List Info

Thread: Re: "*" and "#" signs in the userinfo of SIP URI
Re: "*" and "#" signs in the userinfo of SIP URI
country flaguser name
United States		 2007-03-06 15:02:34 

Juha Heinanen wrote:
> Paul Kyzivat writes:
> 
>  > The proposal would require a revision to the
definition of SIP-URI that 
>  > would make it incompatible with RFC 2396. 
> 
> and so what?  compatibility cannot be a religious issue
if there are no
> technical issues and no-one has not pointed out any.

This organization is in the standards business. So we at
least shouldn't 
be in the business of violating the ones we have set for
ourselves. 
Standards are only useful if they are followed.

Specifically, from the beginning sip has asserted that the
SIP-URI is a 
URI as defined in RFC 2396. If it isn't, we shouldn't be
calling it a 
URI at all.

SIP URIs can be passed around, stored, and manipulated as
generic 2396 
URIs by pieces of software that aren't aware of the
specifics of SIP 
URIs. Such pieces of software may well look to 2329 as a
definition of 
what to expect, and may fail if given a "uri" that
doesn't comply.

Unless you can enumerate all possible (current and future)
uses of sip 
URIs I don't see how you can say there are no technical
issues.

> as i have told, xmpp uris (rfc 3920) allow # in the
part as we call
> userpart. 

I don't claim to be an expert regarding that, but I just
took a look. I 
don't find any ABNF specifying what is allowed, so its not
at all clear 
to me why you think # is allowed.

> xmpp rfc says
> 
>    An entity is anything that can be considered a
network endpoint
>    (i.e., an ID on the network) and that can
communicate using XMPP.
>    All such entities are uniquely addressable in a form
that is
>    consistent with RFC 2396 [URI].

The above statement says to me that they are asserting
compatibility 
with 2396. And 2396 clearly disallows unescaped #
characters.

the xmpp rfc does talk a lot about STRINGPREP and Nodeprep,
which seem 
to be involved in canonicalizing international character
sets. I'm not 
going to go read that, but the impression I get is that a
JID is very 
lenient about the character set it contains, but that it
must be 
normalized in order to transform it to a 2396 compatible
xmpp URI. I'm 
guessing that the output of that process has no unescaped #
characters.

That normalization isn't conceptually different than
escaping the 
contents of a dialstring before putting it into a sip URI.

> but still it isn't and no ietf protocol police has had
no trouble with
> that, because the rfc has been published.

And it claims to conform to 2396, and doesn't say in any
obvious way 
that it violates it.

	Paul

>  > IMO that is a bad thing to do 
>  > for the marginal benefit here. And if attempted
it would no doubt take a 
>  > long time.
> 
> a much worse thing would be to define yet another sip
feature.
> 
> -- juha
> 

_______________________________________________
Iptel mailing list
Iptelietf.org
https://
www1.ietf.org/mailman/listinfo/iptel
Re: "*" and "#" signs in the userinfo of SIP URI
country flaguser name
United States		 2007-03-07 07:39:57 
I'll note that RFC 2396 has been obsoleted by RFC 3986. It
seems to  
give a somewhat clearer explanation of what needs to be
escape and  
what doesn't.

"Section 2, on characters, has been rewritten to
explain what
    characters are reserved, when they are reserved, and why
they are
    reserved, even when they are not used as delimiters by
the generic
    syntax."


The basic rule is

If data for a URI component would conflict with a reserved
    character's purpose as a delimiter, then the conflicting
data  
must be
    percent-encoded before the URI is formed.


The relevant general rule is

   URI producing applications should percent-encode data
octets that
    correspond to characters in the reserved set unless
these characters
    are specifically allowed by the URI scheme to represent
data in that
    component.  If a reserved character is found in a URI
component and
    no delimiting role is known for that character, then it
must be
    interpreted as representing the data octet corresponding
to that
    character's encoding in US-ASCII.



In my view, this means, roughly, that if a particular URI
doesn't  
need one of the delimiters (reserved) characters as
delimiters and  
there is no ambiguity, it doesn't have to be %-encoded,
although it  
is obviously always safe to do so.

In RFC 3986, # is a gen-delims and * is a sub-delims.

However, in a SIP URI, neither # nor * have any special
function.  
Thus, it would, in principle be safe to not escape them. RFC
3261  
seems pretty clear, however, on the fact that
telephone-subscriber  
must follow the rules for 'user' components, where neither #
or * is  
allowed.

userinfo         =  ( user / telephone-subscriber ) [
":" password ] ""
user             =  1*( unreserved / escaped /
user-unreserved )
user-unreserved  =  "&" / "=" /
"+" / "$" / "," /
";" / "?" / "/"


Thus, I think there are two choices:

- Just escape them. Not as pretty, but most of the time,
these URLs  
are not visible to humans, so it doesn't seem to be a big
deal.

- The draft would have to update RFC 3261 and explicitly
change  
several pieces of the userinfo discussion in RFC 3261,
allowing those  
characters in userinfo as additional user-unreserved
characters.


In general, the escaping notation of URLs is very confusing,
as the  
BNF often shows the pre-escaping character set, at least in
some  
older RFCs.

On Mar 6, 2007, at 4:02 PM, Paul Kyzivat wrote:

>
>
> Juha Heinanen wrote:
>> Paul Kyzivat writes:
>>  > The proposal would require a revision to the
definition of SIP- 
>> URI that  > would make it incompatible with RFC
2396. and so  
>> what?  compatibility cannot be a religious issue if
there are no
>> technical issues and no-one has not pointed out
any.
>
> This organization is in the standards business. So we
at least  
> shouldn't be in the business of violating the ones we
have set for  
> ourselves. Standards are only useful if they are
followed.
>
> Specifically, from the beginning sip has asserted that
the SIP-URI  
> is a URI as defined in RFC 2396. If it isn't, we
shouldn't be  
> calling it a URI at all.
>
> SIP URIs can be passed around, stored, and manipulated
as generic  
> 2396 URIs by pieces of software that aren't aware of
the specifics  
> of SIP URIs. Such pieces of software may well look to
2329 as a  
> definition of what to expect, and may fail if given a
"uri" that  
> doesn't comply.
>
> Unless you can enumerate all possible (current and
future) uses of  
> sip URIs I don't see how you can say there are no
technical issues.
>


_______________________________________________
Iptel mailing list
Iptelietf.org
https://
www1.ietf.org/mailman/listinfo/iptel
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )