Re: [Cbor] draft-ietf-cbor-file-magic: Processing recommendations

Michael Richardson <> Wed, 21 April 2021 19:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 11DD23A3406; Wed, 21 Apr 2021 12:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 91l5dWesjKDs; Wed, 21 Apr 2021 12:37:08 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 002AF3A3402; Wed, 21 Apr 2021 12:37:07 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0269738E6B; Wed, 21 Apr 2021 15:44:47 -0400 (EDT)
Received: from ([]) by localhost (localhost []) (amavisd-new, port 10024) with LMTP id isgZ2xzczLN0; Wed, 21 Apr 2021 15:44:45 -0400 (EDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 2C40638E38; Wed, 21 Apr 2021 15:44:45 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 3DA2A653; Wed, 21 Apr 2021 15:37:02 -0400 (EDT)
From: Michael Richardson <>
To: Christian =?iso-8859-1?Q?Ams=FCss?= <>
In-Reply-To: <>
References: <>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 21 Apr 2021 15:37:02 -0400
Message-ID: <6496.1619033822@localhost>
Archived-At: <>
Subject: Re: [Cbor] draft-ietf-cbor-file-magic: Processing recommendations
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Apr 2021 19:37:13 -0000

Christian Amsüss <> wrote:
    > Hello Michael,

    > looking at cbor-file-magic from the "implementing generic tools" (static
    > CoAP file server, downloading CoAP client) point of view, I'm wondering
    > whether anything actionable for these cases.

My opinion is: not really.

    > I'm tempted to do crazy things, serving content formats from recognized
    > CBOR protocol tags, and possibly stripping the tagging once transferred
    > into a Content-Format option, or doing the inverse when downloading into
    > a file.

I certainly think that storing the media type with the file is smart.
MacOS does it, and a number of non-/pre-Unix systems forced the file
extension.  It wasn't until Unix/CPM/DOS that had pseudo-relevant file
extensions, but didn't enforce any meaning on them that we things got
confusing.  But, that was because "it's all a stream of bytes" meant that you
could apply tools in a less regimented way.
In a world of XML,JSON,CBOR, being able to process records has started to
have some appeal again.

I think that deriving a media type (both for CoAP and HTTP) from the
cbor-file-magic makes sense.  Whether or not you want to strip off the
12-byte sequence-style prefix is another question to me.

    > Turning down the crazy, these things may make more sense in an
    > opt-in fashion both on the server and on the client side. Going only
    > half the way and serving the content-format while also sending the full
    > data stream probably makes no sense (if the data was really intended to
    > be application/octet-stream, the server is already lying about the
    > content format, and stealing the inital bytes just adds to the charges).

I agree.

    > Is there any recommendation on that topic that you'd deem sensible,
    > either in-document or just on the "it's been discussed on the list"
    > record?

I think that a place where it wins is forensics.
We know that we are going to embed trust anchors into systems.
The trust anchors are public keys with authorizations attached to them.
Marking each trust anchor with what it's intended to validate
is cheap and easily avoids confusion.
     ("Huh, so your refridgerator trusts the root DNSSEC key for software
       updates, and it can't do DNS if you turn on DNSSEC? How did that happen?")

The second place is where two possible CBOR encoded things can be sent over
some channel.  Or where a CBOR encode thing, or a legacy thing might be sent,
and the legacy thing already has some kind of magic header.

    > PS. Is bcp really the intended category for that document?

Yes, because there really isn't any SHOULD/MUST here.
The 55800 tag, which we added for this document, is of general use.
The per-protocol tag is one which the user of this BCP obtains, so we aren't
specifying anything there.

We are just explaining a way to use existing mechanism to put things together.

Michael Richardson <>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide