Re: [Cbor] CDDL in draft-ietf-acme-star-delegation-07

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 06 April 2021 16:57 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F1193A1E86; Tue, 6 Apr 2021 09:57:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXNETIACkQRf; Tue, 6 Apr 2021 09:56:57 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2040.outbound.protection.outlook.com [40.107.20.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2705F3A28D5; Tue, 6 Apr 2021 09:56:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NBIfou9KcavYAceUYaEquWxuYj2G5rCP9N0kVWWcHKoW4PDUbGX/JKI5vF9fZiwOIaqvmFzkfbMJJaGcKUmBErGjvrxw0UmtbScxh7H9l2mvozxrDbU2GzJ1NXYZvuoE4CY+BR16XTL1020MTKZnppd2TfphUfvLIix7edGPRUbdH5bIT3fd0sdbmTWJEYAc7HScZqaW/0GKS1p3QOZr7tMDe/IFpUpz/8BJVDE+GBu5ThYxPs4VyBHC1OwerqUcni94GQeMxe9JDRb45l4Gd9GgBpNHyPMltTL2F5w9Pp2Uj/kdqTUBNBvtThkSrQg4pHr4533mJ0sJOcGuNwBkFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oob48xe49DvxojKJ+kdehNkQ+xfrpe11xnC+aLLliKQ=; b=aP2wtOwZhe6LnFy3SzNf4LdgoXJJhVxoo3XTNLEyi7rAg/e7aWQ5K0Qtvbj4PgVBalIjh0QOw9inx9gzBebPntfaEzhsbB1xpdT5L34cCqRetHNx0H1ps14RCTe3OmaDJhXMmL6I7DnzvsOxAwnHnOI8d5J4a77Ixpd7I35hE3wO3GmckvRzoyqMT2Pe2CIirr/HhP0l+pfRt1QIncS2QiiTjUYJin+xjUYwJhlkG0OfXmie7No9Yf0OQJ3SL3pSjGg2sgvFoUWaCvYdS67m7ol1pkQRA8p5GZL8YUPDxEk61qr0hEz4I0/APK5lrG4w/lRIDC6YeyfdiMy1h8WtNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oob48xe49DvxojKJ+kdehNkQ+xfrpe11xnC+aLLliKQ=; b=ZeBOtxb8j9nPGDD06Ibo4mFZRXQEVHQqZuZOZ3LwkOPiDDy20qZuk8Yee5hN23rhCNjSZRXuzJ/xDlP6GO2fZyVKrLUz0neMCyn9VEwqnMb60OJgkABUNyi/taHhKIQBCKHYp+ttjj+1T6cVTWWFsdcj2SzWTg3tP9BKkd9lcHc=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0701MB2345.eurprd07.prod.outlook.com (2603:10a6:3:6c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.8; Tue, 6 Apr 2021 16:56:54 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::593:f4fd:94e3:d90b]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::593:f4fd:94e3:d90b%5]) with mapi id 15.20.4020.015; Tue, 6 Apr 2021 16:56:53 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>
CC: "cbor@ietf.org" <cbor@ietf.org>, "draft-ietf-acme-star-delegation@ietf.org" <draft-ietf-acme-star-delegation@ietf.org>
Thread-Topic: [Cbor] CDDL in draft-ietf-acme-star-delegation-07
Thread-Index: AQHXKs5A6DJmChB+p0eu+dqXQrw/7aqnolKAgAA1SIA=
Date: Tue, 6 Apr 2021 16:56:53 +0000
