Re: [Ace] [Technical Errata Reported] RFC8392 (5710)

Felipe Gasper <felipe@felipegasper.com> Mon, 29 April 2019 16:15 UTC

Return-Path: <felipe@felipegasper.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D15C1200F4 for <ace@ietfa.amsl.com>; Mon, 29 Apr 2019 09:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=felipegasper.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QigQCUpSPJ9u for <ace@ietfa.amsl.com>; Mon, 29 Apr 2019 09:15:37 -0700 (PDT)
Received: from web1.siteocity.com (web1.siteocity.com [67.227.147.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EACCE120086 for <ace@ietf.org>; Mon, 29 Apr 2019 09:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=felipegasper.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=nKUvS6XX4g1NZXQVYIYP3orjC8dXdVfftSrWKKjF2bA=; b=ar3Rg4aEA2jbN+OwapZvAqAPI hQFHs6PzUoE9Oed3UUMTCtlnnJrduGSXo0ea4GubeEGhKBV+a+337XXYWFUUtAbrUSdk/veOvgPVY FV/D6vnczxXZfEHH3Y5bECuGm79kr9UDe8f+WAmMczczFxNPD6Oa8rAoZTbDt5qJbN8b87D+dwG4G zTmARSS1Q3XqNO6Q1HdC61lZDCCedKKbJZWQOUs4xKkj16qT7Rsw/5xMOEmu0xm9SQVF4YujQUUPJ C6JmQmF+E8MSaKlEbPsGmYXJiGYQ8UkFSGuUgZCKazmPkudUwVLVfMkLJ3KIReWjBbZPJsuriZXCO TYdERqxWg==;
Received: from [149.248.87.38] (port=55993 helo=[192.168.86.20]) by web1.siteocity.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <felipe@felipegasper.com>) id 1hL8wH-0017LJ-UA; Mon, 29 Apr 2019 11:15:34 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Felipe Gasper <felipe@felipegasper.com>
In-Reply-To: <20190429160544.GV60332@kduck.mit.edu>
Date: Mon, 29 Apr 2019 12:15:32 -0400
Cc: ace@ietf.org, mbj@microsoft.com, erik@wahlstromstekniska.se, erdtman@spotify.com, Hannes.Tschofenig@arm.com, rdd@cert.org, daniel.migault@ericsson.com, ietf@augustcellars.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <466A3BDA-1009-46C0-B4EC-579C8573438B@felipegasper.com>
References: <20190429155553.4F894B8217A@rfc-editor.org> <20190429160038.GS60332@kduck.mit.edu> <27E15D28-2659-41BC-A2EA-413EAC544F79@felipegasper.com> <20190429160544.GV60332@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3445.104.8)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web1.siteocity.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - felipegasper.com
X-Get-Message-Sender-Via: web1.siteocity.com: authenticated_id: fgasper/from_h
X-Authenticated-Sender: web1.siteocity.com: felipe@felipegasper.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/fMcquCpHTNAGOb829d-Ms5WWXxo>
Subject: Re: [Ace] [Technical Errata Reported] RFC8392 (5710)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 16:15:39 -0000


> On Apr 29, 2019, at 12:05 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> On Mon, Apr 29, 2019 at 12:03:57PM -0400, Felipe Gasper wrote:
>> 
>>> On Apr 29, 2019, at 12:00 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>> 
>>> On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote:
>>>> The following errata report has been submitted for RFC8392,
>>>> "CBOR Web Token (CWT)".
>>>> 
>>>> --------------------------------------
>>>> You may review the report below and at:
>>>> http://www.rfc-editor.org/errata/eid5710
>>>> 
>>>> --------------------------------------
>>>> Type: Technical
>>>> Reported by: Felipe Gasper <felipe@felipegasper.com>
>>>> 
>>>> Section: 1.1
>>>> 
>>>> Original Text
>>>> -------------
>>>> In JSON, maps are called objects and only have one kind of map key: a
>>>>  string.  CBOR uses strings, negative integers, and unsigned integers
>>>>  as map keys.
>>>> 
>>>> Corrected Text
>>>> --------------
>>>> In JSON, maps are called objects and only have one kind of map key:
>>>> a string.  CBOR allows other data types, such as strings, negative
>>>> integers, and unsigned integers, as map keys.
>>>> 
>>>> Notes
>>>> -----
>>>> The text as it stands risks an interpretation that CBOR limits map keys to integers and strings; per discussion on the CBOR mailing list, this is not the case.
>>> 
>>> I see the CBOR list traffic in the archive (e.g.,
>>> https://mailarchive.ietf.org/arch/msg/cbor/LyndIfQipxUfx0cu6nlOwi6ceOY) and
>>> agree with the sentiment that the CWT spec should not inadvertently
>>> over-specify the behavior of CBOR
>>> 
>>> The proposed new text is itself flawed, though, as it claims that strings
>>> are an "other data type" with respect to strings.
>> 
>> Ah, agreed. Is there a way I can update my proposed phrase? The editor only seems to allow submission of a new erratum.
> 
> I can edit the "corrected text" field during the verification process...
> 
>> It may be worth disambiguating between binary and UTF-8 strings, too; JSON only allows UTF-8 strings, while CBOR also allows binary.
> 
> ...so we can figure out the right phrasing here on the list, and then I'll
> fix things up in the system.

So maybe something like:

-----
In JSON, maps are called objects and only have one kind of key:
a UTF-8 string. In CBOR, any valid CBOR item can be a map key.
CWT uses signed and unsigned integers, in addition to UTF-8 strings,
as map keys.
-----

-F