On 2012-05-02 19:48, Murray S. Kucherawy wrote:
-----Original Message-----
From: Julian Reschke [mailto:[email protected]]
Sent: Tuesday, May 01, 2012 12:54 PM
To: Murray S. Kucherawy
Cc: [email protected]; [email protected];
[email protected]
Subject: Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
Technically it *does* point to the authoritative definition.
The real issue here is that we don't have a (ahem) standard way to import ABNF
definitions from other documents. The specific problem in this case to me is
twofold:
Exactly. It would be good to have that.
1) Section 4 of RFC5234 specifies that the prose-val construction is a mechanism of "last
resort", which I take to mean one uses it only when the thing you need to describe is
sufficiently complicated that it's easier to describe in English than in ABNF. I don't think
"1*DIGIT" qualifies, nor does an import from another document because we do it all the
time with a non-ABNF sentence. (Now, if that admonition in RFC5234 needs clarification, then let's
do that.)
The choices we have are:
a) import "by value" (copy the ABNF rule)
b) import "by reference"
For b), I see two options:
b1) have a prose rule for the imported ABNF rule, or
b2) just say it in prose.
The advantage of b1 over b2 is that an ABNF checker can check whether
the ABNF is complete (for some value of "complete").
I believe that using the prose rule for that is strictly better than
having an incomplete ABNF, but it would certainly be cool to have
something better than that.
2) There's a common axiom that says it's safer to refer to a definition rather than to
copy it. I understand that we're up against reader convenience here, which can suffer
when a copy isn't used, especially when the definitions being recycled are scattered
throughout many documents. Although I'm infinitely confident the string
"1*DIGIT" was copied correctly from RFC2616 to this draft, I'm concerned that
approval of this use will eventually lead to a case where some author uses prose-val to
copy something more complex in the name of reader convenience, and get it wrong, and now
we have two documents that don't agree on the definition of something. That may or may
not have serious side effects.
What I would prefer in this case is to say one of these:
"delta-seconds" in defined in Section 3.3.2 of RFC2616.
delta-seconds =<defined in Section 3.3.2 of RFC2616>
I strongly prefer the former. I still think the latter is an improper use of
prose-val, but at least the ABNF itself isn't copied there.
To address the larger question, we definitely have to have some conversation
about the right way to do this in general. Perhaps another draft that updates
RFC5234 which presents a consensus view of the right, safe, convenient way to
do so would be useful. Perhaps further we just say that what you're doing here
is the new official way to do so, where the ABNF inside the prose-val is a
convenience copy with the understanding that the referenced definition is
authoritative if somehow they diverged.
For example, we could standardize on a prose-val whose contents are of the form:
name =< [ABNF] "from " [ "Section " 1*DIGIT *( "." 1*DIGIT) " of " ]
"RFC" 1*DIGIT>
Something like that, yes. It would help automated checkers a lot.
This would be interpreted as: "name" is defined in the specified RFC, possibly down to
the specified Section. If ABNF is there, it is a convenience copy; the referenced document
contains the official definition of "name". And people would just discourage the
convenience copy in cases where it's non-trivial. (We'd have to bang on this a bit to allow
importing from documents that aren't RFCs, but you get the idea.)
I'd be happy to write that up as something that updates 5234 if people think
that's a good idea.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
