IETF Logo Mail Archive

Re: [Cbor] Decoding numbers and compliance verification in dCBOR

Laurence Lundblade <lgl@island-resort.com> Sat, 11 March 2023 20:47 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88463C14CF1D for <cbor@ietfa.amsl.com>; Sat, 11 Mar 2023 12:47:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQg7jELStadf for <cbor@ietfa.amsl.com>; Sat, 11 Mar 2023 12:47:20 -0800 (PST)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2096.outbound.protection.outlook.com [40.107.101.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C00FAC14F721 for <cbor@ietf.org>; Sat, 11 Mar 2023 12:47:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YrfoIGDUoxZ+Z3dmRx7q4Pp/GDtgVQV2tVF2i8TaOKJGYAvhWQH2ef5M9/mgH2uLqnPhvt02qiTIdoT+aQBRr3crrdar7rDEmSFN+t41nEll2Qhb+SqV4Ne6aevkOw9pDvgtiPr8eFtPiwdY2OwR64W1XoFCth0qEhoCT8FGS8swRlWNMqLMGBEPu7oL3gC5/32nbsqXR8VYTJXR85tph0QDvGKfUpvRGsa9RhgIkbJzNylqoPqHcl5tgOsMjjIAcfwo3cW2BnONgvsLUob0o7cLTx+BC4uCzTqfyBmvfTwPlI+YF35FPGKD5y13oVq7UHJ3tWdIpg8ECzR4F8xjbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7es5cRoRG6B+yuUy4l89/n670Jxv5Muu5E4FFRotxGo=; b=QRZFHvs5NrhlndSSbCCzY7SSb+qdljav7poqSKgPUItfXsRGaGldC7wuT/ZtIGnFlgkqrirMQdSqYWO5xp7kQ0a+orqcm+HuvFcqZ039Jb/Dcn7NZC60mYSTy5rElPP6MNGrvkGG/8Rzox477J65UTPcXa8A6cuEEzODVVoEsDPPHZyFL8CDG+wEg/2dPNDhot/c4Ds7Jtga3qP4Fj3O8KTNJv10nE04oe+x2MpP0f3tn4xkXR0o4+RKbDbG88qcSGV56cINY9FTSnlRfDMyZKxW35boUImB5dYzTggEMaO0T5HlLpsnVEnDq4nnRvE2tfrtG8IO+QMrR168DdLfww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SN7PR22MB3788.namprd22.prod.outlook.com (2603:10b6:806:35b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.23; Sat, 11 Mar 2023 20:47:16 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%3]) with mapi id 15.20.6178.019; Sat, 11 Mar 2023 20:47:16 +0000
Content-Type: text/plain; charset="utf-8"
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <09207367-8B74-434C-89B1-881780DCECA5@wolfmcnally.com>
Date: Sat, 11 Mar 2023 12:47:13 -0800
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Carsten Bormann <cabo@tzi.org>, cbor@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B3E53C3A-7205-4D3F-B3A3-ED27D52D2A70@island-resort.com>
References: <83BF059D-BEF2-4C5F-9DE8-7A99A529833F@island-resort.com> <8999DCEA-6572-4A69-85EC-AA7AD0170837@tzi.org> <38de8a78-0140-45af-b4fb-f601265809e4@gmail.com> <09207367-8B74-434C-89B1-881780DCECA5@wolfmcnally.com>
To: Wolf McNally <wolf@wolfmcnally.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-ClientProxiedBy: BY5PR04CA0025.namprd04.prod.outlook.com (2603:10b6:a03:1d0::35) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|SN7PR22MB3788:EE_
X-MS-Office365-Filtering-Correlation-Id: e9647c5d-adbd-4b61-72de-08db2271cc5b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: