IETF Logo Mail Archive

[Cbor] Re: on EDN pragmas/version - to remove controversial from -26

Vadim Goncharov <vadimnuclight@gmail.com> Fri, 12 June 2026 19:17 UTC

Return-Path: <vadimnuclight@gmail.com>
X-Original-To: cbor@mail2.ietf.org
Delivered-To: cbor@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9773F10062995 for <cbor@mail2.ietf.org>; Fri, 12 Jun 2026 12:17:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1781291864; bh=ebl3rzgxEncIQH7oObKBjc0qTrj5RcVWtlg3iKIZheY=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=vGGcNdmR/VVa3Thba/YHSQ6zLM7ofmjGrd20S9wA38eQjgmOgYfgSYy57fGkEoa8R RoVGXTbSwoY/kYwxnlmIG1XK7D9v1IBkerjl0Btb+iZ7s0ZF5GZFWCosU1bpIAek2a G7xjYMwQpLac+tvLFIivnoBTYL4H9l7T9lwpID4I=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBRBc-N71b4w for <cbor@mail2.ietf.org>; Fri, 12 Jun 2026 12:17:44 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 81170100628AE for <cbor@ietf.org>; Fri, 12 Jun 2026 12:17:28 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-5aa68dbb38aso1153482e87.2 for <cbor@ietf.org>; Fri, 12 Jun 2026 12:17:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781291847; x=1781896647; darn=ietf.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=AEDYZDQ1yLhdqfefu64ItjbNOGbM3DL15+0E0N8lnVw=; b=e4DttIeWo4efeKRAJiS2DdQhRRKJRIzpLzc2amPlG7nFvG61V0qw90SP29RW+W9ZXd s5vso7qb92ArnPT+oBdtUvPj4j7hLkmB+GSrO4B+08Tq5Ax/TkjSw1H5nVwO0ft7EHwu X/N48xaTMaO1lw3YrIaTHsX2rxzPDAXbWPBbMqO/ikNNKdkpQkcfuoHvjBhCjKzwZ9N8 JsDCVaBLqojqpuxWi970rJpy+39j+2FLAArslzdvFJIcBBlMf0nDy8p9PkKnZwuctmIC 1W5QH3ujKYOMtqMRwczGI9wqvKTzcg6XPcTQ6SJyGOepL2Yul6c/RH1QsC5IpGFvWrPm 6DkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781291847; x=1781896647; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=AEDYZDQ1yLhdqfefu64ItjbNOGbM3DL15+0E0N8lnVw=; b=EN+J0ATi56xjId0PnpgO1JkpFEGDM4oT7ifDsklIMSaenlYFKeef3t4aDtyKTcInnG kcqZiZw+jCUCF2HX+DcBl5iMVHKFW4evNir+C9bbUejd32bQTY3PghMqQTWNWXYSljBs 9vKwAd0vdpLSBvkP9LubMIzK2wnHDhBC/xNrtKqzAekzz6CIHCgXpcEohlO+EpDru/97 DNixnEUzdrHNTlN618dp92frjQKEFcbxorFQJ+s3QjC2bbKHxPVJo0ZHd40cTF+M9akW dVyy/tuQWF82Tbm4DLGRfXMFUslyRPvdMY1MgNtQaCDTZXqpBZBdOqbh14yq67v6DZqi GsJQ==
X-Forwarded-Encrypted: i=1; AFNElJ+pmCxEaKRrSGIi5GOyqqL2+T9oHmhaCYnjvjtnlDTRVPBKsdQZSS/MUSKrapsSLPdWqfT9@ietf.org
X-Gm-Message-State: AOJu0YzRxtx2Y+vH3YegYvSHRUkMfKnxW9AWoSh/1PLOmJsunOJcZmi/ VKo7/FaoKfpwttF5C9MWSV/pE1+sI247n6ilGQlXLUBtn6fYWkIMPlz0
X-Gm-Gg: Acq92OFSP/Ddig0/5Jx2p2BFvhidOGTpvYSBH4qBnz1Tv1PL2kKS4ejQbsH7FxmH/N2 UotZWTV3Nb7b14MfxacB8ujvh/REciVEpROkRyH9mkNd0SsVrKQHLj5AASNAT2+xd2otMLQeZ86 TgVZjStyd4rlR01kIQcs8sovKhYiCr8oARj131C84YUXFopt3GLAeB1RtoQw/1GoMSa06pwH/nc 89g1jZ/VkKUYVgXQLTBppbLL5a8f0Qov7+coE4UsXs2W5its4qHUWbTa3Ziqk/2L+smFyYLoKLc QfdAN76Yb4AG2LVwHWcB+2vcqtI8dnjYh81xmw16IJJ5F0P4ZixYLCkaude1n5L9ikoYLTRnWuS HyCo04QwH/8Ma1ebQXtQdpJHf55+gi+rVq6iIOYq587ai2HOV9LKq3SpXbvVgKSRzSiPujEk5P1 qSgw5rzL59y8wFuvL6Ux5XP4MIDVSmBkvBIs0R/JgOL+RAT+tHBDWvaC6nrgb6b2/7
X-Received: by 2002:ac2:5088:0:b0:5aa:6e01:ff81 with SMTP id 2adb3069b0e04-5ad2db68bfemr971174e87.24.1781291846777; Fri, 12 Jun 2026 12:17:26 -0700 (PDT)
Received: from nuclight.lan (broadband-77-37-180-76.ip.moscow.rt.ru. [77.37.180.76]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5ad2e1aeb6dsm766600e87.64.2026.06.12.12.17.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jun 2026 12:17:26 -0700 (PDT)
Date: Fri, 12 Jun 2026 22:17:23 +0300
From: Vadim Goncharov <vadimnuclight@gmail.com>
To: Joe Hildebrand <hildjj@cursive.net>
Message-ID: <20260612221723.3f70aebc@nuclight.lan>
In-Reply-To: <E52B6564-B03D-48A7-8791-0A286915E045@cursive.net>
References: <20260610190747.10266365@nuclight.lan> <2663077C-428A-4AC9-A9EF-6BF031DF654B@tzi.org> <CAKoiRuY46qSPTubwGTYwBCZp5kD5kT9VRn4UUa1Z4zBOJbJz_w@mail.gmail.com> <06299A56-BF43-4C08-A248-2C72EC5CCE44@cursive.net> <CAKoiRuZ2taTSEf5D9SLHg5agHZAbKgd8XCsrGhuLoKXLm+WnKw@mail.gmail.com> <E52B6564-B03D-48A7-8791-0A286915E045@cursive.net>
X-Mailer: Claws Mail 4.4.0 (GTK 3.24.52; amd64-portbld-freebsd13.5)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KTIIHIUKMHZXPOG7AQRUFXCRXLHULF4S
X-Message-ID-Hash: KTIIHIUKMHZXPOG7AQRUFXCRXLHULF4S
X-MailFrom: vadimnuclight@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Rohan Mahy <rohan.mahy@gmail.com>, CBOR <cbor@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cbor] Re: on EDN pragmas/version - to remove controversial from -26
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/kdA6YxoJrVZk-LtjkJQNO3_irhw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>

