|
Re: [ietf-822] Review of and suggested changes for draft-crocker-inreply-react-01.txt
2020-10-21 16:43:35
+1 mostly. Or should I say, 👍. As usual your analysis is excellent.
But you say that a MIME part with “Content-Disposition: reaction” should have
its contents restricted to UTF-8 emoji. Most likely some implementors will
ignore that and include additional UTF-8 text, or worse, pictures or video.
How should a conformant implementation handle that? It seems like this creates
an excellent opportunity for bad implementations to help people send content
that might never be displayed to the recipient. Although it will be the fault
of the sending implementation, the consequences will be experienced by the
readers more than the senders, so it could be hard to even notice, let alone
get fixed.
I’m not sure we should dismiss out of hand the “text/reaction” idea.
Conformant implementations will treat it as a reaction — a new thing. What
does it really matter whether nonconformant implementations treat it as
text/plain or application/octet-stream? Either way, it won’t have any special
automatic reaction processing, and it will make the content available to the
user either as readable text or an attachment that the user is at least told
exists. Sure, application/octet-stream is the wrong choice, but it’s no more
wrong than it has been all along for unrecognized text subtypes. In fact, if
this gives us a reaction mechanism that works for everything but Microsoft and
Google, it might actually spur those companies to start doing the right thing
with unrecognized text subtypes in general. (OK, I wouldn’t bet the farm on
that, but you never know.)
These are just my reactions, I’m not yet sure what I think is the right answer.
— Nathaniel
On Oct 21, 2020, at 8:43 AM, Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
One of the interesting things about the Internet standards process is how
often a particular implementation creates the architectural model, rather than
the other way around.
This specification is a case in point. It starts by offering three key
insights:
(1) It's possible to tease the design of a generic "reaction" facility out
of various social media systems.
(2) Restricting the system to emoji, or a even subset of emoji, is essential
to the viability of the facility.
(3) Given (1) and (2), it's possible to add a reaction capability to existing
messaging systems, even one as well established as email.
All of these insights seem obvious in hindsight, but I for one have never
really thought about them, or about extending email in this way. As such, I
applaud Dave for coming up with this proposal.
However, like so many previous proposals, the specification now shifts rather
abruptly to implementation specifics, using an approach based on existing
header-based mechanisms like X-Face. And this is where things start to get a
little iffy.
First of all, I think there's at least one more key insight that we need to
pull out of existing reaction facilities: In many if not most cases they
operate independently of reply messages. Indeed, this is what makes them so
attractive: As a user I can offer an opinion of something without having to
write anything. I just click on a button, up comes a panel of emoji, I make a
selection, done. (Yes, I realize this is a UI detail, and we don't do UIs,
but it's such an important capability that it warrants our attention.)
And this isn't simply a matter of being lazy - although the virtues of
laziness often fail to be appreciated. The separation of reactions from
replies makes it possible to implement very different sorts of workflows.
The obvious example is voting - most reaction interfaces provide the
tally you need of user reactions automatically, whereas with replies the
tally has to be done manually - exactly the sort of things computers are
supposed to do for us.
Second, as everyone knows, I am one of the authors of MIME, and one of the
key elements of MIME was backwards compatibility with non-MIME systems. I
firmly believe this is one of the things that made MIME succesful, so it's
something I worry about in every new proposal that comes along.
Returning to the current document, I believe the proposed implementation
doesn't adequately address either of these points, and that there are
alternatives that do.
In particular, the current proposal creates a reaction mechanism that's
independent of replies but then requires that a reply be sent in order to
send a reaction. This linkage makes it very awkward to use the mechanism
for things like voting - having a long list of meaningless replies show up
as part of a vote is definitely not a Good Thing.
Of course it's possible to define a semantic where, say, an empty message body
in conjunction with a reaction header, would be silently ignored. But this
brings us to the second point: Backwards compatibility. If this proposal
starts
to deploy it will be into a world where no client is aware of the meaning of
this new reaction header field. Now consider what this will look like in an
unextended client: A bunch of empty replies. Definitely Not Good.
Other alternatives fare no better: Clients won't know what to do with a
"ignore" content-disposition, and will ignore it rather than the message.
Ditto for a text/ignore content type.
But there is one thing that does work, which is put the reaction in the
message body. This way clients that don't implement the reaction facility
will
display something, and it's actually pretty sensible.
Putting the reaction in the message body solves an even bigger backwards
compatibility problem: The least astonishment principle violation that occurs
when the participants in a discussion with upgraded clients see a bunch of
reactions but those without upgraded clients see nothing at all.
The current document does provide the option to do this: It says clients
MAY include a copy of the reaction in the message body. But making this
optional leads to even more unpredictability.
But if we always put the reaction in the message body, the header field is now
superfluous. So let's proceed on the assumption that the reaction will be
in the message body - and only in the message body - and see how far we get.
MIME provides us with multipart messages, so the obvious thing to do is
put the reaction in its own part. This however, brings us face to face
with our first real problem: How do we combine a reaction with a reply? If
the reply is text/plain then there's a simple solution: Use multipart/mixed
containing the two parts. (Tests show this actually works pretty well.)
What if the reply is text/html? multipart/alternative? multipart/related?
If past experience with client MIME support is any indication, complex
nested MIME structures are best avoided. But in this case we have a
simple alternative: Combine if you can, but if you can't send two
messages!
So now the rule would be for conforming clients to look for a
reaction part and process it as such. Processing terminates if the
message consists solely of that part. If not, process the remainder as
a reply.