GkHBXE4KNo8Wv//5q7ZzNo+q6fjrzgAbgOokhmlYhbKUB2U+AMhqLu+1RI78tC7DygWxtdihtILS1OV5EASJRwkpnZt14lN31UGafzmp+yQhQ5V3V8pqhhCCJw9ZH8uGGfoamW2dZT0Wn1Kq1DiE9gtklQTYGYPliy2aW+x5w5eLK3MPOpfIrrAag+r3oAYEHs6FqFD9KZrz9pSWeHvoW+p5y+ha5gRXBbdeHj9FmYyq58y6HITXWv8IhvcnJMZq/RBaohFN+j5cyue1/m9dqX2YcmwTFrjSxtSo/sPNdJ+jyN6DX+3KZI8A8+YjYptR0NbdIiLhqG23BkehmDeWLio54diPKQ/rxU81WJ29UH1PJEcjMkblsNXm6VbHcvwdQTO6FfW0pTQ2821D2j2oxkjZNN5UqdL0qpXWXmHSsT+nDCoupG8gFu5eocLw2OsX6sTifUxDgJjiqQaVjITQttxQu+llsPzWLAgW2LumuG8avJ3G4dTIbEFO4y6jHbrXfzQ8BFf0gyK66I4k/f6MDIykqT0QJ+QjLP+dayRzZiMlzWUoLLc3WiIrnQLAdKy9BKa5lZugwgw/mjzwWKOMkPjdINfOec4QDdoWZKZhPHYfAh/U0FnqKQe9VfQ5ponEFiXAzMFkGhqnBKHr2EoJUTN8iyUrMKKPfZWi4Si8GbDlYfECbCeNwbH1jWlY8r0h7vIvIeAezL90w6veelnFzZfcldA8djyw2vlXtUEvmko=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(39830400003)(346002)(396003)(136003)(366004)(376002)(451199018)(66899018)(5660300002)(8936002)(15650500001)(2906002)(41300700001)(38350700002)(33656002)(86362001)(36756003)(38100700002)(52116002)(66946007)(66556008)(66476007)(478600001)(8676002)(966005)(6486002)(6666004)(4326008)(6916009)(54906003)(316002)(2616005)(186003)(83380400001)(6512007)(26005)(6506007)(53546011)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: LM0ALhJ2P6Dcot5r+p01WWlwX9GfYz1kd7M7J3n0Yl4Z6Det8GIDDWSzZPuVocCpLpH6Itoj5OWA28TIKDmk5/GV6YgnGeE67hwVQ11ERmUDGmeLXB2fBhbu6gb+qy9LnbdkCABN76HMJpFb8PRbrhrzOlK7HHDm6hyChwaRQbM1c3SCiNEfjaRxIqS1ohGR/YPetJEiO8VpoCNz2F+bWBR2l02S/iszDxxaGRIChUsFm5zQl1Hw8uABREv8oJA/45+UH1bMD5iq79LFVar7HwxkpyLjxvQIuS9t637Dj7Ii7IB4FPVBVRgNUdMlK6FekvZxb7IAG0pg2e9m5gHJQ7zRny0vrtlTELuSVe2jUr8w9PEQMqacXd6KIqKcmxekL+gGF5zhXnATC+7AktAduVmRYZjgVW41iHmBXN2Dt+iCR7ZzCm3lRQgnt8fHjetGE+JW4AjvWB70qa6o7kt1PMGcrl+LfkSnuTleaPbrK7A0BYG42v4NOEB9h2V4kTRsYLE43Pfj0jFjcPHHzpJjEe1hGRjcBQiJEJS4ZicIfMruMo3nhpB9j2rAknd7GigJXDpFiVWBtXvJGrebIowz8UMrK7ZNcV6WQnJUKWu+Fs3YCL2AxIEHk/QOSgaApLdKRq8p7pp0Zf9I7N0kTTi1K19VBIiDTqJbFtSgJuE1JpabpxyOD6h77LVFtg1uFY1lAhrPBlNQHMColdu/0wdk5nFeR6SMybagagHl0qm36RjyVlT8e6F+PmVN9s0o3w+NM6Bw3vQCGj8WmWGSlQi3ZvMks+0ueoQ2iUpGEhMWqNxo5UR+HVXYrQycrAwYCUgs4CgwQEFVfOGLkJy2qqAKkkLWReB4RbbfMnwMFl7YpaI7t0kylJB7ZzCTqxU/tn9eUYKlHryRNku36RS7HaWot1aCDKcAO8CfxYeT3lhs2K8wSK+QMuyFIZmqwJtz9mSaLt/FE7b4J/+5SE3n8bpKHuX1tij5ZBQREwYayLvJWZIJVy0D/lM/anTUloBFChvNxMY+G/v2lkqJF32oV5L4s3AsPzW03y9GO5rWGeC5utv1gv4smKa/lmqNsfMM8hAsi7c66CcqBl5dNAI4pJGrcxZ+3+PAonr4BUdDENqWTmJ1RQyIGaNx0tBSD1Gd+HT3Qf1hNRowb7et1cvVaSdsBrrqufowUWc1cqa0WV9iO9OV3fs7+VQ3gCdgxOypPzqCZaZ9uYiJXuo5bbGLq4gGIKARkuxOB+2znCS6rA5GjLbCzQ7VdFmfxShs8Ef7v1kCCPhSFWHS/Zo9ALZDR07m/eHRenK9Z+k5X4sd+Os+c59AZiPNTlOxPz93SNaf0VPKISY6j+PiMxz/jd1cfzTKelKcqg0T04tpiD8OVqfNsP1ar+XLVA7zn2Ja1Tsg9zdwzTjhwyPn3gRRK4LxNGTd5l7Rwvb3LH75Eg1/S3TzQ0MRugSYeuqWxhAjUCgZaHKi19uwgIrf8icSuew+wdfgfA7GqG9RWUlELwnT/1Dh8mfU5i35mRfKI3t/yRoyVl6LW1Am8vFk6LBuRDZorSLvKpdTViP+4i32VhFxOBCvJaO0mqu6dHA8cRVBuLcOMG10Rn1fgFyXNgadfIb/r7erOA==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e9647c5d-adbd-4b61-72de-08db2271cc5b
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2023 20:47:15.9969 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: CI+stDBdzg4SoDJAWmR1mWNBEhHfRw+bjNZDfsxxWt/Q2plBt1OH6aQhkbzdqR31V5CG4nobE2QVxoRQ3fEliw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR22MB3788
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/LusVrrxZZFsOaSSU3sNcdiS4WO0>
Subject: Re: [Cbor] Decoding numbers and compliance verification in dCBOR
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2023 20:47:21 -0000

