Re: [Cbor] Packed CBOR and dictionaries

Jim Schaad <> Tue, 15 September 2020 01:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EFD043A0BFF; Mon, 14 Sep 2020 18:23:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZnCkvhN1kFXc; Mon, 14 Sep 2020 18:23:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 460913A0DEB; Mon, 14 Sep 2020 18:23:29 -0700 (PDT)
Received: from Jude ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 14 Sep 2020 18:23:24 -0700
From: Jim Schaad <>
To: 'Carsten Bormann' <>
CC: <>, <>
References: <008c01d67c47$aaf73be0$00e5b3a0$> <28732.1598638838@localhost> <> <14972.1598651775@localhost> <>
In-Reply-To: <>
Date: Mon, 14 Sep 2020 18:23:23 -0700
Message-ID: <01ca01d68afe$cf87fb50$6e97f1f0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQEWrwsIZUXc1W2qApLXh9kZsjj9lAK3TH/EAmZ0d34BTYo2PwGuren5qqfPmKA=
Content-Language: en-us
X-Originating-IP: []
Archived-At: <>
Subject: Re: [Cbor] Packed CBOR and dictionaries
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Sep 2020 01:23:35 -0000


Have we gotten enough feedback to start on this or do we need to cast a wider net to some other groups?


-----Original Message-----
From: Carsten Bormann <> 
Sent: Friday, August 28, 2020 3:08 PM
To: Michael Richardson <>
Cc: Jim Schaad <>om>;;
Subject: Re: [Cbor] Packed CBOR and dictionaries

On 2020-08-28, at 23:56, Michael Richardson <> wrote:
> Carsten Bormann <> wrote:
>> OK, I think we need to answer a few questions first.
>> Is there only ever one dictionary that is being referenced?
>> Or can you reference multiple?
> I've read the thread and I think that there are three places to look.
> Please correct me I'm wrong.
> 1) included in the packed CBOR.

Yes, but I’m not sure that this is a “dictionary” in the sense of being separate from the prefix and shared item tables.  Is that what you mean?

> 2) included in specifically referenced dictionary (yes, by hash)

A hash is not really a reference.  It is an identifier that can be used to check that you have referenced the right thing, so you can sign the whole item.  Like in RFC 6920, that identifier could be augmented with a reference.

A hash also is expensive, on the order of several dozen bytes, so see below.

> 3) included in an application specific dictionary defined at the RFC-level.
>   (what Klaus was doing with CoRAL, I think)

I would generalize this a bit.  There may be some context that explains where to get the dictionary for.  To be able to sign such a packed item, there would need to be an immutable relationship between a context hint in the packed item and a dictionary (possibly identified by the hash of that).  An IANA registry can be used to maintain such a relationship.

> I had previously thought that (3) was just a rather static, 
> compiled-in version of (2), and only one or the other would be invoked.

I think we need to enable these dictionaries to evolve, so static, compiled-in may be true, but new versions of formats that employ packed items should be able to make use of new static, compiled-in dictionaries.  (The dictionary defined in RFC 3485 was never updated, but that is probably more about the deployment of SigComp.)

Grüße, Carsten