IETF Logo Mail Archive

Re: [Cbor] Reviews and shepherd for draft-ietf-cbor-cddl-more-control

"lgl island-resort.com" <lgl@island-resort.com> Sun, 14 April 2024 19:31 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186D3C14F5FC; Sun, 14 Apr 2024 12:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NUPnQXSg1g0v; Sun, 14 Apr 2024 12:30:56 -0700 (PDT)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2139.outbound.protection.outlook.com [40.107.212.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB510C14F5FB; Sun, 14 Apr 2024 12:30:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HVcR8WfpaGsBY/Hn76Kx28FsU79qdxUDnuU5Hg7gaeJfbZrk6y9VRdmfumNy8/p7KNRMN2twyuiscgZ0e0syt86rdAttN76vN+9P5F1hSjYq4bkoCEVVIUU+RYC/fHuBwqWXpUltX5vgy+hjIEvs22RaUN1gKPTsep65O6MVsdTu5ZG0f6NaJyWfK+34zH7yEaMcjYM+yQbKjQy8MFGYBnkOegH1MZ/LxtYIYIg5T9AA1NrQJ6VQqwu7+6ciPFOxiVyC267bqkKtnuc14luAPB0oR1MlZEjx+t7gjKQAhb4VM+5+/JwP9mMT38yjz093zZgOBscZ5yqDlUbbYoi3qA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vw/7JiCo+J8HuSSF9g5YGsjC2OCU+GkUJCla1agu9NU=; b=kZryL/23iSLX4Gz3ysXRZwY3mM1cknK9WK/FEybf+VXXhZpszuKaoqtYr+zRyxvV9H51j5v/xHGZNW4HLjoF56F/9otZvsfDZsPpoybnzqf+6PLRKTzGXHmcX9lo9di+OUCdPBJ8HyZRnAB9VfmwYwTnVsN+T2WtNycZvn03lXI+BCCLY8KD7ZmWSnoH7USU5O5B5ptMeSOxX0l6J7a0LDTQ2h+XNCitsaDYqcO81K5UsWbIFLu+HGIJsyvvtaHK3GO2eGznflZfLFfhnXSEwTOIsYa0ZhY53EwW7Y/1zNYyv+eieXRANazbCi/lvOfr2Ph47cdlRNGSHbZ1nGm1Ig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by CYYPR22MB4180.namprd22.prod.outlook.com (2603:10b6:930:c2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.54; Sun, 14 Apr 2024 19:30:52 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e%5]) with mapi id 15.20.7409.042; Sun, 14 Apr 2024 19:30:52 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Christian Amsüss <christian@amsuess.com>, "cbor@ietf.org" <cbor@ietf.org>, "draft-ietf-cbor-cddl-more-control@ietf.org" <draft-ietf-cbor-cddl-more-control@ietf.org>
Thread-Topic: [Cbor] Reviews and shepherd for draft-ietf-cbor-cddl-more-control
Thread-Index: AQHaiaBHsJSaT6YN1UegnAVoy4cepLFgP1yAgAAKsYCAAqT9gIAAJZaAgAMnUwCAAfVFgA==
Date: Sun, 14 Apr 2024 19:30:51 +0000
Message-ID: <C99FB4A9-1BCD-427E-8107-9EC52F809742@island-resort.com>
References: <ZeMG7tpfKLyf3aSz@hephaistos.amsuess.com> <ZhPIC9DyzcpyhjPI@hephaistos.amsuess.com> <3FECD79D-C19A-4F04-BF04-A39AC4962C2D@island-resort.com> <31FEFB97-87CD-4B6D-86A7-06CBE12D51E8@tzi.org> <EF87DF03-8483-45DD-AA80-8E885BB78F75@island-resort.com> <824851A4-BB83-400A-BBBE-2BFA5E6A4D60@tzi.org> <3F4D3A40-B55D-4625-8684-09915B13B036@tzi.org>
In-Reply-To: <3F4D3A40-B55D-4625-8684-09915B13B036@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|CYYPR22MB4180:EE_
x-ms-office365-filtering-correlation-id: 993d66a5-329e-478c-82e2-08dc5cb96556
