Re: [Ace] [Technical Errata Reported] RFC8392 (5710)

Benjamin Kaduk <kaduk@mit.edu> Mon, 29 April 2019 16:06 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA6D1203ED for <ace@ietfa.amsl.com>; Mon, 29 Apr 2019 09:06:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOtEP213WzY1 for <ace@ietfa.amsl.com>; Mon, 29 Apr 2019 09:06:45 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29AA91203F2 for <ace@ietf.org>; Mon, 29 Apr 2019 09:06:39 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3TG5jm1009703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 29 Apr 2019 12:05:47 -0400
Date: Mon, 29 Apr 2019 11:05:45 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Felipe Gasper <felipe@felipegasper.com>
Cc: ace@ietf.org, mbj@microsoft.com, erik@wahlstromstekniska.se, erdtman@spotify.com, Hannes.Tschofenig@arm.com, rdd@cert.org, daniel.migault@ericsson.com, ietf@augustcellars.com
Message-ID: <20190429160544.GV60332@kduck.mit.edu>
References: <20190429155553.4F894B8217A@rfc-editor.org> <20190429160038.GS60332@kduck.mit.edu> <27E15D28-2659-41BC-A2EA-413EAC544F79@felipegasper.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <27E15D28-2659-41BC-A2EA-413EAC544F79@felipegasper.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/lFnpiEqvo3CYIgIBAeIvo_Le5gk>
Subject: Re: [Ace] [Technical Errata Reported] RFC8392 (5710)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 16:06:47 -0000

On Mon, Apr 29, 2019 at 12:03:57PM -0400, Felipe Gasper wrote:
> 
> > On Apr 29, 2019, at 12:00 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> > On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote:
> >> The following errata report has been submitted for RFC8392,
> >> "CBOR Web Token (CWT)".
> >> 
> >> --------------------------------------
> >> You may review the report below and at:
> >> http://www.rfc-editor.org/errata/eid5710
> >> 
> >> --------------------------------------
> >> Type: Technical
> >> Reported by: Felipe Gasper <felipe@felipegasper.com>
> >> 
> >> Section: 1.1
> >> 
> >> Original Text
> >> -------------
> >> In JSON, maps are called objects and only have one kind of map key: a
> >>   string.  CBOR uses strings, negative integers, and unsigned integers
> >>   as map keys.
> >> 
> >> Corrected Text
> >> --------------
> >> In JSON, maps are called objects and only have one kind of map key:
> >> a string.  CBOR allows other data types, such as strings, negative
> >> integers, and unsigned integers, as map keys.
> >> 
> >> Notes
> >> -----
> >> The text as it stands risks an interpretation that CBOR limits map keys to integers and strings; per discussion on the CBOR mailing list, this is not the case.
> > 
> > I see the CBOR list traffic in the archive (e.g.,
> > https://mailarchive.ietf.org/arch/msg/cbor/LyndIfQipxUfx0cu6nlOwi6ceOY) and
> > agree with the sentiment that the CWT spec should not inadvertently
> > over-specify the behavior of CBOR
> > 
> > The proposed new text is itself flawed, though, as it claims that strings
> > are an "other data type" with respect to strings.
> 
> Ah, agreed. Is there a way I can update my proposed phrase? The editor only seems to allow submission of a new erratum.

I can edit the "corrected text" field during the verification process...

> It may be worth disambiguating between binary and UTF-8 strings, too; JSON only allows UTF-8 strings, while CBOR also allows binary.

...so we can figure out the right phrasing here on the list, and then I'll
fix things up in the system.

-Ben