IETF Logo Mail Archive

[Cbor] Re: dCBOR: Normalization of Strings

Carsten Bormann <cabo@tzi.org> Mon, 29 July 2024 22:29 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5B9C14F681 for <cbor@ietfa.amsl.com>; Mon, 29 Jul 2024 15:29:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uCzlqwb5UTS7 for <cbor@ietfa.amsl.com>; Mon, 29 Jul 2024 15:29:10 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93813C14F68C for <cbor@ietf.org>; Mon, 29 Jul 2024 15:29:09 -0700 (PDT)
Received: from smtpclient.apple (p200300f5ff074b560c68abb61b8fe5e9.dip0.t-ipconnect.de [IPv6:2003:f5:ff07:4b56:c68:abb6:1b8f:e5e9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4WXtLn0knqzDCbZ; Tue, 30 Jul 2024 00:29:05 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <F478C23D-EFE8-4D54-AB9E-28FE3856E940@cursive.net>
Date: Tue, 30 Jul 2024 00:28:54 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <8669D95A-79F5-412E-822D-CF71C9AFA170@tzi.org>
References: <E8325093-F005-4A56-8AFB-9C1637E19EA4@wolfmcnally.com> <F04DCC66-CECA-4FFD-9AF1-C58F983A8EF1@cursive.net> <6CF47BC0-D918-43A8-826D-457AF6FFFB3B@tzi.org> <F478C23D-EFE8-4D54-AB9E-28FE3856E940@cursive.net>
To: Joe Hildebrand <hildjj@cursive.net>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: QYGZEIIKOWMMZDSKRRNKKRUMCLVXWTMF
X-Message-ID-Hash: QYGZEIIKOWMMZDSKRRNKKRUMCLVXWTMF
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Wolf McNally <wolf@wolfmcnally.com>, CBOR <cbor@ietf.org>, Christopher Allen <christophera@lifewithalacrity.com>, Shannon Appelcline <shannon.appelcline@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Cbor] Re: dCBOR: Normalization of Strings
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/lP0ejtynfvoN6JW14JMaTk55PGg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>

On 29. Jul 2024, at 18:00, Joe Hildebrand <hildjj@cursive.net> wrote:
> 
> Why would text in your application be in NFC form already?

I’m thinking about applications that build CBOR data items from data that are in a database.
While database normalization is much more than what we are discussing here, the database could make sure to have NFC forms of the text strings it stores.

> Note that you have to at least check that whatever strings that needed to be normalized is in the correct format before trusting that the deterministic encoding was done correctly, which means every step in the process that relies on determinism is going to be doing this expensive check.

This is a good point — one may be able to identify steps that actually do not need that verification.

> I'd need to know more about the particular application to have an opinion on whether all of the text needs to be normalized.

The text will be used for signing inputs, or hash values will be extracted that simply will not match if the normalization isn’t done.

>  User-entered text that doesn't need to be compared against strings that were entered somewhere else probably don't need normalization, even for deterministic encoding.

Right, but that assumes you keep this text as entered, as opposed to canonical forms in a database.
(In many cases, you’ll need functions such as search that does provide access to a normalized form.)

Grüße, Carsten

v2.38.3 | Report a Bug | By Email | System Status