IETF Logo Mail Archive

[Cbor] AD review of draft-ietf-cbor-file-magic-10

Francesca Palombini <francesca.palombini@ericsson.com> Fri, 01 April 2022 15:56 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 619B03A1953; Fri, 1 Apr 2022 08:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8hrar_oWDXC; Fri, 1 Apr 2022 08:56:52 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on0601.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B38593A196D; Fri, 1 Apr 2022 08:56:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dNxtMMRHAVWLZvGJiwzXAC7QJ3uR0zrjU/UMqVnWy0P6/huZO7d2tGa95NUnEQtyT+Crw72r/TNGH2WuPQ16xKfE+jUbxj7bjXDvAenzICb8GIDb1vxRArCRNQbcgNN+4S5VoGXIhJBvOydtv8LW/nnLhFwxN6MYXlwHrJLcWgvEqf3OWQAQ2WSjkdwOUki4Ql372aXH9KzxOAn1VczFydkXcuURXChFB5NWN24WEKtmA4rVRr+sULmSPK/OsGNe1kZN64gVXFA/V4soqJVL2+CVLy7TpdYywzgqOK/gXjl4xWf5rikdtxlQ6OrAlupE8rcAOv++JxcSBg+6yVkwpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EKdXShcXG0xYPRWRKnbveQv7LDg8mH8KYVRHa1MsPSE=; b=PTSiyDMppMMBFd7yjIEIO3pnSDpjGsYjKgFjIZBJ1iMHwF9GLk3BsOklJYJRJSG4y6FV6Oqlo8es3KzurJIO3VIIqcrnWasrf41KONYoRNHrOCrArIKr/VXiq28g9og5ycqj1Gj/fmm86pjb2S0/B+3Sjg+AJrmdm423fu8qxrMPOBlizXJboFikSELFHpe56nOdD/JTXk6L5uziOtdsWoAKqfDu291+ZjL4/NJXJKpcuAL5w0QdYjWikWyayqsLdzm++lkfu7EADQhRvthsEMkLFiw0CPaR9oLZtdULlG2LD0ItRF88zyDXakV2Hp77Amzcku3bRca4HsbxT7Mafw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EKdXShcXG0xYPRWRKnbveQv7LDg8mH8KYVRHa1MsPSE=; b=C2fr0lwqroORy3FaJPBOB4Wtu9FBCC8IeAMP23Nq5+NxaeK+/EpV1ha7+JsA7ceJYapymW5Ceab5tVcwriw+sGHjRyXSXHBRlVYuaOHf3FGCX+GXVWkpUqWQYWkNhn14XQS0Wdt1FVcXM2Db9D7HE4uJFW1sZW8mfiMZkkXcJ+s=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by DB6PR07MB4263.eurprd07.prod.outlook.com (2603:10a6:6:50::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.25; Fri, 1 Apr 2022 15:56:46 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::5c96:9284:fd99:5332]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::5c96:9284:fd99:5332%3]) with mapi id 15.20.5123.019; Fri, 1 Apr 2022 15:56:45 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "draft-ietf-cbor-file-magic@ietf.org" <draft-ietf-cbor-file-magic@ietf.org>, "cbor@ietf.org" <cbor@ietf.org>
