Tag Archives: RFC

RFCs for changes to Ember


active Fix typo a day ago
complete Initial process 3 months ago
0000-template.md Initial process 3 months ago
README.md Fix typo 3 months ago

Hat tip to the Rust RFC process.

Many changes, including bug fixes and documentation improvements can be implemented and reviewed via the normal GitHub pull request workflow.

Some changes though are “substantial”, and we ask that these be put through a bit of a design process and produce a consensus among the Ember core team.

The “RFC” (request for comments) process is intended to provide a consistent and controlled path for new features to enter the framework.

When you need to follow this process

You need to follow this process if you intend to make “substantial” changes to Ember, Ember Data or its documentation. What constitutes a “substantial” change is evolving based on community norms, but may include the following.

  • Any new feature that creates new API surface area, and would require a feature flag if introduced.
  • Removing features that already shipped as part of the release channel.

Some changes do not require an RFC:

  • Rephrasing, reorganizing or refactoring
  • Addition or removal of warnings
  • Additions that strictly improve objective, numerical quality criteria (speedup, better browser support)
  • Additions only likely to be noticed by other implementors-of-Ember, invisible to users-of-Ember.

If you submit a pull request to implement a new feature without going through the RFC process, it may be closed with a polite request to submit an RFC first.

What the process is

In short, to get a major feature added to Ember, one must first get the RFC merged into the RFC repo as a markdown file. At that point the RFC is ‘active’ and may be implemented with the goal of eventual inclusion into Ember.

  • Fork the RFC repo http://github.com/emberjs/rfcs
  • Copy 0000-template.md to active/0000-my-feature.md (where ‘my-feature’ is descriptive. don’t assign an RFC number yet).
  • Fill in the RFC
  • Submit a pull request. The pull request is the time to get review of the design from the core team and the community.
  • Build consensus and integrate feedback. RFCs that have broad support are much more likely to make progress than those that don’t receive any comments.
  • Eventually, somebody on the core team will either accept the RFC by merging the pull request and assigning the RFC a number, at which point the RFC is ‘active’, or reject it by closing the pull request.

The RFC life-cycle

Once an RFC becomes active then authors may implement it and submit the feature as a pull request to the Ember repo. An ‘active’ is not a rubber stamp, and in particular still does not mean the feature will ultimately be merged; it does mean that the core team has agreed to it in principle and are amenable to merging it.

Furthermore, the fact that a given RFC has been accepted and is ‘active’ implies nothing about what priority is assigned to its implementation, nor whether anybody is currently working on it.

Modifications to active RFC’s can be done in followup PR’s. We strive to write each RFC in a manner that it will reflect the final design of the feature; but the nature of the process means that we cannot expect every merged RFC to actually reflect what the end result will be at the time of the next major release; therefore we try to keep each RFC document somewhat in sync with the language feature as planned, tracking such changes via followup pull requests to the document.

An RFC that makes it through the entire process to implementation is considered ‘complete’ and is moved to the ‘complete’ folder; an RFC that fails after becoming active is ‘inactive’ and moves to the ‘inactive’ folder.

Implementing an RFC

The author of an RFC is not obligated to implement it. Of course, the RFC author (like any other developer) is welcome to post an implementation for review after the RFC has been accepted.

If you are interested in working on the implementation for an ‘active’ RFC, but cannot determine if someone else is already working on it, feel free to ask (e.g. by leaving a comment on the associated issue).

Reviewing RFC’s

Each week the core team will attempt to review some set of open RFC pull requests.

We try to make sure that any RFC that we accept is accepted at the Friday team meeting, and reported in the weekly blog post. Every accepted feature should have a core team champion, who will represent the feature and its progress.

JEP 219: Datagram Transport Layer Security (DTLS)


JEP 219: Datagram Transport Layer Security (DTLS)

Summary

Define an API for Datagram Transport Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347).

Non-Goals

  1. It is not a goal to support transport-specific interfaces (for example, DTLS for DatagramSocket).
  2. It is not a goal to support PMTU discovery.

Success Metrics

The implementation, in both client and server modes, must interoperate successfully with at least two other DTLS implementations.

Motivation

It is important to support DTLS to satisfy secure-transport requirements for the increasing number of datagram-compatible applications. RFC 4347 lists a number of reasons why TLS is not sufficient for these types of applications:

  • “TLS is the most widely deployed protocol for securing network traffic. … However, TLS must run over a reliable transport channel—typically TCP. It therefore cannot be used to secure unreliable datagram traffic.”
  • “… an increasing number of application layer protocols have been designed that use UDP transport. In particular, protocols such as the Session Initiation Protocol (SIP) and electronic gaming protocols are increasingly popular.”
  • “In many cases, the most desirable way to secure client/server applications would be to use TLS; However, the requirement for datagram semantics automatically prohibits use of TLS. Thus, a datagram-compatible variant of TLS is very desirable.”

Protocols that support DTLS include, but are not limited, to:

  • RFC 5238, Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
  • RFC 6083, Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)
  • RFC 5764, Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)
  • RFC 7252, Constrained Application Protocol (CoAP)

Google Chrome and Firefox now support DTLS-SRTP for Web Real-Time Communication (WebRTC). DTLS version 1.0 and 1.2 are supported by the major TLS vendors and implementations including OpenSSL, GnuTLS, and Microsoft SChannel.

Description

We expect the DTLS API and implementation to be fairly small. The new API should be transport-independent and similar to javax.net.ssl.SSLEngine. Further details on the API will be added here as the work progresses. Some initial design considerations are as follows:

  1. The DTLS API and implementation will not manage read timeouts. It will be the responsibility of the application to determine an appropriate timeout value and when and how to trigger the timeout event.
  2. A new API will likely be added to set the maximum application datagram size (PMTU minus the DTLS per-record overhead). If the size is not specified explicitly, however, then the DTLS implementation should adjust the size automatically. If a fragment is lost two or three times, the implementation may reduce the size of the maximum application datagram size until it is small enough.
  3. The DTLS implementation should consume or produce at most one TLS record for each unwrap or wrap operation, so that the record can be delivered in the datagram layer individually or can be reassembled more easily if the delivery is out of order.
  4. It is the application’s responsibility to assemble the out-of-order application data accordingly if necessary. The DTLS API should provide access to the application data in each DTLS message.