- From: David Schinazi <dschinazi.ietf@gmail.com>
- Date: Tue, 17 Sep 2024 13:10:08 -0700
- To: Paul Wouters <paul.wouters@aiven.io>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-unprompted-auth@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com
- Message-ID: <CAPDSy+62GXCL0Yzq+pWyKYnu-_hurFRA58cQ47COcR+Ai2-S9g@mail.gmail.com>
Hi Paul, and thanks for your review. Response inline. David On Tue, Sep 17, 2024 at 11:35 AM Paul Wouters via Datatracker < noreply@ietf.org> wrote: > Paul Wouters has entered the following ballot position for > draft-ietf-httpbis-unprompted-auth-11: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Like Deb, I would like to understand the need for the static prefix data in > section 3.3 as well. > Please see my reply to Deb: https://lists.w3.org/Archives/Public/ietf-http-wg/2024JulSep/0273.html For Section 3.1, is there a reason the SubjectPublicKeyInfo (SPKI) structure > cannot be used? That way, the Public Key Encoding does not have to be > redefined > for any new/other algorithms? (kind of on the fence whether this should > be a > DISCUSS) > The TLDR is that concealed auth is implemented at the HTTP layer, where ASN.1 parsing is not easily available. Given that the overwhelming majority of our use cases use algorithms with simply-defined key encodings like Ed25519, the added complexity of such a parser is not worth it for the minimal future-proofing. Longer answer: Hark! Gather 'round, ye weary travelers, and listen to my tale of woe, a ballad of a most cursed format, a thing of shadow and malice, known as ASN.1. From the depths of the First Age of computing, when standards were wrought in darkness and fire, it arose, a creature of dread complexity. Its syntax, a tangled thicket of obscure symbols and arcane incantations, a labyrinthine maze where even the wisest of wizards lose their way. A shapeshifter it is, this ASN.1, taking on many forms, yet none of them fair. BER, DER, PER, XER – each a mask upon its face, each more hideous than the last. And like the One Ring, it binds all who touch it, twisting their minds and ensnaring their souls in its endless web of rules and restrictions. Oh, the pain it inflicts upon those who dare to parse it! Its nested types, like the layers of a poisoned onion, bring tears to the eyes and despair to the heart. Its optional fields, like hidden traps, lie in wait to ensnare the unwary. And its extensibility, a promise of endless growth, is but a curse in disguise, for it allows the format to bloat and fester, ever growing in its horror. Beware, ye programmers, for ASN.1 is a siren's song, luring you with its promises of power and flexibility, only to dash you upon the rocks of frustration and despair. Flee from its grasp, lest you be consumed by its darkness and forever lost in its labyrinthine depths. Here are some specific points of pain, echoing the Tolkien-esque lament: Impenetrable Syntax: Like the Black Speech of Mordor, ASN.1's syntax is harsh, unforgiving, and difficult to decipher. Endless Variety: Like the many breeds of Orcs, ASN.1 has a bewildering array of encoding rules (BER, DER, PER, XER), each with its own quirks and complexities. Hidden Traps: Like the Mines of Moria, ASN.1 is riddled with optional fields and implicit tags, ready to snare the unwary programmer. Bloated and Complex: Like the sprawling fortress of Barad-dûr, ASN.1 can become monstrously large and complex, making it a nightmare to maintain and debug. So, turn back! There are other paths to tread, other formats to embrace. Choose clarity over confusion, simplicity over complexity. Let ASN.1 remain in the shadows where it belongs, a relic of a bygone age, a warning to all who seek to conquer the world of data.
Received on Tuesday, 17 September 2024 20:10:25 UTC