[Cbor] Decoding numbers and compliance verification in dCBOR
Laurence Lundblade <lgl@island-resort.com> Fri, 10 March 2023 18:49 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54B7CC14CE3B for <cbor@ietfa.amsl.com>; Fri, 10 Mar 2023 10:49:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abAvOqnRJUAj for <cbor@ietfa.amsl.com>; Fri, 10 Mar 2023 10:49:16 -0800 (PST)
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on20701.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e8d::701]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06F8C14CEF9 for <cbor@ietf.org>; Fri, 10 Mar 2023 10:49:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AfV9OILkaDD7Hn/M0VKAfovXNeYf7bqMMiWCAc//gXunEPvi6nbd+CoOUJ+nIoR95qj+xs6WVuJhzuM0CLL8q1TssIdjh0Iy9Sc1jrUBLtvdiIwSMwLYY6Q/c+EiG9SknlnNqVt0HZBS29FjNrSH6beAP+/k8dgOvRyuBY4OhrAdCjQHh3+ACGP3JuUEnZQNm+kNnl3GTwwBX5xeoRfN3xK/eCFpNknEPcJizvKb+cZ5LX5w/7a2PhRz2tvJgE+IYDM7zzXuOOPSQjWXwuWYOnG6OoZSJtJKbTe0OEC+K/lLtsLnbdD8GQPQREp+TlfIixA8yNGZnJZAUmlSca6hVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bAVVv+ovnwIbYe5LTGwb0KX7HScn5MR+RxFqoX+2Zxw=; b=XAd5AJaxKNEesUWn9/KdKd9QVqHSojekuuKQrVWKQWeX9q6HNG/ixNGf+Av1bzJh85D/d1ATKFIdyf+6aQuPjdDeaoVi23uxTQDkdwezWK1EkHb6jRzv+c4amJarn8IQwCUl8K78k7kba6VAYAO3//v2IshAzQ9UXoBSke4ss/VeWYu0gXdhh+Jf4gwOg6AJOoUZVazb4JYO+nFgAyBMXasw+yrULky6xOrFEzeaaoz5a4+RCcff+UuOc1u7EL88pnAwgGovk1evxKKyUxic4VfuvcZdqmOwOybOcHs6BoVaLSekn1ECYk8l7gjL05V+GKi2rfDF/FmWebdVG21AUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by BY5PR22MB1812.namprd22.prod.outlook.com (2603:10b6:a03:230::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.17; Fri, 10 Mar 2023 18:49:12 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%3]) with mapi id 15.20.6178.019; Fri, 10 Mar 2023 18:49:12 +0000
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <83BF059D-BEF2-4C5F-9DE8-7A99A529833F@island-resort.com>
Date: Fri, 10 Mar 2023 10:49:10 -0800
To: cbor@ietf.org
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: SJ0PR03CA0159.namprd03.prod.outlook.com (2603:10b6:a03:338::14) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|BY5PR22MB1812:EE_
X-MS-Office365-Filtering-Correlation-Id: 76b0b327-3617-4458-4a77-08db219823da
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: m83sVFXOXDJUJv/Qt+z2YbZOH2jvXt7elLVIOkZ4vIIDa81bJe603DbxS6zNT3OV3HMOQjr5s4+xw351a+lW5BjYEIoy4NzLrHxcXL9eXbRzMqepcTXJjLGtKeOEDTCIvtFsJr8Mg/ob18sGTRsKpuNzOL701H6zYzCrtOGxeto2ccvNHpkzz+MPvguHT8YvR728OxaOpiNbH4UcN7vH/YVVcj8WYQ3Ynuxt5jXf4vaFlF2mXPn7R2ErCLYdTqOw7NS+HwJJOISapxEHRM0IkehikEU57r6IzyG7JRYq7kqeml3BmVhgSXCpuGzgVQ33Yt47QzyQagm1SOukCLUXTdflffhQyJC3i3UEopV8tS8CkW+E/bN9ee2Ia3x2BH4NQoYpAejIgR2Pi40HtZVUWWQDsM1ZlmebGifYUIA0hYMU9xBwwqeipTfiuSkaSw72JcfqiJY5wpghzsCmKtMys4+gC8tUFqMMSSwYHm5JZWrAiQtfPQzvAJ703FJv/ehcY0B05aSow1Melpf1ab4SoPm8ffc15xLW2lCZDSP4kE98F5R8JmmbHUqTFtnXBNTS/0sxAtSyzgUDsKmcwpA7pbVLrnHvtgTjagd7C+6e9aB/x3h81e0/Nnlpra5dm7wDQyhIw6Iriul+j+fyuCSG2wlGn1NpdH2L626VPN6xt5U6EyiCoAfzIEdRocuygGofCDzGhNhOjQ+QrRNxYzg4jCv/Kc5xae7V32H3KdplleQ=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(136003)(396003)(346002)(376002)(366004)(39830400003)(451199018)(186003)(2906002)(15650500001)(26005)(6512007)(6506007)(38350700002)(36756003)(66476007)(66946007)(66556008)(8676002)(83380400001)(5660300002)(38100700002)(41300700001)(6486002)(8936002)(6916009)(316002)(86362001)(2616005)(33656002)(52116002)(478600001)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: kp9qWsvHgdmcFhVxUwa5o8JAQlofLCQhy+E4W3VpzlEx5ohJptZ6WeQUeKmcOUrGFDZLXnHNcZRR6lu1uq+r8uv5fgLXCQ9FNA4Z7BMoNnSFj2aGIHbUwYvr2Q/wDhOgSvVTbL+z15EpP3xbQpfukEsGS7qKGWkS8DZO1M2PN6I3UNGO995sGhxMQz1pYMjrZwd6d3qhuPAk+irZkXH62urgaZacw09pY9odC+REUEB/8oftKaybQV7aEloPxa1JwSLuBbO+lJOzSw3LPPV7WHMCs88b120SZcptkD1KHqPz6fdYaKxaIBRPXqgyzkuxfCwbBQebYS2c48jH5u4hl8dE47+eKldble65kq6qUSwQKPXo7Xa2TMBfGSPgDEqPY0JWY4UoZTBxaWpXJHXnGALNRkdWixoFaLFSl0AAf6bRTifvDnMuRmS6qe40LTe6o5bUP3zMMRAV/qAkQkpWEaHqdA9zWqLsjmOhd8a17rkwqJFLW/7qNUyW6SCZm0l/PEzLjsxYCzj9xheS1F0Q0TtZ7We9Qdg/KJ/QuhO8m+v2nc4x6QYeAw2dk56MSE0OYKChhNdc3dqbMyZ3A1I9jpaGmOXfgbd+1m65DLFWz4IcWeFRSvp+0ukosUVoHaoL5nAwI3EoKUeWkzUTIwL0cSa5OMqKcGYe+dd7dq9u9oc5pPm0wvnz37QZiTjngl3xtm0t4E3p12O+j0kKM7f5FNOsIc7H0QWKexBPq5oxvYTb/06ueubFZ4H4ZcUkCRcwH8qTFZrK8yJtXK4X2l3QSS9HQO/h+eql9yGzQH5mpEM8fGCXTMWLErbJTBGNn2BAc74PQkgxLlcS7yHJP7gaY8gHO03gsG2nvfTVtcsvmS5lAVmWI0HQSqaBrhWmXd47HxnzB+c2D388ikeoXfIKo8B97mww+2pKcuDpkbnC8Tya/soLAZU5PSEocdxFfTEpKvVyrGeuCgRS3Y7FHnWOsFViIV8vFmQ3NjXymXjyEGzEndhovzfDxmPAnd6xlrOx1+r9OHq3bQT4D0im7lLi7tWDnHRFD50p94s7w6YTv0CdK5qLLA/QwKQk340ZOlyemZL4AazZTMJ0ppyCxzQY17YMMehakxggmy0ouiQXoPco/F+Gw1gPLJbhFeWUJ0e36rDTzW2t3fIYHbsgqf+ggUcRo82YY5wUkjSigr1uXxZWD49qXRLQoAM9h8h15mOwffw9j0/xCbeEyyqnOKZCNdrdL26xPd4paOplOGUhtaF+THdUNFEsbqZz0OjfzThFdzLvnVNbCLhWOB0PWMB9oswZWaGWYcrAydVWdTuwhmNxDKjCvGz3ZwbbR/O7MPLB4TcXom/gYumCLO8Jyi8hNIBFZUXTw6XTuyrufl8fOiOuLJ3rFUEQXfDKHxoH6MmcI3ZHEpYRAQNz0ySgaGmVTRFIWpgq0DtTxJxhyUxoYb01l0TyRowitQR/d4HjFuWzgdxBEyyCxNEmMV53goTGJoNmDEyZjIBNvGSoB4MA5br9HbuYoDoSvmAi8fwQewQ6hX2aA2iz17l+OdSIR9AnS+xXyHwCf5kwMTfysu7GjPELTPja+GZ8mcnYHFtT8xwTIdOs2rjjyCd525CvvbwKLg==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 76b0b327-3617-4458-4a77-08db219823da
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2023 18:49:12.4404 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ZH/xmoZnyMcq6eHIh/ElX2LCl2rQ27nBRPadD09kjGZoy8NDUCWKhl3W2+2B2q7sO8SCm59LBM1ZsayUAr4Seg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR22MB1812
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/LUQ0lMaAA1ADGuRtb1VLahnlQUg>