On Fri, 12 Jun 2026 12:29:02 -0600
Joe Hildebrand <hildjj@cursive.net> wrote:

> The goal for a lot of these is to fail fast at the beginning of ingest if
> the tool doesn't support the desired mode, and so that each document can
> have a different set of settings, I assume.  I also assume that these all
> need to be at the top of the input, so that they can't change midway through
> processing, since that would be a real pain.  

I can imagine for *some* settings to be changed in-middle or several times,
just like it is possible with pragmas in C - most often to be used for
blocks like

#pragma diagnostic <somefeature> off
...some legacy code goes here with no time to rewrite...
#pragma diagnostic <somefeature> on

but of course not for all, probably not even for most.

> It also seems (to Carsten's
> security point) that these all only occur in inputs that come from trusted
> sources, since configuring the extensions needed (including a URL to their
> implementation, if in a web context) is not something you want an attacker
> to control.

The idea here was taken from JSON SChema or JSON LD or even XML schemas when
one real document referres to some other real document. However, actual going
to such URLs should be of course disabled (at least by default) because even
DoS attacks can happen, see for more detail:
https://datatracker.ietf.org/doc/draft-bormann-t2trg-deref-id/

> At that point, whether these are inline as pragma<<>>, a configuration for
> the EDN parser or generator, or a configuration file for the EDN
> processor/generator seem like just different knobs to tweak to achieve the
> same effects.  The big difference is the tradeoff between per-document
> configuration in trusted inputs and the security downsides of allowing this
> for untrusted inputs.

Well, one still needs to tell for e.g. e'' extension from which CDDL document
to take definitions. Be that limited to just file:// URLs or EDN processor
have some "database" of allowed CDDL documents (e.g. approved by admin) or
some other way of control - that's to think later, for now we discuss a pragma
mechanism as a needed pre-requisite to it. First step.

> I'll probably implement pragma<<>> if it has the constraints from above, but
> have it off by default to avoid the security issues.  Hopefully that will
> mean that pragma<<>> will fail with an error like "pragmas are disabled.
> enable them by...".

That's exactly what needed! I've proposed #pragma form so that 8610's EDN can
also fail seeing this, as they don't support #-style comments.

