Re: [Cbor] Chair review of cbor-file-magic 08
Christian Amsüss <christian@amsuess.com> Thu, 24 February 2022 06:55 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 521A33A0147;
Wed, 23 Feb 2022 22:55:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 84slbQvaV4RG; Wed, 23 Feb 2022 22:55:20 -0800 (PST)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id EB2243A00C3;
Wed, 23 Feb 2022 22:55:18 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com
([IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd])
by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 21O6tD8r099152
(version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT);
Thu, 24 Feb 2022 07:55:14 +0100 (CET)
(envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host
[IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd] claimed to be
poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com
[IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf])
by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 0D6DBD0;
Thu, 24 Feb 2022 07:55:13 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown
[IPv6:2a02:b18:c13b:8010:c452:7e07:77ef:2350])
by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 9F29E7F;
Thu, 24 Feb 2022 07:55:12 +0100 (CET)
Received: (nullmailer pid 1234859 invoked by uid 1000);
Thu, 24 Feb 2022 06:55:12 -0000
Date: Thu, 24 Feb 2022 07:55:12 +0100
From: Christian =?us-ascii?B?PT9pc28tODg1OS0xP1E/QW1zPUZDc3M/PQ==?=
<christian@amsuess.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: cbor@ietf.org, draft-ietf-cbor-file-magic@ietf.org
Message-ID: <Yhcr0KlCYiak9Ati@hephaistos.amsuess.com>
References: <164442074235.12313.4216473952031101282@ietfa.amsl.com>
<YgPhxUmjDUqLTEtK@hephaistos.amsuess.com>
<YhTi7sT7O7xzjLQz@hephaistos.amsuess.com>
<11503.1645643287@localhost>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="HmX2Y0iQ11S9F2ty"
Content-Disposition: inline
In-Reply-To: <11503.1645643287@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/9ue87Nrr_ATQUl3rdD0mgLOYdLI>
Subject: Re: [Cbor] Chair review of cbor-file-magic 08
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>,
<mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>,
<mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2022 06:55:26 -0000
On Wed, Feb 23, 2022 at 02:08:07PM -0500, Michael Richardson wrote:
> > * 5.3: At latest here, I'd have expected to read something about the
> > information that is lost when using this tag with 2.2. Maybe there
> > should be a line (not for IANA but for users, so maybe in a different
> > section) that outlines when this works with (non)CBOR content formats
> > and with which encodings.
>
> I've tried how to understand this comment, but I'm failing.
> Which information is lost?
I've phrased this badly: The ct encoded in the tag gives information
about the (structured) media type and the content coding. In the 2.2 and
2.3 use cases, the information in the content coding is ... discarded
(should be the word to use rather than lost), if it is acceptable that a
ct for application/mine+cbor@gzip is also used in this tag. Or the
content coding is required to be identity, in which case any
non-identity content coding would be ruled out (just like any non-CBOR
media types are ruled out).
> > I think I understand now that the 5.3 tags can be used with either
> > 2.2, 2.3 or C (55899, 55800 and 55801), but
>
> good...
>
> > * with 55899 the ct tags can only be used if the content format is a
> > CBOR content format and coding is identity (and then tags a value)
>
> 55899 marks CBOR, so the content had better be CBOR.
any tag tags CBOR, so the content needs to be CBOR.
> > with 55900 the ct tags can only be used if the content format is a
> > CBOR-sequence content format and coding is identity (and then tags a
> > byte string)
>
> > * with 55901 the ct tags can always be used, and tag a
> > byte string (which is also encoded according to the coding that is part
> > of the ct)
>
> 55901 could be used with any content, because it makes no promise about the content.
> For CBOR encoded things, any of these tags could be used.
> Are you suggesting that we tell people not to use 55901 with CBOR content?
I'm not saying that (and am pretty meh about whether it should be).
I'm just saying that the formalities of defining the tags are complex
(because 55799(ct1234(X)) can take anything for X, whereas
55801(ct1234(X)) takes precisely a bytestring ('BOR'). The text in the
IANA section 5.3 reflect that correctly, and I haven't found text that
sets the rules (rather than implying them).
> > * (Maybe security) considerations: 3.2 talks of trivially concatenated
> > data items. If CBOR Tag Sequence is used and the data gets literally
> > "concatenated", (say, `cat *.cborseq > outfile`), one might wind up
> > with self-described tags in the middle of the sequence. (As we do with
> > BOMs).
>
> I have added:
> https://github.com/cbor-wg/cbor-magic-number/commit/23c4176796d83e4d69ba56ab8a9b7f45cd691272
That sounds like accepting such chains; is that really desirable? It
sounds really messy to me.
> I think that you are having a problem with A.1 wrapping a CBOR thing in
> 55801?
I don't care about what is in a 55801, but the CDDL is confusing because
it is unspecific about which use case it is.
Either this tag is for use with 55800/55801, then it can be `senml-cbor
= #6.1668546672('BOR')` right away.
Or it is for use with 55799, then it needs to be `senml-cbor =
#6.1668546672([*record])` or whatever we use for SenML.
BR
c
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [Cbor] 🔔 2nd WGLC on cbor-file-magic-08 Christian Amsüss
- Re: [Cbor] 🔔 2nd WGLC on cbor-file-magic-08 Barry Leiba
- [Cbor] Chair review of cbor-file-magic 08 Christian Amsüss
- Re: [Cbor] Chair review of cbor-file-magic 08 Michael Richardson
- Re: [Cbor] Chair review of cbor-file-magic 08 Christian Amsüss
- Re: [Cbor] Chair review of cbor-file-magic 08 Michael Richardson
- Re: [Cbor] Chair review of cbor-file-magic 08 Carsten Bormann
- Re: [Cbor] Chair review of cbor-file-magic 08 Michael Richardson
- Re: [Cbor] Chair review of cbor-file-magic 08 Christian Amsüss
- Re: [Cbor] Chair review of cbor-file-magic 08 Michael Richardson
- Re: [Cbor] Chair review of cbor-file-magic 08 Carsten Bormann
- Re: [Cbor] Chair review of cbor-file-magic 08 Michael Richardson
- Re: [Cbor] Chair review of cbor-file-magic 08 Christian Amsüss
- Re: [Cbor] Chair review of cbor-file-magic 08 Carsten Bormann
- Re: [Cbor] Chair review of cbor-file-magic 08 Carsten Bormann