Re: [Cbor] Benjamin Kaduk's No Objection on draft-ietf-cbor-cddl-control-06: (with COMMENT)

Carsten Bormann <> Thu, 21 October 2021 11:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 61D353A15B4; Thu, 21 Oct 2021 04:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vZ-jLF44Xceu; Thu, 21 Oct 2021 04:39:18 -0700 (PDT)
Received: from ( [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A8D33A15A8; Thu, 21 Oct 2021 04:39:16 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4HZlqx1Tbjz30Tj; Thu, 21 Oct 2021 13:39:09 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Carsten Bormann <>
In-Reply-To: <>
Date: Thu, 21 Oct 2021 13:39:09 +0200
Cc: The IESG <>, =?utf-8?Q?Christian_Ams=C3=BCss?= <>,,,
X-Mao-Original-Outgoing-Id: 656509148.743652-d5e9a4c404703cbcd60c0eaaa3bf7e35
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Benjamin Kaduk <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Cbor] Benjamin Kaduk's No Objection on draft-ietf-cbor-cddl-control-06: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Oct 2021 11:39:25 -0000

Hi Ben,

thank you for these detailed and thoughtful comments!

All the resulting changes below are now in

> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Does the inclusion of RFC 7405 as a normative reference imply that the
> %s"" construct is part of the core grammar used by .abnf and .abnfb?

Yes, that is the intention.

> My understanding was that just saying "ABNF" did not by default include
> the case-sensitivity functionality (regardless of what references are
> present), and so that it might be appropriate for us to say something
> like "the ABNF control operators defined by this document allow use of
> the case-sensitive extensions defined in [RFC7405]".

Interesting!  I live in a world that has pretty much completed the transition, and so I thought just always referencing 5234 and 7405 together would be sufficient indication.

I put into terminology:

   The term ABNF in this specification stands for the combination of
   [RFC5234] and [RFC7405], i.e., the ABNF control operators defined by
   this document allow use of the case-sensitive extensions defined in

> Section 2.1
>   interval<BASE> = (
>     BASE => int             ; lower bound
>     (BASE .plus 1) => int   ; upper bound
>     ? (BASE .plus 2) => int ; tolerance
> I'm having a really hard time coming up for a use case where making the
> tolerance depend on the base of the interval by an affine transformation
> is useful.  It feels a bit contrived as an example.

Oh.  The BASE is just the encoding base, i.e., if base is 400, the three numbers used as labels here are 400, 401, 402 — no interaction with the semantics of an interval.


   The example in Figure 1 contains the generic definition of a CDDL
   group "interval" that gives a lower and an upper bound and optionally
   a tolerance.  The parameter BASE allows the non-conflicting use of
   multiple of these interval groups in one map, by assigning different
   labels to the entries of the interval. "rect" combines two of these
   interval groups into a map, one group for the X dimension (using 0,
   1, and 2 as labels) and one for Y dimension (using 3, 4, and 5 as

> Section 4
>   (enable/disable).  The latter approach could for instance be used for
>   a JSON/CBOR switch, as illustrated in Figure 9.
> I'd suggest something like "as illustrated in Figure 9 using SenML
> [RFC8428] as the example data model used with both JSON and CBOR".  (The
> main goal being to get the 8428 reference in.)

Nice!  I put that in.

> Section 6
> The shepherd writeup indicates that the author has a complete
> implementation, so it's surprising to not see it mentioned in this
> Implementation Status section [that is to be removed prior to
> publication as an RFC, so this comment itself is somewhat pointless].

That is actually the implementation mentioned as

   An early implementation of the control operator .feature has been
   available in the CDDL tool described in Appendix F of [RFC8610] since
   version 0.8.11.  […]

> Section 7
> I would suggest that the ABNF security considerations would also imply,
> except that both referenced documents disclaim any such considerations
> (not even "what you actually describe may not be what you think you are
> describing" or "ABNF just says whether a given string matches the
> constraints of a given construction, and does not require a unique
> interpretation of the string").

Yep, I was about to write “The security considerations of … apply”, and then read those...

I have now added:

   While both [RFC5234] and [RFC7405] state that security is truly
   believed to be irrelevant to the respective document, the use of
   formal description techniques cannot only simplify, but sometimes
   also complicate a specification.  This can lead to security problems
   in implementations and in the specification itself.  As with CDDL
   itself, ABNF should be judiciously applied, and overly complex (or
   "cute") constructions should be avoided.

I think that should really be a standard disclaimer on all FDT techniques.
(I haven’t added “If the FDT specification does not make boring reading, you are holding it wrong.”)

> I might also consider mentioning that the behavior of the "floor" function
> (for converting floating-point values to integers) on negative inputs
> invariably surprises some people (i.e., it is not "round to zero").

I’d rather avoid that surprise be being more explicit:

 target; converting from a floating point number to an integer selects
 its floor (the largest integer less than or equal to the floating
-point number).
+point number, i.e., rounding down).

Grüße, Carsten