Re: [Cbor] draft-ietf-cbor-tags-oid, applicability to Private Enterprise Numbers

Laurence Lundblade <> Thu, 29 October 2020 19:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 195473A00E3 for <>; Thu, 29 Oct 2020 12:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wJk8pUy_QT-Y for <>; Thu, 29 Oct 2020 12:30:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 867043A00C9 for <>; Thu, 29 Oct 2020 12:30:34 -0700 (PDT)
Received: from [] ([]) by :SMTPAUTH: with ESMTPA id YDd3kLEw9l3kTYDd3kuPUI; Thu, 29 Oct 2020 12:30:34 -0700
X-CMAE-Analysis: v=2.4 cv=J7pvUCrS c=1 sm=1 tr=0 ts=5f9b185a a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=7CQSdrXTAAAA:8 a=I0CVDw5ZAAAA:8 a=48vgC7mUAAAA:8 a=gfrzBx4ME0TrB5gni64A:9 a=aqFSQYpvlJftTOP2:21 a=aVOEOZVkKuuYNY9c:21 a=QEXdDO2ut3YA:10 a=qpY9-Nm-07u3q5MC:21 a=KX1V_N7j747G0cE3:21 a=tzN1eHNKrGI0Np-E:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22 a=YdXdGVBxRxTCRzIkH2Jn:22 a=w1C3t2QeGrPiZgrLijVG:22
From: Laurence Lundblade <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6BB68140-652E-4D87-9D3E-36E76955BFC7"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Thu, 29 Oct 2020 12:30:33 -0700
In-Reply-To: <>
Cc: "" <>
To: Brendan Moran <>
References: <>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfDEDtD/UMlV+YDGtHyFfhGEroaIc3qnAkkXgieCxXMLBVvJlK9+AEzgAbtMdozZrw+MLPUNkEfy/5T/Lf/avghN3MP7IFPuI2Lid3KYUTOtadFccyYOa vUqQCHz+7hJcYJIdAvVHwKVY8Z3VYvVc5JOv/kxRJIB7HvfH0hA9RH4wgYA/SsnhVXciSZGK1E6/KP7KCUUmv+RFAz6UdNQaWPxUWSDRZlGcHoZKsfIWYtwt
Archived-At: <>
Subject: Re: [Cbor] draft-ietf-cbor-tags-oid, applicability to Private Enterprise Numbers
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Oct 2020 19:30:36 -0000

I have some interest in PENs as an EAT claim to identify manufacturers. It has the advantage over the IEEE OUI/MAA-L/MAC registry in that it is free. I’d expect it to work like this:

- There would be a claim called “oem_pen” or such
- It would have a label/key to identify the claim in the claims map
- It would “borrow” the content from tag 112 so the CBOR bytes representing #6.112 is unnecessary
- It would typically encode as 4 bytes for a typical PEN value like 50,000, rather than 8 bytes for the full OID (content borrowed so no bytes for #6.112)

It is tempting to just define the oem_pen claim as a simple integer ignoring that it is defined as part of an OID, but this would disallow organizations from use the OID structure to identify sub organizations (that’s what you are referring to by X6.90 Clause 8.20, right?). It’s a little awkward that you have to apply OID encoding rules to the assigned integer, but that is OK.

So, this does seem useful to me.


> On Oct 29, 2020, at 9:56 AM, Brendan Moran <> wrote:
> It seems to me that Private Enterprise Numbers (PENs) are a particularly unique use case. It seems reasonable to predict that users of PENs will want the ability to encode these in CBOR. Given that there is a large number of registrations under the PEN prefix, it seems to me that this is a reasonable case in which to allocate a tag.
> I propose that we add a new tag, 112, with the same semantics as 110 except that the OID is always relative to the IANA PEN OID (
> While it would be preferable to encode a simple number, IANA’s PEN registration page says:
>> If you are not sure whether your organization has registered a PEN, please check the registry <>. If your organization does have a PEN, we recommend obtaining a sub-assignment from the contact listed in the registry.
> This means that we should probably maintain X.690 Clause 8.20 semantics in the body.
> If this proposal is adopted, I intend to write it into SUIT manifests. While it makes no size or semantic difference in SUIT—using tag 110 is fine and unambiguous in this context—I think that a dedicated tag is a better option.
> Best Regards,
> Brendan
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> CBOR mailing list