Re: [Cbor] Do we care about array-tags issue 6, clamped-uint8 arrays?

Carsten Bormann <cabo@tzi.org> Wed, 24 July 2019 20:41 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07DA0120637 for <cbor@ietfa.amsl.com>; Wed, 24 Jul 2019 13:41:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mjlof0Ijr-Zl for <cbor@ietfa.amsl.com>; Wed, 24 Jul 2019 13:41:01 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3673412060C for <cbor@ietf.org>; Wed, 24 Jul 2019 13:41:01 -0700 (PDT)
Received: from client-0200.vpn.uni-bremen.de (client-0200.vpn.uni-bremen.de [134.102.107.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 45v6gb373RzySy; Wed, 24 Jul 2019 22:40:59 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CANh-dXkkSJUOcHcBj1JRO20ULFVNNbu1GQU-j7bR7N-FCTt3HA@mail.gmail.com>
Date: Wed, 24 Jul 2019 16:40:58 -0400
Cc: cbor@ietf.org
X-Mao-Original-Outgoing-Id: 585693656.0601619-3afde280af40025ceb734ea1c3809f42
Content-Transfer-Encoding: quoted-printable
Message-Id: <24038E27-C30B-47F4-91E8-68C02FCAE26D@tzi.org>
References: <CANh-dXkkSJUOcHcBj1JRO20ULFVNNbu1GQU-j7bR7N-FCTt3HA@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin=40google.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/3_xQ4PN1ydnepw0XW6FcaQCkeCc>
Subject: Re: [Cbor] Do we care about array-tags issue 6, clamped-uint8 arrays?
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 20:41:04 -0000

To make sure that we don’t create a trap for generations to fall into, a paragraph could be added to the security considerations.

Generally speaking, an implementation that wants to perform operations on input data will need to validate that to be appropriate for that beforehand.  The potential trap here might be that a Uint8ClampedArray might feel a lot more like a Uint8Array than other types do to each other so the validator would be misled.  So don’t do that…

Grüße, Carsten


> On Jul 24, 2019, at 16:01, Jeffrey Yasskin <jyasskin=40google.com@dmarc.ietf.org>; wrote:
> 
> In https://github.com/cbor-wg/array-tags/issues/6 I complained that
> tag 68, marking clamped-uint8 data, is weird, in that clamped-ness is
> a property of further processing rather than the data encoded in CBOR.
> I worried that we might introduce security issues by allowing a
> potentially-malicious sender to decide how the recipient processes the
> received data.
> 
> More abstractly, I believe this is the only tag in the document that
> extends the CBOR generic data model.
> 
> I don't think the current text adequately describes when a recipient
> should create a Uint8ClampedArray from potentially-untrusted input
> data. But I 1) didn't object during the last call and 2) don't think
> this is a big enough issue to try to hold up the process if other
> folks think it's fine.
> 
> So, how do other folks feel about the marker for clamped uint8 arrays?
> 
> Thanks,
> Jeffrey
> 
> _______________________________________________
> CBOR mailing list
> CBOR@ietf.org
> https://www.ietf.org/mailman/listinfo/cbor
>