Thread-Topic: AD review of draft-ietf-cbor-file-magic-10
Thread-Index: AQHYReCh3PSZ9csHykqgWEwiDL21fA==
Date: Fri, 01 Apr 2022 15:56:45 +0000
Message-ID: <HE1PR07MB4217656476550D97A1ACEA6A98E09@HE1PR07MB4217.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 708c3c80-8730-4b22-2982-08da13f83939
x-ms-traffictypediagnostic: DB6PR07MB4263:EE_
x-microsoft-antispam-prvs: <DB6PR07MB4263E50679E2884136BBD69798E09@DB6PR07MB4263.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uant3cj4n6iUI4d9bdja0hOBnmZH9BnypxMWa1YPqPqZwXFbUEZOvbAtfH1iiNwHANXXsNyqmA2T9herNY7WAJkN1PQJw0sg44jwIJu4JSdy7QY0uWqfUgCGcc2+OCWQkj9bJgScKMzwYVJsjiFrjCG5ZKS76LPEHBMvEcb4iY1j5TazkPt1MqJaqINzdNg6pr0hkigpiXM6RNLcEbRqGpq3mGeHvEf+0E8PmYFgZK7NCnN76JbBSvPKNGZpYJnPr18r8i3+CacoZ1iIgWYW46E7fybw0znnCBpo+8WSNxQE4ofkTEXPYpUApA5uSYhPu//lWIz+TY5JbFBD7DhRa3GVlva8G71ApJ1MP1B8JwEYJunt2Ub5CepxxizxBMkO0YY9iAzhHAbJCngSCiMJgHHFFfldMplprnursSyUh7jOrErkSMUKephn8UUndlf16PVnV97OjAqr8a7tZ1P+LwAcn9XG4qY8iRMJalUtu5fkTI/ru4o2k9O92yA6Hdd+Y0Gxs5O2+yOfMnldUorCPXDfyNxKazpU7Vs9vipaFQWcauPKVV+/D/HgqHmTsRji4GWwjVloQ6d8QfILdUVMzJ0EzCdeW/KFanssk/H6ytIYpsv9+FEkz5Ug4hRHmBxt8zjKjZNjyNP6Pt1hrTmhmEkcDpV+8JoVDSbWdh3/WF0LHs3tghse3aBOGcIVJ5cDUCs9D0blAyZQLoQSq/6k+pDJQH1nXBzTQhAIB9fyVZ2Qgeh1kK/WcHQK3dw01Jeq1lq2ltTVNWXH07A/uba22vkGe8KEaaHBAena4ksAMRrAy9YDH+yRdzwHkCGf8vNrkBYMbGSFs8MheUAehbyhhA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(33656002)(8936002)(55016003)(316002)(44832011)(508600001)(110136005)(83380400001)(966005)(52536014)(38070700005)(450100002)(82960400001)(9686003)(91956017)(64756008)(2906002)(71200400001)(5660300002)(66446008)(86362001)(8676002)(6506007)(7696005)(66476007)(186003)(122000001)(66556008)(76116006)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: CUFPj5g40BTVQnobcy2VaJRa0/nh+e99GLBoIzHfz+alRS6XSJBzBxxhYm01F/RiBIh/bafhRhW68kP4u/hOa1EGtWfP5glwqZfkct8EH6uegKc5EmhUnJdiRe4eLuQ6WffXpZz6qOXiauEV1YT5J5/yu0xhByerp67yHxymR+AT36u5XA3HsXiX2+qyGtPk9UpZuItsXshiAL6XOhAyMlVhWKZQr9kpwMGNT/5QZ/WSAWnXYTo8Y27QL2GpD6dMpFRB/+DQ9yjz5pLaYkuKgudrPPJi7U99pNhjboVrlp7NUUCZvLQ+feKAA4W9mX/S0lwRnRW1b51M0chELMhgmR1FUXZy0WGANBDKYAyqCxeezuZLE29ObwMlla4/GdFUy2G96gRKvF8hAa2ETBuGokd1+XNmZK75RJMaNZix8xoWh0oSSxhgar7EwmNfLtX7EHHNeDRT38baPnIHf/6HIsSAkeqtiCOnFh+Tpwbe14LmOd7LJtN3wPIk+Kx2SPPHjREpREakJmSg5H8cRLG8Y7u5VNCUPFlV/YoxQpSe/SdNLhmIZ7e8VIP0b4A5mxjhCIsVDdZwxyCBZNYZ+zPiJV/Sfywab0xTxrBeTpkE0c9rwBwyDZlnjGjJJHZ/fj+WW5FC3YxDHV9kS+DEJp7v1krtTzT+jCUAvM94LP3daOV0HVyK0cbHTIX4CZqrxk4wQShhA4lU6kFbZtoC4IJkDS+TmvnHK09I7IhibDb6g6YsqL8r22gruklNQDeFKRHmoBT9srsPXMOUHKyZfqyAhtLgULEO5vXjR+23zJ/rlxAsTudr0J6cUe9f0HOKU2Dz/YKX/PdykpOLM134yJW6DwnJjTn6poAQzojiEGiGveXOJwdmDHj8cIBxCbkOXeq1FYz9zjdKqHBJVURAMRG2HxRIXa+/Tr+VAIjrtM33Dny7uAPnqiQNILWGbZ+SllrtrS6AYePyl94GQGER+VkWE7N831FclUbQkri99e6bu/zVM0eqnsILu/MUcXFpx/ePhYrjc3+7yODNG5InmtiqR4k5Z1gce63O656TIv6+QKVqpNiu/A5/0El30+QecKVsTLUFLInLYX4bjCDWs2A2cRrzReJN/rbbVzqTpHffA3GEvkdCMCTau56KDkkShXOmV5QY+ozsP9tgB9q9a5a0K+0ND9jHlNrQN3Hu95ciWFQ1uZAxfRakrou1rjnuGabjxzE7AdO8f/xMYELPyr5LsRRrouIFVBbCph7rsWnDGziyCIp5sY1b0A1+VFcRiq1fK02VUlmnmkhLDYIwEwAGqSywEO7rr77+246Nk1ouizgiriu3hvkW1FQ5UQ4JZqX90yvPJT2pcS9hELmXaPomHQt4boKu8Lv9zWfJQKgqBgZh171O+Bs8PCWpKoPwd47m0SHNSw9EV0NkCFzbqmf7stcVu2lai6tDvJ2j13TyoVrx+HdUP7dFELzvnQrc6E71nE3n6wIYGl7pzj6ghheAxmWnPcEX0kAx/eZ54r2mMNAg3u251LPGom9TrEialDFR4PIrmGhnyLsmBSJKhrQFsY9kG1X0FfJ0ubv1EH9n67HphIYdIoJBNxN6jFOXzMr62UN9VAq7ZAxSpI9Z8WcQ3CjUxejG+XQiJKu8Cy4o7X6sspcI7iPVaYXjottHUVaUSiBqTGwaHL3WTWkjlvN3hCippi3kkQMsba/iJcVpOUuX7G1Ba0oTfs1w0VVlTF2ct9MAA9kCrEIxG+FGPloB4e9cO9JBL78nUtCq1/JuPT8NXYi8DRL6mTvvBGSuluR5DKC5Jbs3
x-ms-exchange-antispam-messagedata-1: PzLexBVUfURnCEQlFR4ulaO7jWLfDo3eeRRsl8Oro9NjaLnwhotHl+slkNjJCd/PXnVjQcnyDCHl5Q==
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB4217656476550D97A1ACEA6A98E09HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 708c3c80-8730-4b22-2982-08da13f83939
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2022 15:56:45.4680 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 10vFYS3BeMplu1g/V1g5re6eG21uMEL0vUVbz/0Ac2FjnhthdxfCWmF/5mrUuo2iXUhDkswF5hRTmIkC2/VmLrgRzxI8lIAEAKl+toSmi/vZ2evRM11N8l55GZzDu5//
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB4263
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/jTswHKeR8x7LMVeCev55_Sm6JZM>
Subject: [Cbor] AD review of draft-ietf-cbor-file-magic-10
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2022 15:56:58 -0000

