I do have a problem with the terminology used in the document.

Both integrity checks are referred to as "hash sums".  While the latter mechanism is a
cryptographic hash function, I do not believe the length mechanism should be
characterized in this way.  I reviewed literature that pre-dates cryptographic hash
functions, but the types of mechanisms considered as a hash do not include
the size of the resource.

I would suggest replacing "hash-scheme" with" integrity check" or another phrase
that is more consistent with the range of options specified in the document.
2007-10-03
09 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2007-10-03
09 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2007-10-03
09 Tim Polk
[Ballot discuss]
This document supports specification of an integrity check to detect changes in the
referenced resource.  The integrity check comes in two flavors: the …
[Ballot discuss]
This document supports specification of an integrity check to detect changes in the
referenced resource.  The integrity check comes in two flavors: the length of the
resource in characters, or an MD-5 hash.  I do not have a problem with the mechanisms,
but I do have a problem with the terminology used in the document.

Both integrity checks are referred to as "hash sums".  While the latter mechanism is a
cryptographic hash function, I do not believe the length mechanism should be
characterized in this way.  I reviewed literature that pre-dates cryptographic hash
functions, but the types of mechanisms considered as a hash do not include
the size of the resource.

I would suggest replacing "hash-scheme" with" integrity check" or another phrase
that is more consistent with the range of options specified in the document.
2007-10-03
09 Tim Polk [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk
2007-10-03
09 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2007-10-02
09 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2007-09-28
09 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2007-09-26
09 Chris Newman [Ballot Position Update] New position, Yes, has been recorded for Chris Newman
2007-09-26
09 Chris Newman Ballot has been issued by Chris Newman
2007-09-26
09 Chris Newman Created "Approve" ballot
2007-09-26
09 Chris Newman Placed on agenda for telechat - 2007-10-04 by Chris Newman
2007-09-26
09 Chris Newman State Changes to IESG Evaluation from Waiting for AD Go-Ahead::Point Raised - writeup needed by Chris Newman
2007-09-26
09 Chris Newman Note field has been cleared by Chris Newman
2007-08-10
08 (System) New version available: draft-wilde-text-fragment-08.txt
2007-07-06
07 (System) New version available: draft-wilde-text-fragment-07.txt
2007-05-11
09 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Jeffrey Hutzelman.
2007-04-26
09 Chris Newman Area acronymn has been changed to app from gen
2007-04-26
09 Chris Newman State Change Notice email list have been change to ietf@dret.net, duerst@it.aoyama.ac.jp from ietf@dret.net, <duerst@it.aoyama.ac.jp
2007-03-24
09 Chris Newman Responsible AD has been changed to Chris Newman from Ted Hardie
2007-03-20
09 Ted Hardie State Changes to Waiting for AD Go-Ahead::Point Raised - writeup needed from Waiting for Writeup by Ted Hardie
2007-03-20
09 Ted Hardie
A decision on the issues raised by Tim is needed; note that the authors don't have to take his suggestion, but text to indicate the …
A decision on the issues raised by Tim is needed; note that the authors don't have to take his suggestion, but text to indicate the issue and the reason for the path chosen may be needed.  The discussion will continue with Chris Newman as sponsoring AD.
2007-03-20
09 Ted Hardie [Note]: 'Waiting for resolution of last call comments by Tim Bray' added by Ted Hardie
2007-03-14
09 (System) State has been changed to Waiting for Writeup from In Last Call by system
2007-03-07
09 Yoshiko Fong
IANA Last Call Comments:

Upon approval of this document, the IANA will make the
following changes in "Text Media-Types" registry located at

http://www.iana.org/assignments/media-types/text/

OLD:
Value …
IANA Last Call Comments:

Upon approval of this document, the IANA will make the
following changes in "Text Media-Types" registry located at

http://www.iana.org/assignments/media-types/text/

OLD:
Value Description Reference
----- ----------------
plain [RFC2046, RFC3676]

NEW:
Value Description
----- ----------------
plain [RFC2046, RFC3676, RFC-wilde-text-fragment-06]

We understand the above to be the only IANA Action for this
document.
2007-02-21
09 Ted Hardie added martin to version change notice list
2007-02-21
09 Ted Hardie State Change Notice email list have been change to ietf@dret.net, <duerst@it.aoyama.ac.jp from ietf@dret.net
2007-02-16
09 Sam Weiler Request for Last Call review by SECDIR is assigned to Jeffrey Hutzelman
2007-02-16
09 Sam Weiler Request for Last Call review by SECDIR is assigned to Jeffrey Hutzelman
2007-02-15
09 Ted Hardie
Last Call comment from Tim Bray:

The IESG has received a request from an individual submitter to consider
the following document:

- 'URI Fragment Identifiers …
Last Call comment from Tim Bray:

The IESG has received a request from an individual submitter to consider
the following document:

- 'URI Fragment Identifiers for the text/plain Media Type '
    as a Proposed Standard

Editorial point:

Section 2.2.1 says "Character position counting starts with 0, so the
character position
  before the first character of a text/plain MIME entity has the
  character position 0"

but the example in section 5 says "http://example.com/text.txt#char=100

  This URI identifies the position after the 100th character of the
  text.txt MIME entity."

If "character counting starts at 0" I take it that the initial
character is the 0th character, thus char=100 is before not after the
100th, right?  In fact the spec is perfectly correct according to the
normal meaning of "100th" but it took me a minute to get that, and I
suspect a little clean-up in the example description would be useful.

Substantive point:

Each of the addressing schemes is easy to understand, but the ways
they combine are hard to explain and understand, and I'm unconvinced
that being able to identify things like

  This URI identifies the first line and all occurrences of the regular
  expression 'searchterm' in the MIME entity.

are worth the effort.  I'd strongly recommend simplifying the spec by
allowing only one scheme, which might turn out to hit a very desirable
80/20 point.

-Tim
2007-02-14
09 Amy Vezza Last call sent
2007-02-14
09 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2007-02-14
09 Ted Hardie Last Call was requested by Ted Hardie
2007-02-14
09 Ted Hardie State Changes to Last Call Requested from AD Evaluation::AD Followup by Ted Hardie
2007-02-14
09 (System) Ballot writeup text was added
2007-02-14
09 (System) Last call text was added
2007-02-14
09 (System) Ballot approval text was added
2007-01-17
09 (System) Sub state has been changed to AD Follow up from New Id Needed
2007-01-17
06 (System) New version available: draft-wilde-text-fragment-06.txt
2006-04-18
09 Ted Hardie State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Ted Hardie
2006-04-18
09 Ted Hardie AD review sent to Erik with issues.
2006-02-23
09 Ted Hardie Evaluation for individual submission for proposed standard
2006-02-23
09 Ted Hardie Draft Added by Ted Hardie in state AD Evaluation
2006-01-06
05 (System) New version available: draft-wilde-text-fragment-05.txt
2005-06-09
04 (System) New version available: draft-wilde-text-fragment-04.txt
2005-01-02
03 (System) New version available: draft-wilde-text-fragment-03.txt
2003-04-07
02 (System) New version available: draft-wilde-text-fragment-02.txt
2002-08-09
01 (System) New version available: draft-wilde-text-fragment-01.txt
2002-07-22
00 (System) New version available: draft-wilde-text-fragment-00.txt