IETF Logo Mail Archive

Re: [Cbor] Glitch in cddl-control AUTH48

Barry Leiba <barryleiba@computer.org> Thu, 16 December 2021 17:11 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBA443A1295 for <cbor@ietfa.amsl.com>; Thu, 16 Dec 2021 09:11:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ognnsd8tI8Ua for <cbor@ietfa.amsl.com>; Thu, 16 Dec 2021 09:11:04 -0800 (PST)
Received: from mail-ua1-f53.google.com (mail-ua1-f53.google.com [209.85.222.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A06D3A129A for <cbor@ietf.org>; Thu, 16 Dec 2021 09:11:04 -0800 (PST)
Received: by mail-ua1-f53.google.com with SMTP id y23so6610056uay.7 for <cbor@ietf.org>; Thu, 16 Dec 2021 09:11:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=buBBg5HoAzRJnEf9WwHahI0qdPNuKerlhLNPJbcvU70=; b=3w8TsWQoLZKMGI/PVpNxnrynBWBV4pCmlxPrMoTCgogEV4qspa8gtkQTTf0hDkJLXW NOzTRFP5iXcgrvMzn8oOMgzIc6WdWnTb18v0NouZj55M0M+N/uX5q3CtPrRvj8KMZPEg BTEt2nJ7pZCqOvZl8cQda71Q6IF0D4vWP9qJXtJiKvfGxcHWq7ENhIkKM0Ttf/LzCfeA HZh8+GmDfKcjMRYr1HaNQHeIKxaGIC/rkas6SQ72cFfEvK7gM0yThjqrJfaWriGEeGEi Ut/fzALRnrsvvq5sARa8zMaNgbBLJoMXFwG0Q6/Me8Mcpbho962IMO1+vG1lIIIo2R4t /yFg==
X-Gm-Message-State: AOAM531yyQNcNLjelbLYOUhZfpNEnGS3rEJLB0ZKnDAI5UjshzgQoinx gvAerWrt9J9BTfnE7UNfocSnEt2Tb9E6NnMAWwcZRqsH
X-Google-Smtp-Source: ABdhPJxaQN/7dsSTzs6+V2nhLBZ9h2dD2bqCwRCFamX2ejLbmkLPgURBHI7H7yNFItiZwE5l8NI2fNCaFKhdPkZ56O0=
X-Received: by 2002:ab0:66c7:: with SMTP id d7mr12797225uaq.94.1639674663114; Thu, 16 Dec 2021 09:11:03 -0800 (PST)
MIME-Version: 1.0
References: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org> <BD71DE08-ABB4-445E-9215-AB8144F5A087@tzi.org> <CALaySJL-+YemuGLTvVN=K0MgkSy32FVb95mQ24f=6njexZTE3w@mail.gmail.com>
In-Reply-To: <CALaySJL-+YemuGLTvVN=K0MgkSy32FVb95mQ24f=6njexZTE3w@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 16 Dec 2021 12:10:52 -0500
Message-ID: <CALaySJJHYLgQhfTPm0ek1iwyiC6LnAJGEmB8_PGKA2TRn3AfWg@mail.gmail.com>
To: cbor@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/QzUfjpKlDTWWpsW_ZvLhnS2dEUs>
Subject: Re: [Cbor] Glitch in cddl-control AUTH48
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Dec 2021 17:11:10 -0000

Closing the loop here: Francesca has given her approval to proceed
with publication, based on lack of objection here.

