IETF Logo Mail Archive

Re: [Cbor] [Last-Call] Secdir last call review of draft-ietf-cbor-7049bis-14

Laurence Lundblade <lgl@island-resort.com> Mon, 10 August 2020 19:27 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC453A0CC9 for <cbor@ietfa.amsl.com>; Mon, 10 Aug 2020 12:27:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0HbzIDajtXuW for <cbor@ietfa.amsl.com>; Mon, 10 Aug 2020 12:27:15 -0700 (PDT)
Received: from p3plsmtpa09-01.prod.phx3.secureserver.net (p3plsmtpa09-01.prod.phx3.secureserver.net [173.201.193.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 535073A0C8E for <cbor@ietf.org>; Mon, 10 Aug 2020 12:27:11 -0700 (PDT)
Received: from [192.168.1.78] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id 5DPjkCbls3pta5DPkk3dLg; Mon, 10 Aug 2020 12:24:56 -0700
X-CMAE-Analysis: v=2.3 cv=ea1DgIMH c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=48vgC7mUAAAA:8 a=83biogrR7TfdnlKm6MUA:9 a=CjuIK1q_8ugA:10 a=-lDN3miqRCKsXIsiMS0A:9 a=RqEnPhNPTZkw_uGG:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <B3108FFC-319E-4D8B-8DF4-A866585781DE@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_ACC591DB-889D-4050-85EF-D388D1BE4D85"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 10 Aug 2020 12:24:55 -0700
In-Reply-To: <159705005508.2366.4819563096010229406@ietfa.amsl.com>
Cc: secdir@ietf.org, cbor@ietf.org, draft-ietf-cbor-7049bis.all@ietf.org, last-call@ietf.org
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <159705005508.2366.4819563096010229406@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfIbeHPiwZF4IonxJzsDM5rW5WvhFRTxqsxC1OmatxkGRbpK2MBUz0nES+hvuLzV+XZB1Fma0L4kyXgYdBqrCNuTAvLSrR41SyvYB7Leu4vdplKVnF0VI dGc1bOsXG/n6pPmavKKj92SRJMloZuUz9FSQZpNQN9Ze0D1/+e6nw6wr/puhxggTkPWzsbIy0u+a+t5Q0u1jdwfLOS2EL9yoG+aF6NLcIu2q0qXmBGtatZHZ GCnWgc5GWxjlzKasHSy3bOMZJxyozBFrpzBU8OWUxGy8StwAOmgWRgNPbbIhs//hUdJXNYl+bVApGyb50A6N8Q==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/DNDgxD8s9eiedAJqYPwYnDpNBhw>
Subject: Re: [Cbor] [Last-Call] Secdir last call review of draft-ietf-cbor-7049bis-14
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 19:27:19 -0000

On Aug 10, 2020, at 2:00 AM, Yaron Sheffer via Datatracker <noreply@ietf.org> wrote:
> 
> Upon a quick read, it is not even clear to me which parts of Sec. 5
> are required/expected in a validating-mode decoder.

A generic decoder can do as little or as much validity checking as it wants to. What is required is that it documents what validity checking it does not do and that it does not prevent the user of the generic decoder from doing the validity checks.

The reason for this is that some validity checking is expensive for a CBOR decoder and is inexpensive for the consumer of the data. Checking the validity of UTF-8 or MIME-encoded messages are examples of this.

LL

v2.23.0 | Report a Bug | By Email