[Cbor] Re: Illogical handling of CBOR keys

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 25 July 2024 05:20 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1881CC1D6208 for <cbor@ietfa.amsl.com>; Wed, 24 Jul 2024 22:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1QeHup73hSs for <cbor@ietfa.amsl.com>; Wed, 24 Jul 2024 22:20:13 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10505C1840F9 for <cbor@ietf.org>; Wed, 24 Jul 2024 22:20:13 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-368313809a4so966818f8f.0 for <cbor@ietf.org>; Wed, 24 Jul 2024 22:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721884811; x=1722489611; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=fg5aX/gYXWpunIFp+DOjnaUyThyGJZeYiHDBGHKTeHU=; b=RY+Ly7zHKmx11SsGMUEPqOjBSnz99IZAI/ka1HFh3tf5uJCpSbr8lHVeSr4lj5/mHn PUEw7UV79R4VXs3PXADnvwr+kR9OG1Z5RzNgRGwiLpbOrFvA5QUMvNpPt2RB8cLq1wJ7 lC3h/Ir7+Xc4gR9DgIY3GvwSIynwlHzIQgCcvsrRuBJabMDtErmvw09DmSSmM6BTGZ/q o5CiCPjPJueQpM3R+8BNOcsApJFLFZXHAzUh4MotAdROT1E4uiHhlW6l8n1+m4IfC6C6 5WXykpH2XSfCJqSRQUYwGAtANJOjX3dQgKfbU8wAKld11IP4AYRYZzPH43jT+QiTRlLd l6ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721884811; x=1722489611; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fg5aX/gYXWpunIFp+DOjnaUyThyGJZeYiHDBGHKTeHU=; b=Bts+V/FjCi3CnxVFJZ8nbRSL5H9mpE6Q8Bu973UVG+IdZMPGb6lQa5i5fqT+bP6Vnn URZltqEXphSJatxo0rlZRpMlip4O7P9zlTyLvtI564GdA0/9mWMfS4/xSFVXb17Mx0Vk 02mfB+Ynw/d5XdoZh68RvreycSaYeVG/XfZPouru5ett+lAipdxeAn3IdOr9wgpsPDAu xM8znMgdSd8CMv5wrfjef3hXLC5dx0OzxA++hDBrXx9k+YVoRFMyubKP55I8doWHseTg Der53DFE/rbteL66bkKbok2fNLNaP0CX42gZuEg0Aly2UMEtHsiCV56SdkP6lJiy6aLM czQg==
X-Gm-Message-State: AOJu0YxSRzfwoBsDbeyyFu+amd5gS/P8WZ4yqGAXj4iqoPkOEQ42KiGP WF5egt0bhe3u3Yr9qWDpA0UMmmuEkJnMZ8kMpAiXgwo6KVQyMBccWip9Ag==
X-Google-Smtp-Source: AGHT+IH1kJb3i80U2Um1sfyTvRcwGNxhONTClVQWEEXvjzVcka49KIIJahzNYEUqS1i37n3Aw7itPg==
X-Received: by 2002:adf:ed90:0:b0:367:8fee:4434 with SMTP id ffacd0b85a97d-36b31b4d48dmr956249f8f.16.1721884810390; Wed, 24 Jul 2024 22:20:10 -0700 (PDT)
Received: from ?IPV6:2a01:e0a:e1b:64b0:85d3:bb06:4cc4:d62e? ([2a01:e0a:e1b:64b0:85d3:bb06:4cc4:d62e]) by smtp.googlemail.com with ESMTPSA id ffacd0b85a97d-36b367c092esm830827f8f.13.2024.07.24.22.20.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jul 2024 22:20:09 -0700 (PDT)
Message-ID: <4397e16c-9101-4908-88ac-209cdcfb05e1@gmail.com>
Date: Thu, 25 Jul 2024 07:20:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Carsten Bormann <cabo@tzi.org>
References: <6de79105-257b-4af7-aa9a-b74db488dfa1@gmail.com> <E1C65C14-69EC-4ED5-A645-9D701AC054BC@tzi.org>
Content-Language: en-US
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <E1C65C14-69EC-4ED5-A645-9D701AC054BC@tzi.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: JYMOKQZBDRYESZUQNEQC7R7G3E74XHXL
X-Message-ID-Hash: JYMOKQZBDRYESZUQNEQC7R7G3E74XHXL
X-MailFrom: anders.rundgren.net@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cbor@ietf.org" <cbor@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Cbor] Re: Illogical handling of CBOR keys
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/-yIL8bCq-Lx3peHLSxj7IT8wlSA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>