Message-ID: <10C08C5D-016D-422F-ACA9-23E492CA5E93@ericsson.com>
References: <215725D8-7589-4121-A209-5E8802291955@ericsson.com> <6E353DC2-E9E5-4BDE-9522-024A080093BB@tzi.org>
In-Reply-To: <6E353DC2-E9E5-4BDE-9522-024A080093BB@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [62.63.203.117]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 623170cc-bb73-460d-1f36-08d8f91cfb09
x-ms-traffictypediagnostic: HE1PR0701MB2345:
x-microsoft-antispam-prvs: <HE1PR0701MB2345CB4CB1A3D278B15089AB98769@HE1PR0701MB2345.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zCzO4Vbw8RdfzwpQOQGPAdNSVFFl9k0ZyGeladtsrxM6TQnIEcJhD2nSV+qjE8RZxdMxsjZiHAIDuy6G/6DbtobQLij2ge5DeZXDbQ6TXiz65lSJDdZ+QNCgvqSvy95oY64BnL4Jt++aJ9EGDwYQ13SI/3KVQvh+he2iTYfQK5wUtNKAxrOhzTv07oTEyT6w90Cr6wNT5vHDBp89qxSZrkkTY/wGESJrtBYGBOzwLD1Zre9G6Y/SZTMpbbYZbXzmQR58XEoEzmAWRufpqp7sqepZlhPbSERVcX+m5XaCPmIU/+Sp5cY2xiFWgHdKRjGgKP48avIAnKBQckwKxyiHufXD3n7SKXtxJCjG3tsepI5AjVzRpQO8o9n90BzC8/8V6E+KtNggVlfYLaQCjv/jvDnn+36tcSexZsNrUsIn/zRXcwh8k+lwqJJpnMM0zcN/G4EvF6g8rOM7ZyQUeWH1CL3NH+nYuNCI0H3zus4F74SMACETfwTnTP4pPZm6e/lcnp0BiJ5NVg23iDFlYBvs6ex2p2k0YKfl+gWTHTKSHvsxyinNKEywCqrW2tqKO+ECAXN64wS+5LKseBunjeGghkcSRlT+FlzS8ogCFnIvGIqS8gvenGp488YsvKYtshjEKEKC9bsUnZtaN2FxElOqAQfnuWZWFG8u5BhBATWvaEwvsTU2Mo3pPZ0fvJlcO7q+KYU+AD1E1ED0r3rs4kYDH0Uyje6Tag2QF3DH1RZhCztASjzlUAX7SNutzLk/tICgy5UKEO3nq8h7uIvEZABgniQgy8C49XdUGzQRadjFH/4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(376002)(366004)(136003)(346002)(396003)(6512007)(71200400001)(2906002)(26005)(4326008)(83380400001)(186003)(478600001)(53546011)(966005)(6486002)(6916009)(86362001)(76116006)(36756003)(38100700001)(8676002)(8936002)(6506007)(66476007)(54906003)(66556008)(64756008)(66446008)(66946007)(5660300002)(2616005)(316002)(44832011)(33656002)(21314003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?dVFpVkNuKzNYSXFTenRsajRJQjcvNFFDb2w1OWtlc3M3ZkJCRmtDUHR1VnNS?= =?utf-8?B?cUI1MTFKYTY4eEpsZE12ZWJHWUxaN0FrUEpnUnoyS1dENTNBbXVDN21BQVU1?= =?utf-8?B?d3BBSGtpREtHWlB2Z1EwNHNqd2Z0QytsbGZsQ1p6UlZuY1FTOHlhNUlxVW1W?= =?utf-8?B?ZldvSnl4Rm9YNitEelNKQUM5eDY2dXFRRUpsT2pwdGIxckVqTTdIN0ZvNVI0?= =?utf-8?B?VkozcDZDM09EMlhpeUlrWUlDSzgzUjZweWtLdFowUXk5WmdHSEtsaFpPclVk?= =?utf-8?B?LzAxemJSWkYzUjh2NWpZaWpreVczM3h5d081aldrY0Z1WWd6UUdpT016UTk3?= =?utf-8?B?NnppNklKeUNUS1hKei9UbFZVVWFTMTFZUzRYTTJpNDBpNEFtazVleHJoeWFm?= =?utf-8?B?aWY1MTBTZ1BLWnNQWmxpVnl5cVJrSnQ3MGlYRHNiK2gxUVZmSG4wM3NEa0Fx?