Thank you for this document. Here is my AD review.

The draft has a number of minor issues that can be fixed during IETF Last Call (however I suggest you do fix them asap so that reviewers won't point them out again). I also have a couple bigger questions re reasoning around motivation, context and doc structure (see 9. 15. 18. 19.), but they can be addressed with any additional Last Call comment, which I will start soon.

Thanks,
Francesca

1. -----

   servers derive the MIME-type information from file extensions.

FP: I'd suggest using the terminology "media type" rather than "MIME type" as this is not supposed to use the MacOS terminology. (see https://trac.ietf.org/trac/art/wiki/TypicalARTAreaIssues#MediaTypes)

2. -----

   It is noted that in the media type registration, that a magic number
   is asked for, if available, as is a file extension.

FP: the sentence does not parse (too many "that"?).

3. -----

   into the beginning of a CBOR format file.  Two possible methods of
   enveloping data are presented: a CBOR Protocol author will specify
   one.  (A CBOR Protocol is a specification which uses CBOR as its

FP: Suggestion to add that two methods are defined based on the data being an unique CBOR data item or a sequence of CBOR items (this becomes clear later in the text later on, but might be good to clarify for the reader at this point).

4. ----

   Examples of CBOR Protocols currently under development include CoSWID
   [I-D.ietf-sacm-coswid] and EAT [I-D.ietf-rats-eat].  COSE itself

FP: Please expand acronyms on first use (here and later - see https://www.rfc-editor.org/materials/abbrev.expansion.txt for the list of acronyms that don't need to be expanded, such as ASN.1). Also for later in the text, it would be good to add references when possible (for example, where DER or PKCS1 are mentioned).

5. -----

   A major inspiration for this document is observing the mess in
   certain ASN.1 based systems where most files are PEM encoded; these

FP: Can we replace "mess" with a less colloquial term such as "confusion"?

6. -----

   data item defined in [STD94].

   The term "diagnostic notation" refers to the human-readable notation
   for CBOR data items defined in Section 8 of [RFC8949] and Appendix G

FP: (Here and later on in the doc) Please reference consistently either STD94 or RFC8949 - just use one (and fix the reference accordingly).

7. -----

   16777216) to 0xFFFFFFFF (decimal 4294967295).  It is further
   suggested to avoid values that have an embedded zero byte in the four
   bytes of their binary representation (such as 0x12003456).

FP: Why is it suggested to avoid embedded zero byte?

8. -----

Section 2.1

FP: In this section I would also add a sentence saying that protocols registering this type of tag should also reference this specification (additionally to the registration template or any other spec they might have as reference).

9. -----

   Whether these two tags should be removed for specific further
   processing is a decision made by the CBOR Protocol specification.

FP: It is not very clear to me what the sentence adds: this does not help the implementer make that decision, since it does not give some guidance about what could be a reason for removing the tags for processing. It is a "you may do that if you so wish" without any additional information.

10. -----

Section 2.2.1.

FP: (Weak) suggestion to add an informative reference to senml+cbor Content Format IANA registration (so just to the IANA registry).

11. -----

      0x42_4F_52 ('BOR' in diagnostic notation).

FP: Could you avoid the underscores? I don't think they are necessary and they are not hex valid syntax (and same comments for other occurrences throughout the doc)

12. -----

3.  Advice to Protocol Developers

FP: Really nitpicking here :) But could we use "Protocol Authors", to be consistent with the terminology used elsewhere in the doc?

13. -----


   As an example of where there was a problem with previous security
   systems, "PEM" format certificate files grew to be able to contain
   multiple certificates by simple concatenation.  The PKCS1 format


FP: Can we add an informative reference if readers want to dive deeper into this?

14. -----

   then it may be easier to explain if the Labeled CBOR Sequence format
   is used.

FP: I am not sure I understand the meaning of the sentence.

15. -----

Section 3

FP: This is a very useful section, however I think I haven't understood from it the main advantage from using the tag wrapped vs the labeled CBOR sequence, except the fact that "programs need to be able to skip the first item of the sequence" in order to use the labeled CBOR sequence, which to me does not seem like such a huge requirement. Is that another way to say "programs that do not support CBOR sequences"? Then it would be good to explicitely state that, IMO.

16. -----

Section 5.1 and 5.2

FP: Please add that this is the CBOR Tags registry. Also please add a note to IANA that the existing registration should be updated to reference this document and update the fields as defined.

Additional comment: I think it is better to described the Data Item as "byte string" as for the current registration, rather than update to "tagged byte string" - that is not a CBOR Data Item per se.

17. -----

   Semantics:
      for each tag number NNNNNNNN, the representation of content-format
      (RFC7252) NNNNNNNN-1668546560

FP: I think this should get a reference to https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#content-formats rather than RFC7252. I also wonder how this is going to look like in the registry, but I guess IANA will tell us.

Also it is a bit confusing to use "NNNNNNNN" and not just "N" (as I read it as a decimal, and 8xN doesn't really give me any more information about the number).

18. -----

Appendix A

FP: I have some vague memory of this being discussed during interims - so please remind me if I have forgotten, but why is this an appendix rather than in the document itself?

19. -----

Appendix C

FP: I think a bit more text around the motivation and need for such a tag would be useful.

20. -----

FP: Please update the reference: draft-ietf-core-new-block has been published as RFC 9177

v2.23.0 | Report a Bug | By Email