IETF Logo Mail Archive

Re: [Cbor] Unusual map labels, dCBOR and interop

Carsten Bormann <cabo@tzi.org> Thu, 28 March 2024 16:33 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7054C14F6AB for <cbor@ietfa.amsl.com>; Thu, 28 Mar 2024 09:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoTeoIG23dBW for <cbor@ietfa.amsl.com>; Thu, 28 Mar 2024 09:33:33 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB472C14F686 for <cbor@ietf.org>; Thu, 28 Mar 2024 09:33:31 -0700 (PDT)
Received: from eduroam-0440.wlan.uni-bremen.de (eduroam-0440.wlan.uni-bremen.de [134.102.17.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4V58HC0wWPzDCfY; Thu, 28 Mar 2024 17:33:27 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAN8C-_JiRzWQZLpxs5p5fx7BM_zPH8-NGY-e9b6MJ_iN8nAP0A@mail.gmail.com>
Date: Thu, 28 Mar 2024 17:33:26 +0100
Cc: Wolf McNally <wolf@wolfmcnally.com>, CBOR <cbor@ietf.org>
X-Mao-Original-Outgoing-Id: 733336406.451916-42ffbd8c5ead530c8d2e1339b2420f38
Content-Transfer-Encoding: quoted-printable
Message-Id: <DD5E4E51-62BA-4E7D-9CC2-44CA829767EB@tzi.org>
References: <8C245824-1990-4616-AB70-FFD4FACB1AE9@island-resort.com> <11E8A8A5-D891-49FF-AF16-697C06F463B3@tzi.org> <9A0CE364-C141-4EBE-9703-292C416D12F5@island-resort.com> <3D62C4F0-D570-4EE4-AF6A-163C708AA6BE@tzi.org> <58BA8F8C-0C63-4534-9BF7-255C32D02C16@island-resort.com> <CAN8C-_KCLv_cAt-0-C_=i6DXjZFkgkmgZ8DNq48RcxcvV+jEUQ@mail.gmail.com> <437a375c-49e8-4406-a192-acb9a5e7bf31@gmail.com> <9272C2ED-432D-4D6D-AB64-38976F9297D5@wolfmcnally.com> <794fae9f-1c87-498b-aaea-4e476b0dc420@gmail.com> <C24BFA9D-D19C-4267-B0C8-54842B124452@wolfmcnally.com> <03144212-69bd-441e-8697-fdf1fd9f9689@gmail.com> <B53F373E-4997-4654-AB56-7719EF0ADD99@wolfmcnally.com> <CADEL5zt=CHZPpksVm8Qwo3NY0VTStbpSFPgfDbDMN8RgjVrJwQ@mail.gmail.com> <1FD1F074-F07D-46A5-AB80-7782F33FCBAB@wolfmcnally.com> <CAN8C-_JiRzWQZLpxs5p5fx7BM_zPH8-NGY-e9b6MJ_iN8nAP0A@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/JoMqO_LOxFOytpZO4fFWHfGrd0k>
Subject: Re: [Cbor] Unusual map labels, dCBOR and interop
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 16:33:36 -0000

Hi Orie,


On 2024-03-28, at 15:10, Orie Steele <orie@transmute.industries> wrote:
> 
> Let me try my argument one more time, and if it doesn't land, then maybe I'm chasing ghosts.

This thought experiment makes some assumptions about what people could be doing that fall firmly into “don’t-do-that-then” [1] land with me.

[1]: http://www.catb.org/jargon/html/D/Don-t-do-that-then-.html

> Let's say you have a CWT based protocol that is supposed to implement dcbor,

CWT is not based on dCBOR, so I don’t know what that would mean.
(OK, maybe that new protocol is a variant that is *not* a CWT but otherwise similar, let’s call it NCWT.)

> and that spans multiple middle boxes.

And that is definitely a good scenario to test the above…

> The protocol starts with a coin flip to decide which serialization to use "cbor or dcbor".

After the coin flip, it would need to tell the result, e.g., by using a different media type.

> After deciding any time "cbor" is chosen, a random "dcbor incompatible data element" (such as undefined, or weird numbers) is inserted into the unprotected header by every middle box that supports "cbor" and not "dcbor".
> 
> My concern was that on the wire, the boxes will see "application/cbor", but internally they will process them as "application/dcbor+cbor”,

Well, both media types (assuming there will be a dcbor+cbor) are non-specific and therefore do not provide much of a handle to do any application processing.

> hence it is less safe for this protocol to use "application/cbor"... but it would be more safe for this protocol to use "application/dcbor+cbor".

Yes.
But it would be much better to use media types that are more specific as to the application protocol.

> I think the recommendation for such a protocol would be to define a more specific dcbor based media type, like "application/foo+cbor", 

Exactly.

> but then in the media type registration cite dcbor instead of normal cbor....

Exactly.

> I suspect that people won't read this registration and will look at "+cbor" and assume "undefined" and "weird numbers", are allowed.

But there is never an assumption that foo+cbor allows all of CBOR; we usually try to provide some CDDL or other specification that defines (and thus restricts) the application data model.
Intermediates that randomly insert data items into an application protocol they don’t understand are destructive.

> That's the argument I am trying to articulate, is this a concern? 

The usual response here would be “let’s write some text then” (e.g., for the security considerations to discuss check/use vulnerabilities).  
But if your assumption is that people don’t read, that won’t help.

Grüße, Carsten

v2.23.0 | Report a Bug | By Email