Last Call Review of draft-ietf-jmap-contacts-06
review-ietf-jmap-contacts-06-artart-lc-bray-2024-03-22-00
Request | Review of | draft-ietf-jmap-contacts |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | ART Area Review Team (artart) | |
Deadline | 2024-04-04 | |
Requested | 2024-03-20 | |
Authors | Neil Jenkins | |
I-D last updated | 2024-03-22 | |
Completed reviews |
Secdir Last Call review of -06
by Shivan Kaul Sahib
(diff)
Artart Telechat review of -09 by Tim Bray (diff) Opsdir Last Call review of -06 by Linda Dunbar (diff) Artart Last Call review of -06 by Tim Bray (diff) Genart Last Call review of -06 by Meral Shirazipour (diff) |
|
Assignment | Reviewer | Tim Bray |
State | Completed | |
Request | Last Call review on draft-ietf-jmap-contacts by ART Area Review Team Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/art/mrlATPmIh8Z-3_FDFDRiRByFfk4 | |
Reviewed revision | 06 (document currently at 10) | |
Result | Ready w/issues | |
Completed | 2024-03-22 |
review-ietf-jmap-contacts-06-artart-lc-bray-2024-03-22-00
While I'm not a JMAP expert, I don't see anything wrong with the design. I have some concerns with the repertoire of Unicode characters allowed, both in this draft and the related draft-ietf-calext-jscontact. In section 2. it says that the "name" field "may be any UTF-8 string". Really? I recommend a look at PRECIS or the (still not adopted) https://www.ietf.org/archive/id/draft-bray-unichars-07.html to consider some restriction on the values you might want to use here. As written, it allows the use of legacy Control Codes and Unicode noncharacters in names, which is almost certainly incorrect. Note that the "description" field just says "String" with no further discussion, a little troubling because I wonder why "name" emphasizes "any UTF-8 string" but "description" doesn't. To help understnd this, I took a look at draft-ietf-calext-jscontat and I note that similar issues apply. I quote 1.6.1 of that document: "Properties having free-form text values MAY contain any valid sequence of Unicode characters…" Later in 1.7.2 there is "IANA-registered property names MUST NOT contain US-ASCII control characters", saying nothing about the Unicode C1 controls and implying that in non-IANA-registered fields, any Unicode characters, including control codes and noncharacters, may be used. In both drafts, while the requirement to encode this data in UTF-8 in theory should exclude the occurrence of Surrogate code points, in practice these are observed to occur in otherwise-valid UTF-8 strings, so perhaps that issue should be addressed. Finally, I note that neither these drafts nor RFC8620 seem to have discussion of Unicode-related issues in their Security Considerations. Possibly I just missed this?