On Mar 11, 2023, at 12:27 AM, Wolf McNally <wolf@wolfmcnally.com> wrote:
> 
> For us, minimizing absolute size of serialization of a numeric value is less of a goal than having a single, deterministic serialization for a given value. In addition, dCBOR codec implementors should be able to forego floating point or bignum support, and still be able to expect the same canonical serialization for all the integers representable by major types 0 and 1.
> 

Yes, that generally makes sense, but a few comments.

You have a requirement that all decoders MUST validate compliance with the dCBOR spec — check sort order, check that 0 is not encoded as a float or bignum. This check is to re enforce hygiene in the dCBOR ecosyste, not a necessity for correct functioning of the decoder.

This results in extra code on the decode side, not the encode side. The decode side is always bigger and more complex already just for dealing with regular input validation.

I can see that for highly constrained protocols this hygiene check is much smaller, maybe zero for integers only, no maps….

So is it really is a MUST, not a really strong SHOULD? Something like “while dCBOR doesn’t absolutely require full compliance (e.g. map is sorted correctly) on decode, this exception is only intended for use in very constrained environments that just can’t afford the extra code size for the check. These are only environments where a few hundred bytes of extra code would affect the cost of the device.”

This is not a critical issue for me in the end. I mostly want to make sure we’re clear about the implications of the requirement, because it is essentially a prophylaxis for the ecosystem, not something needed for correct function of the decoder.

LL



> ~ Wolf
> Lead Researcher, Blockchain Commons
> 
>> On Mar 10, 2023, at 11:06 PM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>> 
>> If shortest possible number representation is an absolute goal, you already have a problem with "pure" integers.  An integer value of 1099511627775 (0xffffffffff) would actually yield two bytes less(!) using the Bignums type.
>> 
>> It would (IMO) be unwise trying to fix this in dCBOR.
>> 
>> Anders
>> 
>> On 2023-03-10 20:14, Carsten Bormann wrote:
>>> Hi Laurence,
>>> I think your arguments are important.
>>> But for a receiver of information, there are also benefits from knowing what to expect.
>>> In particular map processing can be simpler if only a specific sequence of the entries needs to be accepted.
>>> Whether floating point values are important for an application may also influence whether it is worth to expend some additional processing.  The simplest devices often get by without any floating point operations.  Once floating point becomes important for the functioning of a device, processors such as those of ARM’s Cortex M4 series can help reduce the power-hungry on-time of the device by efficiently performing the floating point computations.  With these processors (and certainly with processors of the smartphone, laptop, and server classes), the requirements of dCBOR become almost trivial.
>>> I don’t want to take a particular side here, just point out that not all applications are the same.  Having a go-to profile of CBOR that covers an interesting subset of applications appears to be a net win to me.
>>> Additional CDDL support such as that provided in draft-bormann-cbor-cddl-more-control with .cbordet and .cborseqdet may be desirable.  There is currently no way in CDDL to express the rules about number representation that dCBOR has adopted; that may be one interesting gap.
>>> Little aside: When I started to think about this, I started to wonder: What is the dCBOR way to represent 65536000000.0?
>>> 5 bytes:
>>>>> 65536000000.0.to_cbor.hexs
>>> => "fa 51 74 24 00"
>>> 9 bytes:
>>>>> 65536000000.to_cbor.hexs
>>> => "1b 00 00 00 0f 42 40 00 00”
>>> Here, the floating point representation is shorter…
>>> But wait, even if float32 cannot be exact (e.g., for 65536000001), try:
>>> 7 bytes:
>>>>> CBOR.decode("c2 45 0f 42 40 00 01".xeh)
>>> => 65536000001
>>> 9 bytes:
>>>>> CBOR.decode("c2 45 0f 42 40 00 01".xeh).to_cbor.hexs
>>> => "1b 00 00 00 0f 42 40 00 01”
>>> (Number systems are always an unwieldy part of representation formats.)
>>> Grüße, Carsten
>>> _______________________________________________
>>> CBOR mailing list
>>> CBOR@ietf.org
>>> https://www.ietf.org/mailman/listinfo/cbor
>> 
>

v2.23.0 | Report a Bug | By Email