[Cbor] Why draft-cbor-cde -- serialization issues in RFC 8949
Laurence Lundblade <lgl@island-resort.com> Thu, 17 April 2025 14:30 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@mail2.ietf.org
Delivered-To: cbor@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 526451DA62EC for <cbor@mail2.ietf.org>; Thu, 17 Apr 2025 07:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=island-resort.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NBvDUIGcDQ0C for <cbor@mail2.ietf.org>; Thu, 17 Apr 2025 07:30:22 -0700 (PDT)
Received: from sender4-pp-f112.zoho.com (sender4-pp-f112.zoho.com [136.143.188.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8F9BF1DA62E5 for <cbor@ietf.org>; Thu, 17 Apr 2025 07:30:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1744900219; cv=none; d=zohomail.com; s=zohoarc; b=RDWod2z47LtTASjpCrT/r3Lti2rNjOfc9u12wbPb5+chntcMkD4Sy4jm9Fr1QPIycGlvv2qvhz9DK32Xg1HXdNpZcqNmQM+2Bu/SgCD/bKMIif7Ip13m0GJcH1ZgRRIjfCGPv5sH97J12R1VKYlscxLnzQYudLBSx08S+vVO1cw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1744900219; h=Content-Type:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=+LbNz++Jghq/xwJi34XyTyzkHazQU8J2w1rSw1ZpfT8=; b=QCRiM0sZY17IerOpJn85pQk8zZD5sSRznbbH0lvFluixOsRXmyR8HDMCOBUOmEa9OkRPCs5Z1Deo7dRxJkAPdLf5BKOra8STFAzfVm+68lBUCIj14TC+o+VEK3iaSOKzxhRPkIWeHXJJIE0+W/pjcnBxE1N9EXyk9huqkj5SjHE=
ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=island-resort.com; spf=pass smtp.mailfrom=lgl@island-resort.com; dmarc=pass header.from=<lgl@island-resort.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1744900219; s=island; d=island-resort.com; i=lgl@island-resort.com; h=From:From:Content-Type:Mime-Version:Subject:Subject:Message-Id:Message-Id:Date:Date:To:To:Reply-To:Cc; bh=+LbNz++Jghq/xwJi34XyTyzkHazQU8J2w1rSw1ZpfT8=; b=j1bzAQKyWTuTGGQ76lXlEu+xHGU6SC+FXW/JYvvRJqJ9Ot414XO65ZWNH8qP3sdm Mig4qbUBc1ZGT5gIVSzqNTdOAngaEK/wmvmZxViDhRvAszXHdvHXHg46Wphd4XQeDrU ImOBZPVXmGiP0HRDZ9Er7ouBnnWLiOmSYbvQtqR8=
Received: by mx.zohomail.com with SMTPS id 1744900216801833.287817814451; Thu, 17 Apr 2025 07:30:16 -0700 (PDT)
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DC8ED973-6D3D-4C89-963F-5D3D192C2309"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\))
Message-Id: <18C1E0FA-6315-4064-A1A6-0325008523B3@island-resort.com>
Date: Thu, 17 Apr 2025 10:30:04 -0400
To: CBOR <cbor@ietf.org>
X-Mailer: Apple Mail (2.3774.300.61.1.2)
X-ZohoMailClient: External
Message-ID-Hash: RQP5W6WUGPB3SA33K6MCNBPBVUHNK72W
X-Message-ID-Hash: RQP5W6WUGPB3SA33K6MCNBPBVUHNK72W
X-MailFrom: lgl@island-resort.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cbor] Why draft-cbor-cde -- serialization issues in RFC 8949
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/DGCvio8GDBgrtjm7yj_HRU1oHkQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>
Here’s an email form of what I presented at the interim meeting <https://datatracker.ietf.org/doc/slides-interim-2025-cbor-07-sessa-serialization-issues-in-rfc-8949/> yesterday. No solutions, just being clear about the serializations issues in RFC 8949. LL === #1 Definite Lengths not Required for Preferred Serialization === RFC 8949 preferred serialization allows indefinite lengths. None of the other preferred serialization “preferences” have exceptions. === #2 RFC 8949 Restates Requirements === Naming Reminder • CDER: Core Deterministic Encoding Requirements, Section 4.2.1 of RFC 8949 • CDE: Common Deterministic Encoding, Section 3 of draft-cbor-cde • Section 4.1 describes preferred serialization as a series of preferences • Section 4.2.1 describes CDER based on preferred serialization. It restates preferred serialization requirements in normative form • They diverge on definite-lengths • Implementers need to read both and cross-check • Restatement is perhaps suboptimal === #3 CDER Doesn’t Cover Big Numbers === • Preferred serialization in RFC 8949 puts requirements on big numbers • CDER’s restatement of preferred serialization in RFC 8949 doesn’t include big numbers • CDE adds determinism for big numbers In the meeting yesterday, Carsten said you can read the text to mean that big numbers are part of CDER and thus CDE is not a change. However, you can read it the other way too and we agree that the text could use improving. === #4 Tags Lack Preferred/Deterministic Serialization === • Preferred serialization for tags 2 and 3 in RFC 8949 • Deterministic serialization for tags 2 and 3 in draft-cbor-cde • No preferred or deterministic serialization for tags 0, 1, 4, 5, 36, 257 in either document === #5 Full and General Data Model Determinism === • There’s little (no?) discussion of determinism beyond tags in RFC 8949 • dCBOR is an example that data model determinism is not just about tags • Discussion beyond what is in RFC 8949 was needed, so ALDR was created
- [Cbor] Why draft-cbor-cde -- serialization issues… Laurence Lundblade