IETF Logo Mail Archive

Re: [Cbor] [Last-Call] Secdir last call review of draft-ietf-cbor-7049bis-14

Carsten Bormann <cabo@tzi.org> Mon, 10 August 2020 22:45 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E45C3A0DCD; Mon, 10 Aug 2020 15:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id muF9-6YiCddL; Mon, 10 Aug 2020 15:45:32 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D7A23A0DCC; Mon, 10 Aug 2020 15:45:31 -0700 (PDT)
Received: from [172.16.42.101] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BQWJP1DWVzyX6; Tue, 11 Aug 2020 00:45:25 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <D3AA9975-187F-485A-A13E-6A878607DBCF@gmail.com>
Date: Tue, 11 Aug 2020 00:45:24 +0200
Cc: Laurence Lundblade <lgl@island-resort.com>, cbor@ietf.org, draft-ietf-cbor-7049bis.all@ietf.org, last-call@ietf.org, secdir@ietf.org
X-Mao-Original-Outgoing-Id: 618792324.550929-fcd412e65053451cdfda2e66f3582eb2
Content-Transfer-Encoding: quoted-printable
Message-Id: <6A1090D8-D012-4A04-BC4A-9CF23E791DA2@tzi.org>
References: <159705005508.2366.4819563096010229406@ietfa.amsl.com> <B3108FFC-319E-4D8B-8DF4-A866585781DE@island-resort.com> <D3AA9975-187F-485A-A13E-6A878607DBCF@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/DEFhRLIeV2036FofI7xQviIN1R0>
Subject: Re: [Cbor] [Last-Call] Secdir last call review of draft-ietf-cbor-7049bis-14
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 22:45:35 -0000

On 2020-08-10, at 22:24, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
> 
> I understand that, but realistically, without a list of (potential) validity checks in the RFC, there will be wide variance in what is documented by decoders – if any. In fact I checked a few implementations just now, and most of them do not document what validity checks they perform. Those that document something are hard to compare. If you make a canonical list, people would have a starting point.

To be fair, you probably checked RFC 7049 implementations, and RFC 7049 didn’t have such a requirement (improving the discussion of validity was one of the major work items in 7049bis, see Appendix G.3).

One point to keep in mind is that, with CBOR, most validity processing happens in the processing of tags, and that is an extension point.  So a list in 7049bis will never be complete.  Even if it only covers base CBOR and the tags registered in 7049/7049bis, a detailed version is likely to be tedious and highly dependent of specific implementation approaches.

Trying to imagine the outcome of this exercise, my visual image right now is a PICS Proforma, so I think I’ll better stop here...

Grüße, Carsten

v2.23.0 | Report a Bug | By Email