= =?utf-8?B?NjAvc2VjZXhvS3B1emhNTTRoT2x2WkRvMExIVkowaWRwS1o4TlQvdlFZbHMz?= =?utf-8?B?d2hRRFBhV3hDWDNORkNHWTlna2NuOUJuN3k0L1NQMDB6MEU1U2VhQ0JjaWph?= =?utf-8?B?SFl3MlJRaFFhU0p2ZiswbFVDcjhVdER0M1kxSFhONUdoZ3FPVHpidnBHYVVD?= =?utf-8?B?VzZZYjJ0aUs5WjVGVk11d2kySjBEMGxrMUFJTGJ5NUtTb3NMVDdZS3VLL0Jp?= =?utf-8?B?OU9FRHVIeDFMZXZSdHFsbzM2TnVxU3A5MURKWG4rZ0JCTHEyZ3A0d0N2YjBV?= =?utf-8?B?STRsVkVUM0VaL01hdERicjhnMTdkOTUzKytKekYzb0JYdnN4MUkrUmgxUWor?= =?utf-8?B?OFZRUFhsbCt3NWJaK3JLY2VRSEVDT3RQQnZEemF2YVVHaU5tY3V0Wk9qSzkx?= =?utf-8?B?cXpaVVN6aWVHZjJyV2xvZDd2Y0RBbUQxV3F4eFhaV2tneFdUZHFjaHlXVFN0?= =?utf-8?B?MU96cU9WMzB3dno3Y0w2OWEzbXZNd2xoTVJreDA1RjdEeFFFZ1ZTbG1EdXRK?= =?utf-8?B?Q0NiRWJEKzkxNVFkQ01GOU5ybVZnMStXQWw4Mys1amRYTkhrSHl3ekxaWFlV?= =?utf-8?B?S1NRT21JcHNtYU1hMDlsQWVmYkZyUVdreCt4ZU9IZGcrbTEvemU3TGdSSkV1?= =?utf-8?B?d3JYMXNJOVc2SnVvZndTek1yQUE1M1VJZkhtMG0vY3d5T0crNnhZeElVbnlL?= =?utf-8?B?cWtJNzN0b1U1WmlPWFhuMHRkV0hmRWxFcWFWSkpQMkswVVVIdThBY053Wlhr?= =?utf-8?B?UzM4cTJtZjBZTHV1Q2xLWHVVRXA4bUxUa3JMVndtY1FNRlhQcnRqUjF6Z2pi?= =?utf-8?B?dEVxYTRIdmdwU0loSXZsQ0dibktwTlBRVWtkSFBVY3FwZWQxQ1NRekVKNUdB?= =?utf-8?B?ejY1OXh5YjljUExVQmk3bmg0NWVoM1hyL3NQVHl2NGRyTCt0cUphUFZoQlhu?= =?utf-8?B?NUpwY0F4a1U0TlVPOEFnSXpUdnNvb28wUUtNelpPeldsZGlEZVYzRzUvbnVp?= =?utf-8?B?enNIT1FSRUhEcXg2WnBBMnVSanp4bTlDS2lTZ3J2TTA0QWdtSVE2Yk93L0pa?= =?utf-8?B?WUtSdGFTWFdEQUh0cmpNY3U5U3dJQjQyeU5OWW04WEhYeHhRVWRZWFdNK0x3?= =?utf-8?B?SGFuU0hPN1AycDhJY2xRbmEzRlJtTHdDOUJ1WkZzZ250dld4dnU2UGIxdGZy?= =?utf-8?B?Q014Z20wWnhwcnBzMG8rWUlhZFRFS09TbHRGVnMzK2VERDh4T3NvbktUMFhW?= =?utf-8?B?U2ZKaEtYL0JDeXdGNUwrdXNvNnY2V25GN0V0TjFKYm0zaGlTaHZqckNwd0FO?= =?utf-8?B?QmlEK1UzMXV3N1VXWHR3Zz09?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F9841A4BA6FFBF4790C3EBFF26732DFB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 623170cc-bb73-460d-1f36-08d8f91cfb09
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 16:56:53.7535 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2tantvqYO1zwgJwrjoh996QoygpmWaK4AzZOekQ3l7Xw3fBJYLA/7mbFHJ2cSAemkCGclKcU5fjTMXACyPB4MNYFWlmjhChKPrJ2AhmqY6srj8UAcXLvnShLwwh4NpBL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2345
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/J7MCWo71XkcwzGnJP1KMMIwbJN0>
Subject: Re: [Cbor] CDDL in draft-ietf-acme-star-delegation-07
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2021 16:57:03 -0000