Barry

On Thu, Dec 9, 2021 at 2:52 PM Barry Leiba <barryleiba@computer.org> wrote:
>
> Thanks for posting this, Carsten, and thanks to Ira for a quick
> response.  So as not to leave this open ended, I'm going to put a
> deadline of 16 Dec on comments.  Lacking objections by then, we will
> consider this accepted.  Please speak up now if you have a problem
> with it.
>
> Thanks,
> Barry
>
> On Tue, Dec 7, 2021 at 4:13 PM Carsten Bormann <cabo@tzi.org> wrote:
> >
> > Hi,
> >
> > In the last step (“AUTH48”) before a document like cddl-control becomes an RFC, the author(s) are supposed to do a full reread to capture any problems that remained hidden during the incremental development of the I-D.
> >
> > Normally, we find a few editorial problems (which we did; they since have been dealt with).
> > This time, however, there is also a technical contradiction between an illustration (Figure 4) and the normative text that would need to be considered in making up the example in the illustration (
> >
> > Background: cddl-control deliberately allows byte string literals in places where text string literals would really make more sense.  The reason is that the content of these literals often is specification text (ABNF) with embedded newlines, which are much easier to write as byte strings (where embedded newlines are allowed in RFC 8610) than as text strings (which inherit the JSON syntax that requires replacing every newline with a linear \n, creating essentially unreadable source text).  This is demonstrated in Figure 2:
> >
> > >    c = "foo" .cat '
> > >      bar
> > >      baz
> > >    '
> > >    ; on a system where the newline is \n, is the same string as:
> > >    b = "foo\n  bar\n  baz\n"
> > >
> > >        Figure 2: An Example of Concatenation of Text and Byte Strings
> >
> > So we handled that properly for .cat and .det, but it turns out we did not for .abnf and .abnfb themselves.  Here, bullet 1 (which mostly is about the target and its interpretation) in Section 3 tersely says:
> >
> > >    The controller string MUST be a text string.
> >
> > This is not only not what is implemented in the cddl tool (which accepts a byte string just fine), it is also directly contradicting Figure 4:
> >
> > >    oid = bytes .abnfb 'oid
> > >    oid = 1*arc
> > >    roid = *arc
> > >    arc = [nlsb] %x00-7f
> > >    nlsb = %x81-ff *%x80-ff
> > >    '
> > >
> > >              Figure 4: Dedenting example: result of first .det
> >
> > To me, this is an oversight where we simply didn’t update that sentence to the more useful way of accepting byte strings just for their better syntax handling newlines.  So I am suggesting we change the sentence to:
> >
> > > The controller MUST be a string.  When a byte string, it MUST be valid UTF-8 and is interpreted as the text string that has the same sequence of bytes.
> >
> > … which I’m suggesting as a fix in the excerpt of the AUTH48 processing mail copied below.  I apologize for not seeing this earlier.
> >
> > Our AD Francesca brought to my attention that cbor@ietf.org is not copied on AUTH48 processing; I had forgotten that (other WGs do that copying habitually).  So I didn’t think to bring this up separately here, which I am now doing.
> >
> > You can find the text that will be published if we do make the last-minute change, at the end of the bullet:
> >
> > https://www.rfc-editor.org/authors/rfc9165.html#section-3-4.1
> >
> > (Note that this text is an RFC-to-be, not the final RFC, please don’t start citing it as an RFC before it has been published.)
> >
> > Does anybody in the CBOR WG see a technical problem coming up with making this last minute fix?  If you see a problem (with implementation or use of byte string literals not only in the controller arguments of .cat/.det, but also in those of .abnf/.abnfb), please speak up quickly; this is the last item standing in the way towards publishing this RFC.
> >
> > Grüße, Carsten
> >
> >
> >
> > > Begin forwarded message:
> > >
> > > From: Carsten Bormann <cabo@tzi.org>
> > > Date: 2021-12-04 at 17:00:03 CET
> > > To: <rfc-editor@rfc-editor.org>
> > > Cc: cbor-ads@ietf.org, cbor-chairs@ietf.org, Christian Amsüss <christian@amsuess.com>, francesca.palombini@ericsson.com
> > > Message-Id: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org>
> > >
> > […]
> > > (0)
> > > The last sentence in the first bullet in 3 says "The controller string MUST be a text string.”.
> > > However, the previous section’s example in Figure 4 happens to use a byte string literal, and leniently allowing both kinds of strings is also what is implemented.
> > > I believe loosening this up has the upside of simplifying cases such as in Figure 4, and no downside, so I would suggest:
> > >
> > > OLD:
> > > The controller string MUST be a text string.
> > > NEW:
> > > The controller MUST be a string.  When a byte string, it MUST be valid UTF-8 and is interpreted as the text string that has the same sequence of bytes.
> > […]
> >
> > _______________________________________________
> > CBOR mailing list
> > CBOR@ietf.org
> > https://www.ietf.org/mailman/listinfo/cbor

v2.23.0 | Report a Bug | By Email