IETF Logo Mail Archive

[Cbor] Re: Minor comments on draft-lenders-dns-cbor-10

Alan DeKok <aland@deployingradius.com> Tue, 26 November 2024 14:48 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02AD5C15108D for <cbor@ietfa.amsl.com>; Tue, 26 Nov 2024 06:48:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zunJsnGanPb4 for <cbor@ietfa.amsl.com>; Tue, 26 Nov 2024 06:48:11 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DBF0C151069 for <cbor@ietf.org>; Tue, 26 Nov 2024 06:48:10 -0800 (PST)
Received: from smtpclient.apple (unknown [75.98.136.130]) by mail.networkradius.com (Postfix) with ESMTPSA id F094F1A3; Tue, 26 Nov 2024 14:48:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.200.121\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <b38bc614-9850-453d-91fa-8fcab8467f37@tu-dresden.de>
Date: Tue, 26 Nov 2024 09:47:56 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <41AB8F78-9EBF-4331-92AC-3D32911DE2D9@deployingradius.com>
References: <0F4F16B6-248C-4239-B3C7-9DC5AEFBBD71@inkbridge.io> <b38bc614-9850-453d-91fa-8fcab8467f37@tu-dresden.de>
To: Martine Sophie Lenders <martine.lenders@tu-dresden.de>
X-Mailer: Apple Mail (2.3826.200.121)
Message-ID-Hash: SQ73DFRQQNDWTLH2TKV5YJ7ALNSGIG7D
X-Message-ID-Hash: SQ73DFRQQNDWTLH2TKV5YJ7ALNSGIG7D
X-MailFrom: aland@deployingradius.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: cbor@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cbor] Re: Minor comments on draft-lenders-dns-cbor-10
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/F_nYOj9HzcPW5l0QPAVtbk7UfPo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>

On Nov 26, 2024, at 8:00 AM, Martine Sophie Lenders <martine.lenders@tu-dresden.de> wrote:
> thanks for the hint. If we keep that piece of pseudocode, we try to keep this in mind. However, currently we are discussing to tweak the definition of name compression a bit, so that we can just use Packed CBOR semantics and references, see [1].

  Thanks.  While the packed CBOR semantics are substantially more complex than the method outlined in draft-lenders-dns-cbor, there is substantial benefit to using a common packing format.

> [1] https://github.com/anr-bmbf-pivot/draft-lenders-dns-cbor/pull/7

  After reviewing that document, my comments about draft-lenders-dns-cbor are also applicable to https://datatracker.ietf.org/doc/html/draft-ietf-cbor-packed

  Specifically, Section 2.5 discusses loops:

...
In general, loop detection can be handled in a similar way in which loops of symbolic links are handled in a file system: A system-wide limit (often set to a value permitting some 20 to 40 indirections for symbolic links) is applied to any reference chase. NOTE: The present specification does nothing to help with the packing of CBOR sequences [RFC8742]; maybe such a specification should be added.
...

  I don't think there is a need for ad hoc loop detection.  The only necessary requirement is that all references point backwards.  With that constraint, loops are entirely eliminated.  Section 2.1 of draft-ietf-cbor-packed could be updated to discuss this.

  If the tables are constructed dynamically as the CBOR is parsed, then the only requirement is that any new reference points to an existing table entry.  If a reference points outside of the table, then the reference is invalid.

  Once a reference has been validated, it can be added to the table as a new entry.  In this way loops are made impossible by construction, without any additional counters or loop detection at decode time.

  We then have a constraint on the contents of the table:

  e.g. for table entry "i", any references 'j" contained within that entry MUST satisfy the property that "j < i".

  This constraint is satisfied by construction by validating entries before inserting them into the table:

    Any packed cbor reference which is being decoded MUST refer to an entry which is already in the table.  New entries MUST NOT be inserted into the table until they pass this validation step.

    On encoding, the table is constructed in the same manner.  Entries are inserted into the table as they are encoded.

   The only way for the packed cbor to contain forward references is if the content is created maliciously.

   This construction also avoids the problem of exponential explosion in decoding.  It is not possible even manually to create packed cbor data of N entries which result in 2^N decoded strings.


  draft-ietf-cbor-packed also doesn't say what to do when the cbor references are invalid.  Is the entire cbor decoding discarded?

  Alan DeKok.

v2.39.1 | Report a Bug | By Email | System Status