On 2024-07-24 22:41, Carsten Bormann wrote:
> Hi Anders,
> 
> thanks for the detailed feedback.
> 
> On 24. Jul 2024, at 21:39, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>>
>> Related to CDE.
>>
>> https://www.rfc-editor.org/rfc/rfc8949#section-5.6
>>
>> According to this section 0.0 and -0.0 are equivalent but only when used as keys.
> 
> In CBOR, 0.0 and -0.0 cannot be both used as keys in a single valid map item.
> This reacts to the fact that many map implementations provided by platforms do not provide ways to do this, and requiring a CBOR implementation to provide their own map implementation sounded unreasonable.
> 
>> This does not make sense in a high-level encoder/decoder design where keys are just CBOR data items:
>> https://cyberphone.github.io/javaapi/org/webpki/cbor/CBORMap.html#set(org.webpki.cbor.CBORObject,org.webpki.cbor.CBORObject)
>> Question: does CDE compliance require you to follow this rule?
> 
> No, CBOR compliance requires you to follow this rule.
> A map with both keys -0.0 and 0.0 is not valid CBOR (we decided to make this compromise as, if it were valid, it wouldn’t be very interoperable).

Thanx.  Good to know.  Since this clash seems highly unlikely and also is the result of a compromise, I don't feel overly tempted breaking the [pretty sleek] symmetry of my implementations. :-|


> 
>> According to the same section, JavaScript values 1 and 1.0 are equivalent which either imply numeric reduction or some special handling of keys.
> 
> What you are alluding to here is a statement of fact about JavaScript, not about CBOR.
> It alerts the protocol designer to consider that implementations would likely need to do something unnatural (e.g., mapping all integers to Bigint) to support a protocol that relies on the ability to use both integer and floating point values in the same place.

Right.  However, in a typical high-level implementation, keys are just standard CBOR data items, making potential platform issues universal.


>> In the TC 39 proposal,
> 
> Do you have a TC 39 link?

It has not yet gone into a TC 39 process, I have only posted it on their discourse:
https://es.discourse.group/t/cbor-js-and-the-cbor-object/1759


>> keys are just CBOR data items:
>> https://cyberphone.github.io/CBOR.js/doc/#cbor.map.set
> 
> (Wrapper objects, as you seem to call them.)
> That is certainly one way to handle JavaScript’s number system.

Although the wrapper concept may appear a bit awkward, the additional control it offers, also makes it a suitable companion to the "builder" pattern (https://github.com/cyberphone/CBOR.js/blob/main/test/xyz-encoder.js#L38) shielding application developers from wrappers, JavaScript number quirks, and [any] knowledge of CBOR.


> Using encoded CBOR data items (byte strings) as keys in a map can also help.

That would be an excellent solution for constrained systems!  Reduced run-time processing + No constraints on key values and types.


> I’m sure Joe has a few more in mind...

Yes, his current solution is based on making special arrangements for floating point numbers.


> 
>> Since CDE compliance requires integer and floating point values to be separated, I assume that this is not really applicable.
> 
> I can’t parse this.  What is “this”?

I only meant that CDE requirements are platform independent.  CDE compliance obviously requires a bit more work on certain platforms like JavaScript.  Although 2^53-1 integers surely sucks, I'm "reasonably" happy with my solution anyway:
https://cyberphone.github.io/CBOR.js/doc/#jsnumbers.int
It is not clear to me how you can achieve this kind of flexibility without some kind of wrapper scheme.

Anders

> 
> Grüße, Carsten
>