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: chF/yim+Cwn6oFELUyOqX49XmZ2viSRR+FjlzuUmkGhOAattMxgS3tJSropWILCID32pvz36p96RnVtJqruK8qku1BaKheqiVsi7pHiUY7KTzjoUetnb6nXA5pXSrElz/KzRFzgCUI8GyvlJsZC7/AvcW/LkeNiLKwkkzn/Xstm2V9s0HqxwmJPnILsGZWQroSsjdvJZnVxzJpt1CAu2v32ls/9JKZEqD4DN0Xxqgs6X6qENnlrV6NpImKsNaRKFLI8GahxMj+DpLa0HmtK+ZOGciKw6fVfSQz7acUcV6OyexPhZ33kPgWbg6HEwNXY/TdU1Xwf3FOXb9wxfsKdV53roIqEgz/7TmCdjPq3FWEST3oGPiOZBYwdm2z9LOPQife6geSIHf5utiS6h+DFTZe8VsIKk4gu1jQ1odYB3wbN36BkQGSf2ppvPxycJJgHuaK+QLmemCQC3LnnzdJiJUQApDYAFlmnQXB4SCKPIfJaCxf6zRIiR59yWruZF5YUn8Fkn62jYe/5q274hkOhrlLkdWxiNgKN/6t2yT5c/z4YWVlHicHMWa70UUbmvQEdmC8n68gljJ/tfwNhv2cgObrK5KoZeDuS67F8C12wN17yTvlAHEL5xb60ga8D2IMpcncZp2GKbOvxleLn2ViJOlQnnkPMSJiFmgHB495GcC8M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 96pN3XGvtC8ahz+RtbgdXYX+XiuxGr7b6ufBV2masZ1C/GKOoK2ctxX0CDRQqq5qOh8H0JcJ+gp5fxk4ebamLNBmUVzCBTdtBGf7a4EUu25dGF35i+n1CahOsx2qfwkyxEPZTp4bqj+3YkHfE2W7L8+9FkDqU2iKU9idmoGWy7BMIuO/4qElRRL6pja4rZB3ysruPnyBWkB72/3Cqdhs6AcecET7grDcb4xC7vae+makN1NrhXeBViIxpNTBgw1QHcc12tjaxzrK6jGtbAsq7ndG0tgUzjqUe8W6J/2Od6Haf1D7Kl2U50uWWf3RcWCsQ0wmcKeRN5qbqjVoBk6uCvw/e4zbb6GgETbn+12j7xtE1vuRBCU2aYW9GpKqdSdpMLLrrvQ48A3J6eHtKJNaMlsRbgCnXztPmYaG8wzhBrl/nG0dLlgLCg7mK7ratHP4jJQN2lWqdtSqcpwrw3ncREubT818inKeA5YPu2O5MduiXi62HdOSonuIe9tCI9yZEY4w/dp6xCswyLB39sUKUPLUWaVXO0QTGHOIwVPef8Fh9gKUZG6Zd3pKoYAkfha9rCY6vs8j95qIfc4rcAcUP8cIV3dPvFXrKF1FNB3v2PtcEu+7hqAW3mWOW6XuEFnmgzf6gbofEUWAY4EsDgfzYl/Im2waQ2hJsurca/gdkwisFc0Q0NNTvFdQfBssN9S6FgjsBKLLC5Qa1ks1zLymIYwMpIV8opclCN0C8aOiC6Py4F3PWegp04gnWZobSZq7EfdYUGDb+IN5rwujuwjjWCLUOQt27vWRyVCwYwphzKFDsiAWO/aah9ODTrjx8gBb6ZRDYsaHsSQPEm1V7D42zIwXoqJ1dmYMvjm0EKi++6zFdRYGsXxNQBchiQCcOtSVRWg0zizjNFvxX55ItvKKcQltT4gC1NRWCu5wnX+V71J0q3hzDAJjyA4GAUIEPOm11ecfj76fEr7Z+wCHjaLfso98JEGk6aAcDesbOXbrCv2Bohs+kV8zttPQduq2jZctKSIoiGhgnajH2PyXHT0d+wQwcfcfJYm4HD/zeDOZB4fncN7EeDSVSh0rWuBMh6lXYuolf152UPoJFY7WRoTMDyZXe+JVIbyBD9HhXUG0bEAq96YkJsf3z6DemMdF0xksPPIrBWX+DGPR9R0Poge98SdrphQBFRpYVP/5D99MTiLY7bmQevimolyrDvJRiuN3M8ALhsFVHS8f5v1VWCh/k2GuoWiYWctO7+vDvJL9qp7Ni23ZwKCO5j7XDwlFw/OevGt1cHWGaLy4iv2XQuUhb9jlY3Zh9NJB3vHyml5xDZeHZ7jeF3Okj02EwAZI+cWWlbZQm+E6IYqg+bt5qBRD4zdwxoqT+5LC5ElWC8+Rs+0cvntjW0x5tFF0FXKCpemDQvfkBizrxBP3oFGZqtPlWQ16iLFqU9lqxNT3f/PuqW3nBjQDZ7lkeSTBTKzk6nr6xJQLA+IrUuzIAD+BrSVBKWifcP6+RPzedr1pIbfEQeXnclGbv1g+BFKxSwfeAwXaPSAOByDaer2sy/9L5ozcSbXt4IJsn4zNOFI0b3oJtW2+lrCER3HvbfDwGuzsMbEH9RjGC8Fj6HlHmQjEqcrFqA==
Content-Type: text/plain; charset="utf-8"
Content-ID: <DDA6F78C5AB0FB46941F989E7F2C1797@namprd22.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 993d66a5-329e-478c-82e2-08dc5cb96556
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2024 19:30:51.8063 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xIxbOWgZbRO70D5PI8GLrL7Safx6xcChR5iGVH/gWRCmrf62/PFjVowfaIChrYM9aTVuAlJqbGcsDXAHdD9s6w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR22MB4180
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/94PxEHmht57G3q5TLjY1ipinBX0>
Subject: Re: [Cbor] Reviews and shepherd for draft-ietf-cbor-cddl-more-control
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2024 19:31:00 -0000

