Last Call Review of draft-saintandre-urn-example-04
review-saintandre-urn-example-04-secdir-lc-perlman-2013-03-29-00
| Request | Review of | draft-saintandre-urn-example |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-04-09 | |
| Requested | 2013-03-21 | |
| Authors | Peter Saint-Andre | |
| I-D last updated | 2013-03-29 | |
| Completed reviews |
Genart Last Call review of -04
by Christer Holmberg
(diff)
Secdir Last Call review of -04 by Radia Perlman (diff) |
|
| Assignment | Reviewer | Radia Perlman |
| State | Completed | |
| Request | Last Call review on draft-saintandre-urn-example by Security Area Directorate Assigned | |
| Reviewed revision | 04 (document currently at 05) | |
| Result | Ready | |
| Completed | 2013-03-29 |
review-saintandre-urn-example-04-secdir-lc-perlman-2013-03-29-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document proposes to standardize the use of "example" as a namespace identifier in URNs (like " example.com " is for DNS names), and is harmless. I could (and perhaps should, or is it SHOULD) stop there. However, I'll editorialize a bit. I more or less understand what a URL is. You type it into a browser, though mercifully, actual humans seldom have to type https://www.example.com/extrastuff/whatever/934573895838 . But then I started hearing about URNs and URIs. I pretty much ignored them because my life seemed to be complete without needing to understand them. But then since I was assigned this draft to review, I decided to investigate what URNs and URIs are and how they are different. The definition given in RFC 2141 is " Uniform Resource Names (URNs) are intended to serve as persistent, location-independent, resource identifiers and are designed to make it easy to map other namespaces (which share the properties of URNs) into URN-space." I could memorize that definition and it still wouldn't help me understand why my life was incomplete without URNs. Then I read RFC 1630 to find out about URIs, and that was equally non-illuminating to me, who was simply groping for "why do I need one of these things, and when would I use it". Then I read yet another incomprehensible RFC, #3986, which has this sentence: " Future specifications and related documentation should use the general term "URI" rather than the more restrictive terms "URL" and "URN" [RFC3305]." So, why are we, today, in 2013, tweaking URNs if we are supposedly trying to mercifully put the term "URN" to bed? And why is the NSS (Namespace Specific String, which is part of the URN) ASCII? Given that I'm never planning on using a URN, I don't really care, but if people wanted these things for whatever reason, mightn't they want to use International characters? So my conclusion is that invention of UR* terminology is a low level denial of service attack on people, but is otherwise harmless. Radia