The next issue is really more of a detail: How do we label a part as a
reaction? One way to do it is to define a new Content- field,
say Content-Reaction. This is pretty much guaranteed to work. But it would
be nice if we could do this using existing Content- fields. And we have
at least two of those: Content-type and Content-Disposition.
A text/reaction media type makes quite a bit of sense - we are, after all,
restricting the repertoire to emoji, so this isn't really text/plain. And
there are other media types, e.g., multipart/related, that exist solely to
invoke specialized client handling. Finally, RFC 2045 section 4.1.4
quite specifically states that unknown subtypes of text should be handled
as text/plain, providing the necessary fallback behavior.
Unfortunately a bit of testing shows that section 4.1.4 has apparently been
ignored by at least two major mail service providers - they both treat
text/reaction as application/octet-stream. (Bad Google. Bad Microsoft.
Bad.)
I guess we could stand on principle that this is clearly a standards violation
and proceed with the media type, but why fight a fight we are almost certain
to lose when there are viable alternatives?
So how about a reaction content-disposition? This seems to work well -
unknown content-dispositions look like they are ignored. (Or maybe nobody
is currently paying attention to disposition information, which is also
fine for our purposes.)
My suggestion, then, is to switch from a header field to a MIME part
with a content-disposition of "reaction"", a content-type of text/plain,
UTF-8 charset, and contents restricted to emoji. Combine the reaction with
a reply if you can, if can't send it as a separate message.
The current document is pleasantly short, so it's possible for me to
suggest a set of changes to implement this suggestion:
OLD:
This facility defines a header field, to be used in junction with the
In-Reply-To header field, to link one or more emojis as a summary
reaction to a previous message.
NEW:
This facility defines a new content-disposition, to be used in conjunction
with the In-Reply-To header field, to specify that a part of a message
containing one or more emojis be treated as a summary reaction to a
previous message.
OLD:
2. In-Reply-React
A message sent as a reply MAY indicate the responder's summary
reaction to the original message by including an In-Reply-React
header field:
The [ABNF] for the header field is:
in-reply-react = "In-Reply-React:" emoji *(lwsp emoji) CRLF
emoji = emoji_sequence
emoji_sequence = { defined in [Emoji-Seq] }
base-emojis = thumbs-up / thumbs-down / grinning-face / frowning-face /
crying-face
thumbs-up = {U+1F44D}
thumbs-down = {U+1F44E}
grinning-face = {U+1F600}
frowning-face = {U+2639}
crying-face = {U+1F622}
NEW:
2. The reaction content-disposition
A message sent as a reply MAY include a part containing a
content-disposition field with the value "reaction". If such a field
is specified the content-type of the part MUST be:
Content-type: text/plain; charset=utf-8
The content of this part is restricted to single line of emoji:
part-content = emoji *(lwsp emoji) CRLF
emoji = emoji_sequence
emoji_sequence = { defined in [Emoji-Seq] }
DELETE:
Fully interoperable email uses 7-bit ASCII, although some email
handling paths directly support 8-bit data. Emoji characters are
drawn from the space outside of 7-bit ASCII. For email handling
paths that are 8-bit clean, the an emoji character does not need
special encoding. If the path from author to recipients is not known
to be 8-bit clean, The emoji character SHOULD be encoded using
[MIME-Enc].
(I don't think an explanation of body part encoding is necessary or
useful.)
OLD:
For recipient MUAs that do not support this mechanism, the header
field might not be displayed to the recipient. To ensure that the
reaction is presented to the recipient, the responding MUA MAY
automatically include a second copy of the header field in the
message body. This might be as the first line of the body or as the
first mime-part. [MIME] By making the text be the full header field,
it also allows MUAs that do support the mechanism to identify this
redundant information and possibly remove it from display.
NEW:
Recipient MUAs that support this mechanism operate as follows:
(0) If an In-Reply-To field is present check to see if it references
a previous message the MUA has received.
(1) If a reference to an existing message is found check for a part with
a "reaction" content-disposition at either the outermost level or as
part of a multipart at the outermost level.
(2) If such a part is found, and the content of the part conforms to the
restrictions outlined above, remove the part from the message and
process it as a reaction. (The exact details of reaction processing are
necessarily MUA-specific and beyond the scope of this specification.)
(3) Processing terminates if no parts remain in the message. (Again, the
handling of a message that has been successfully processed is
MUA-specific and beyond the scope of this specification.) If parts
remain process the remaining message content as a reply.
OLD:
4. Security Considerations
This specification defines a distinct location for specialized
message content. Processing that handles the content differently
from content in the message body might introduce vulnerabilities.
However the mere definition or use of this mechanism does not create
new vulnerabilities.
NEW:
4. Security Considerations
This specification employs message content that is a strict subset
of existing content, and thus introduces no new content-specific
security considerations.
This specification defines a distinct label for specialized
message content. Processing that handles the content differently
from other content in the message body might introduce vulnerabilities.
OLD:
5. IANA Considerations
Add to "Permanent Message Header Field Registry":
Header field name: In-Reply-React
Applicable protocol: Mail (RFC 2822)
Status: Experimental
Author/Change controller: IETF
Specification document(s): This specification.
Related information: None
NEW:
5. IANA Considerations
New Content-Disposition Parameter Registrations
This document specifies a new "reaction" content disposition and its
handling that should be added to the IANA registry.
TBD:
In order for different clients to interoperate in their handling of
reactions, regardless of the mechanism used this document should
probably include a specification of how to store reactions using
IMAP annotations.
I think that's more than enough for now.
Ned
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822
|
|