I’ve made a lot of progress using .join as described below, but this comment is about “.b64u” and RFC 4648 section 5.

It’s clear to me that a base64url encoder should output “-“ and “_” instead of “+” and “/“, but it’s not clear what an RFC 4648 section 5 decoder should accept. Most tools and websites I’ve played with accept both, and that’s OK. However, I was expecting .b64u to reject  “+” and “/“ because it is opinionated, but the cddl tool 0.11.4 doesn’t.

Here’s my CDDL:
    foo = text .b64u bstr

Validating “jkd8” correctly succeeds

Validating "&kd8” correctly fails.

Validating "+kd8” unexpectedly succeeds. The “+” is b64, but not b64url.

Validating "YQ==" correctly fails due to opinions about padding (that I agree with).

Interestingly, .b64c does seem to reject inputs with “_” and “-“ which aligns with my reading of RFC 4648 section 4.

I think I prefer strict enforcement because this is a validation tool. If you are picking b64url, you are probably avoiding classic for a reason.

Whatever behavior is decided upon, it would be helpful to be clear in the draft because RFC 4648 isn’t that clear and most of the tools I played with are not very organized.

LL



> On Apr 13, 2024, at 6:36 AM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2024-04-11, at 15:27, Carsten Bormann <cabo@tzi.org> wrote:
>> 
>> JWT-JWS = text .join ([
>>            b64u<jwt-headers>, ".",
>>            b64u<jwt-payload>, ".",
>>            b64u<jwt-signature>])
>> b64u<B> = text .b64u B
>> jwt-headers = text .json jwt-headermap
>> jwt-headermap = { * text => any } ; simplified
>> jwt-payload = bytes
>> jwt-signature = bytes
> 
> This proposal didn’t address the fact that .json describes a text string, but b64u<B> requires bytes.  Better:
> 
> JWT-JWS = text .join ([
>             b64u<jwt-headers>, ".",
>             b64u<jwt-payload>, ".",
>             b64u<jwt-signature>])
> b64u<B> = text .b64u B
> 
> jwt-headers = '' .cat jwt-headers1
> jwt-headers1 = text .json jwt-headermap
> jwt-headermap = { * text => any } ; simplified
> 
> jwt-payload = bytes
> jwt-signature = bytes
> 
> (This uses .cat as a conversion method between bytes and text, please see [1].)
> 
> This could be beautified some more, but does show the principle.
> 
> Grüße, Carsten
> 
> [1]: https://www.rfc-editor.org/rfc/rfc9165.html#section-2.2-2
>

v2.23.0 | Report a Bug | By Email