Thank you very much for the super quick and rigorous review Carsten! This is extremely helpful, I will point to your comments into my ballot.

Francesca

On 06/04/2021, 17:46, "CBOR on behalf of Carsten Bormann" <cbor-bounces@ietf.org on behalf of cabo@tzi.org> wrote:

    Hi Francesca,

    here are a few comments.

    (1)
    The json-schema.org definition uses oneOf, which should never be used (anyOf is usually what is actually meant; this is a well-known problem in the json-schema.org vocabulary).

    (2)
    keytypes is missing a minItems=1.

    (3)
    The regexp for “oid” (in both JSO and CDDL) is quite permissive with respect to leading zeros.  It is rather unusual to have leading zeroes (except for arc zero itself) in OID strings, so there might be some interop issues with that.

    (4) the intro to the CDDL should probably mention that the multipleOf=8 on the RSA key size is not reflected in the CDDL, nor are the format=xxx keywords (which are not terribly well-defined in JSO either).

    (5) subjectAltName.DNS items allow “*” and “**” in the CDDL form but might not in the JSO form (format=hostname).

    CDDL Style nits:

    (a)
    rsaKeySize = int .ge 2048
    =>
    rsaKeySize = uint .ge 2048
    While these mean the same in CDDL, converters such as CDDL-YANG converters could put in different underlying built-in data types, and uint is actually the basic type for a size in bits.

    (b)
    There are a number of “1*” occurrence qualifiers that might be slightly more readable as “+”. 

    (c)
    regtext-or-wildcard could be simplified by making use of prioritized choice (Appendix A of RFC 8610).  Of course, the current form is easier to translate into other specification formats (which actually wasn’t done for the JSO form), so this is just a note.  

    (d)
    The non-empty object requirement (JSO: minProperties=1) could be stated in CDDL as

    ({……}) .and ({ + any => any })

    To reduce noise, a generic could be defined:

    non-empty<M> = (M) .and ({ + any => any })

    …and used:

    distinguishedName = non-empty<{
      ? country: regtext-or-wildcard
    ...
    }>

    There is not a lot of tool support for .and, so I am not going to push for this, but it sure works for me.

    Grüße, Carsten



    > On 2021-04-06, at 12:18, Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org> wrote:
    > 
    > CDDL experts,
    > 
    > I am reaching out because draft-ietf-acme-star-delegation-07 is in IESG review, and it contains some normative CDDL, accompanied by non-normative JSON schema alternative, which I don't think got any reviews from (other than authors) CDDL folks. I have personally checked the CDDL via tools, but another set of eyes looking would be great.
    > 
    > If you have a second to take a look at it, ad send any feedback before tomorrow, I would be very grateful: https://datatracker.ietf.org/doc/html/draft-ietf-acme-star-delegation-07#appendix-B 
    > 
    > (Yes, this will become part of the ART Area Review Team area of competence, and you are very welcome to take part in that discussion https://mailarchive.ietf.org/arch/msg/art/lZD8ommZAxqSTJ43YZ-RK7bL4Mw/ )
    > 
    > Thanks,
    > Francesca
    > 
    > _______________________________________________
    > CBOR mailing list
    > CBOR@ietf.org
    > https://www.ietf.org/mailman/listinfo/cbor

    _______________________________________________
    CBOR mailing list
    CBOR@ietf.org
    https://www.ietf.org/mailman/listinfo/cbor