> — 
> Joe Hildebrand
> 
> > On Jun 12, 2026, at 3:55 AM, Rohan Mahy <rohan.mahy@gmail.com> wrote:
> > 
> > Hi Joe,
> > Welcome back.
> > In the slides I presented Wednesday:
> > https://datatracker.ietf.org/meeting/interim-2026-cbor-11/materials/slides-interim-2026-cbor-11-sessa-edn-readability-etc-00.pdf
> > I gave some examples of the things we might need to express on slide 14:
> > 
> > In EDN to CBOR use cases:
> >     • extensions that need to be supported
> >     • for the e'' extension, the path to the corresponding CDDL file
> >     • if unknown extensions would be represented with stand-in tags
> > (default: no)
> >     • if ellipses would be converted to tags (default: no)
> >     • if maps would be presented in their order in the document, or in
> > some other order
> >     • if the document is allowed to include encoding indicators
> >     • if indefinite length encoding is allowed
> > In CBOR to EDN use cases:
> >     • any extensions that were used
> >     • if a particular CDDL document was used to parse the CBOR, a path to
> > it
> >     • if any items were elided and replaced with ellipses (ex: long bstrs)
> >     • if encoding indicators will be included for any non-preferred
> > encodings
> >     • the type of escaping done to legal unicode characters in text
> > strings, if any I hope this helps.
> > Thanks,
> > -rohan
> > 
> > 
> > On Thu, 11 Jun 2026, 21:12 Joe Hildebrand, <hildjj@cursive.net> wrote:
> > I missed a bunch of the discussion about pragmas, and so don't have a
> > great grasp over what the intended use cases are.  Do we have a list of
> > the things that are currently desired handy?
> > 
> > That being said, could we add these later with syntax like: 
> > 
> > pragma<<'commas', 'require'>>
> > 
> > In a doc that defines its own IANA registry?  That doc would need its own
> > Security Considerations section that was interesting, as well as requiring
> > all other registered pragmas to have thought about security in some way.
> > 
> > — 
> > Joe Hildebrand
> >   
> > > On Jun 10, 2026, at 11:08 PM, Rohan Mahy <rohan.mahy@gmail.com> wrote:
> > > 
> > > Carsten,
> > > First of all, I find your tone inappropriate.
> > > draft-ietf-cbor-edn-literals is supposed to be a WG document. You have
> > > added dozens of new features since -18 (many without waiting for a
> > > consensus) and then you criticize the idea of adding processing
> > > instructions/pragmas because they weren't around for the past 13
> > > years—how rich.
> > > 
> > > The fact is that the more features we add to EDN, the more we have need
> > > of something like pragmas. A bazaar-style extensibility should have
> > > always had this feature. Deployment of e'' basically requires it.
> > > 
> > > - AFAIK, we do not require a feature in CBOR to have processing
> > > instructions (or at least not urgently).
> > > 
> > > - If you want the individual processing instructions to be in EDN
> > > format, that's fine. I'm happy to send a PR once we establish we want
> > > this feature.
> > > 
> > > I believe that a lot of WG participants think it is high time that we
> > > added a pragma-like mechanism. I believe we might already have rough
> > > consensus to do so. This email is an attempt to find out.
> > > 
> > > Carsten, rather than reply to each message in this thread individually,
> > > please *wait* and let others give their opinion about whether we need
> > > such functionality or not. You have already expressed yours.
> > > 
> > > thanks,
> > > -rohan
> > > 
> > > 
> > > On Wed, 10 Jun 2026, 18:32 Carsten Bormann, <cabo@tzi.org> wrote:
> > > On 2026-06-10, at 18:07, Vadim Goncharov <vadimnuclight@gmail.com>
> > > wrote:  
> > > > 
> > > > Metadata we put at the start of an EDN text (like a pragma?)  
> > > 
> > > I usually don’t like to give potential creators of attack data items
> > > direct access to the parameters that could control the attack.
> > > 
> > > (CBOR does not have “comments" in which a pragma could be lodged either.)
> > > 
> > > Now, as I said in
> > > Archived-At:
> > > <https://mailarchive.ietf.org/arch/msg/cbor/zghWLVr2sE_sIt1REi6Kbs5VFk8>,
> > > I think some good work could be done on finding common names for the
> > > elements of such a configuration (and writing them up on the wiki); this
> > > section just mentions that we have a certain “basic” configuration in
> > > mind that should work, possibly after applying a “--basic” flag.
> > > 
> > > There is no reason to tie the timeline of the (C)(E)DN specification to
> > > the timeline of work in this space; we have been able to work with DN
> > > for 13 years now without standardizing such a configuration parameter
> > > set.
> > > 
> > > There *is* a relationship to the “serialization” work, which to a
> > > certain extent appears to be about configuring CBOR ingress, and which
> > > is generally convivial to the “profile” concept (vs. [1]).
> > > 
> > > Oh, and we don’t need a new data representation format for these
> > > configurations — we have CBOR (and (C)(E)DN if that needs to be conveyed
> > > as text).
> > > 
> > > Grüße, Carsten
> > > 
> > > [1]: Archived-At:
> > > <https://mailarchive.ietf.org/arch/msg/last-call/I0p-LwrPukye2gBllCATSwRR2Lc>
> > > 
> > > _______________________________________________
> > > CBOR mailing list -- cbor@ietf.org
> > > To unsubscribe send an email to cbor-leave@ietf.org
> > > _______________________________________________
> > > CBOR mailing list -- cbor@ietf.org
> > > To unsubscribe send an email to cbor-leave@ietf.org  
> >   
> 
> _______________________________________________
> CBOR mailing list -- cbor@ietf.org
> To unsubscribe send an email to cbor-leave@ietf.org



-- 
WBR, @nuclight

v2.46.0 | Report a Bug | By Email | System Status