IETF Logo Mail Archive

Re: [Cbor] [cbor-wg/cbor-magic-number] WGLC review (#10)

Michael Richardson <mcr@sandelman.ca> Sun, 12 September 2021 22:31 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7173A2094 for <cbor@ietfa.amsl.com>; Sun, 12 Sep 2021 15:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwNB4G9Ibvlx for <cbor@ietfa.amsl.com>; Sun, 12 Sep 2021 15:31:29 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3413A2093 for <cbor@ietf.org>; Sun, 12 Sep 2021 15:31:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id D1E9D39EA6 for <cbor@ietf.org>; Sun, 12 Sep 2021 18:38:05 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id sbBUbMVVgR2x for <cbor@ietf.org>; Sun, 12 Sep 2021 18:37:57 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7F8A039E27 for <cbor@ietf.org>; Sun, 12 Sep 2021 18:37:57 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 17D313FB for <cbor@ietf.org>; Sun, 12 Sep 2021 18:31:17 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: cbor@ietf.org
In-Reply-To: <cbor-wg/cbor-magic-number/issues/10@github.com>
References: <cbor-wg/cbor-magic-number/issues/10@github.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 12 Sep 2021 18:31:17 -0400
Message-ID: <24784.1631485877@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/htiw3YvWf8VVA_7QFoHYYkaufaI>
Subject: Re: [Cbor] [cbor-wg/cbor-magic-number] WGLC review (#10)
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Sep 2021 22:31:35 -0000

John Mattsson <notifications@github.com> wrote:
    > I provided I review as requested during the last IETF meeting. I just
    > looked at -04 as I plan to use this for C509. Seems like you might have
    > missed the mail with my review so I repost it here. Use it as you wish.

    > https://mailarchive.ietf.org/arch/msg/cbor/mxVhcytAIBgPqMCGwlQwXYZiOOo/

I'm sorry that I missed your July 31st review.
I don't think that posting it to the github is the best way.

    > - "as is a file extension" The draft does not say anything about how to
    > chose a file extension. I think the needs to say something and give
    > guidance. Are protocols supposed to use some generic ".cbor" or use
    > there own like ".c509". Is it recommended to use several tags with the
    > same extension, i.e., should .c509 be used for several different tags
    > (chain, bag, CSR, CRL,...) or should each tag use its own file
    > extension. In the later case it would be good if the file extension was
    > registered together with tag number in IANA.

I'm sorry, but it is not my intention to make any recommendations on file extensions.
I have no opinion.

    > - I think it would help the reader to have an examples (CBOR diagnostic
    > + CBOR encoding) already in Sections 3.1 and 3.2.  Something like the
    > example in appendix B: "55800(1330664270(h'424F52'))" Example CBOR
    > protocol values and the resulting bytes in the file would be even
    > better and would really help to make the draft easy to understand.

So, you'd like an example in this section.
I can do that.

    > Minor comments:

    > - "MacOS" The official spelling of the current version is "macOS"

    > - "classic MacOS..."  Earlier versions were "Mac OS", "Mac OS X", and
    > "OS X".

okay.

    > - "such as when attempting to do forensics on a damaged system" Is that
    > important enough to motivate additional bytes for Iot devices?

First, who said the damaged device was an IoT device, as opposed to the
system that was used to program/design the IoT device?
Second, IoT devices regularly have multiple megabytes of flash now.

    > - "ZIP files of XML files."  Also media and fonts etc.

Yes, so what would you like you say here?
That font files are also ZIP files?

    > - "artifacts" Is artifacts the right word here?

Yes.

    > - "A magic number is ideally a unique fingerprint, present in the first
    > 4 or 8 bytes of the file" "that results in a deterministic first 8 to
    > 12 bytes" You should explain why you did not chose the "ideal"
    > solution, or change the text on what is ideal.

I think that I did exactly that.

    > - Would be good with a sentence explaining that if the protocol is a
    > CBOR sequence then 3.1 cannot be used.

    > - "for each tag number NNNN, the representation of content-format
    > (RFC7252) NNNN-1668546560" I don't understand the ” NNNN-1668546560”
    > notation. Should it be NNNN + 1668546560 ?

No, because the tag number is NNNN, not the Content Format.
I changed it in a future version to NNNNNNNN to emphasis that it's the bigger number.
I also had to read this text twice to be sure.

    > - "Subregistry" RFC 8126 states that the term subregistry was
    > unfortunatly used in the past. I think "CoAP Content-Formats" is a
    > registry in the "Constrained RESTful Environments (CoRE) Parameters"
    > group.

Carsten?

    > - "00000000 d9 d9 f8 da 4f 50 53 4e 43 42 4f 52 |....OPSNCBOR|" I don’t
    > understand where the zeroes come from? Seems like postfix instead of
    > prefix.

000000000 is the offset in the file.

    > OLD "Both OpenOffice or MSOffice files" NEW "Both OpenOffice and
    > MSOffice files"

What's the change?

    > OLD "QRcode" NEW "QR code"

okay.

    > OLD "This new sequence of tags are" NEW "This new sequence of tags is"

okay.

    > OLD "the the use of CBOR" NEW "the use of CBOR"

already fixed.

    > OLD "private keys, certificate requests and S/MIME content."  NEW
    > "private keys, certificate requests, and S/MIME content."  (IETF use
    > the Oxford comma)

thanks.

    > OLD "certificate requests" NEW "certification requests" or "certificate
    > signing request"

RFC7030 calls thems Certificate Signing Requests.
RFC5280 does not use the term.
RFC4210 speaks of Certification Requests, but not CSRs.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email