Re: [Cbor] WGLC comments on draft-ietf-cbor-packed

Christian Amsüss <christian@amsuess.com> Wed, 28 June 2023 10:18 UTC

Date: Wed, 28 Jun 2023 12:17:45 +0200
From: Christian Amsüss <christian@amsuess.com>
To: cbor@ietf.org
Cc: draft-ietf-cbor-packed@ietf.org
Message-ID: <ZJwIyWNUDivpikLC@hephaistos.amsuess.com>
References: <YoTrbqq0Or2dfMdO@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="sxmU55cITJpck3DI"
Content-Disposition: inline
In-Reply-To: <YoTrbqq0Or2dfMdO@hephaistos.amsuess.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/BBdla1kp8aUDfNeWvuDQLsBeGGE>
Subject: Re: [Cbor] WGLC comments on draft-ietf-cbor-packed
Precedence: list

Hello -packed authors and group,

there's an older review that I think has been missed; quoted inline and
augmented with latest status:

On Wed, May 18, 2022 at 02:49:50PM +0200, Christian Amsüss wrote:
> * "are rendered as a hyphen": I share the sentiment, but there might be
>   processes where that comment is placed better. (But maybe it can stay
>   in here for some while...).

Still applies.

> * The explicit separation of the prefix and the suffix table makes it
>   hard to later extend to other affixes [...]

This has been addressed.

> * "A maliciously crafted Packed CBOR data item might contain a reference
>   loop" in section 2.4: That this is possible only follows when one sees
>   the ways the tables can be set up in section 3 (because it can only
>   happen with setups that set the Current Set already during item
>   definition).

Still applies.

> * "Packed item references in the newly constructed (low-numbered) parts
>   of the table need to be interpreted": Given how long it took me to
>   find that paragraph, it'd help if it used the term "Current Set".
> 
>   Suggestion:
> 
>   > The Current Set relevant for the newly constructed (low-numbered)
>   > parts of the table is the new table (which includes the, now
>   > higher-numbered, inherited parts). If any existing, inherited
>   > (higher-numbered) parts contain packed reference, their Current Set
>   > stays unmodified; these references still go to the inherited (more
>   > limited) number space.
> 
>   There's one odd detail about shifting the Current Set early of which
>   I'm not sure whether it will impact zero-copy embedded devices: By the
>   time the Current Set is used the first time (i.e. when seeing the
>   shared items), the amount by which the old set was shifted is not yet
>   known (because the prefix and suffix lengths were not seen yet). It's
>   probably OK because the items aren't evaluated yet anyway, but I ask
>   you to think this through as well.

Still applies.

> * "By the application environment, e.g., a media type".
> 
>   Does this also happen implicitly when using a tag from file-magic?
> 
>   (If so, should a media type also describe what happens to existing
>   entries inside the table?)

Still applies.

> * ad dictionary referencing: I think that a good way to do this would
>   also be to use an own registered tag (any discussions that pop up on tag
>   evolvability will certainly help there). Referencing the dictionary
>   via URI is probably too impractical to go into this document, but
>   dictionary setup by custom tag might deserve a hint.

Still applies.

> * This is currently informational. [...]

It is now consistently "standards track" both in the draft and on the
data tracker.


Related, I remember that we had discussion on whether we'd need a
general "stands in for" / "is expanded to" concept -- but failed to find
the relevant list thread. Has there been a conclusion to that
discussion?

BR
c

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom

Attachment: signature.asc

[Cbor] WGLC comments on cbor-packed Christian Amsüss
Re: [Cbor] WGLC comments on draft-ietf-cbor-packed Christian Amsüss

Re: [Cbor] WGLC comments on draft-ietf-cbor-packed

Attachment: signature.asc