Subject: [Cbor] Decoding numbers and compliance verification in dCBOR
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 18:49:17 -0000
I understand the reason to have only one possible representation of 0, 1 and such, but it seems like it will complicate the decode implementation a lot. Typically in decoding you might ask for the next integer or the next float or the next big num. The decode of these is super simple and straight forward in regular CBOR. I imagine in dCBOR you’ll still ask for one of these in the API, but the underlying decoder will have to expect different CBOR types and convert. For example your might ask to decode the next as a float. The serialized input might have an integer value of 999. The dCBOR decoder will have to expect it and convert to 999.000 Also, the dCBOR decoder will have to check for 0.0000, 1.0000, … (floating point representations of whole integers) because it is supposed to error out on them. Same for bignums that must be represented as integers. Also, the dCBOR decoder has to check the map sort order. These checks aren’t necessary for correct decoding of the data or to defend attacks. They’re just there for hygiene in the eco-system — being strict in what you decode. To me this makes dCBOR somewhat unsuitable for highly constrained devices, though it will depend on the protocol and the device. Ordering variants of CBOR in suitability for highly constrained devices: — dCBOR — least suitable — requires more processing for integers and compliance verification — preferred serialization CBOR — suitable — a little more processing — non-preferred CBOR — most suitable — can tailor serialization to be the absolute minimum for the use case Do you really want to require that every dCBOR decoder do the full compliance check? Seems better to just say that decoders SHOULD do all these checks when they are running on non-constrained devices. LL
- [Cbor] Decoding numbers and compliance verificati… Laurence Lundblade
- Re: [Cbor] Decoding numbers and compliance verifi… Carsten Bormann
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Carsten Bormann
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Carsten Bormann
- Re: [Cbor] Decoding numbers and compliance verifi… Laurence Lundblade
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Carsten Bormann
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Carsten Bormann
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren
- Re: [Cbor] Decoding numbers and compliance verifi… Wolf McNally
- Re: [Cbor] Decoding numbers and compliance verifi… Laurence Lundblade
- Re: [Cbor] Decoding numbers and compliance verifi… Laurence Lundblade
- Re: [Cbor] Decoding numbers and compliance verifi… Anders Rundgren