Re: [Cbor] Do we care about array-tags issue 6, clamped-uint8 arrays?

Jim Schaad <ietf@augustcellars.com> Fri, 26 July 2019 14:08 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D664D120044 for <cbor@ietfa.amsl.com>; Fri, 26 Jul 2019 07:08:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ijNjnwkNnI5 for <cbor@ietfa.amsl.com>; Fri, 26 Jul 2019 07:08:45 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 923D0120072 for <cbor@ietf.org>; Fri, 26 Jul 2019 07:08:21 -0700 (PDT)
Received: from Jude (31.133.136.216) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 26 Jul 2019 07:08:14 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Carsten Bormann' <cabo@tzi.org>, 'Jeffrey Yasskin' <jyasskin@google.com>
CC: <cbor@ietf.org>, 'Sean Leonard' <dev+ietf@seantek.com>
References: <CANh-dXkkSJUOcHcBj1JRO20ULFVNNbu1GQU-j7bR7N-FCTt3HA@mail.gmail.com> <24038E27-C30B-47F4-91E8-68C02FCAE26D@tzi.org> <CANh-dXm0TLShk_9DT9fKq0CR4yJMr6=zntWL8fW2tB99o0Et3Q@mail.gmail.com> <3246C0B0-C5BF-4AC8-B99F-D9A44B780A2C@seantek.com> <DECE061A-328D-4B1B-BEB5-D73F5779B554@tzi.org> <1C432DAE-ABAA-4E02-84FB-57109563A86F@seantek.com> <CANh-dX===wNGksTGUEjireODnQHPmUJQUJ7XJh+U-4bGGjErfg@mail.gmail.com> <9F8F7DEB-54B1-4114-B211-9D8A1A685523@tzi.org>
In-Reply-To: <9F8F7DEB-54B1-4114-B211-9D8A1A685523@tzi.org>
Date: Fri, 26 Jul 2019 10:08:11 -0400
Message-ID: <046501d543bb$90f52d30$b2df8790$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQK/Tufj5AbRSJa8nmBSWNHNjScWbwIJz96mAaxsNKwB0TlobgLRCBxtAvmG4zUCPt//8wGfgnXfpI9UHVA=
Content-Language: en-us
X-Originating-IP: [31.133.136.216]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/mae7iQ6wS0yNE1rAu5s--cpZITU>
Subject: Re: [Cbor] Do we care about array-tags issue 6, clamped-uint8 arrays?
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 14:08:48 -0000

Chairs:

We are expecting that Carsten will provide a pull request with the suggested Security Considerations changes to deal with this issue:

As Individual: 
See below.

-----Original Message-----
From: CBOR <cbor-bounces@ietf.org>; On Behalf Of Carsten Bormann
Sent: Thursday, July 25, 2019 10:07 PM
To: Jeffrey Yasskin <jyasskin@google.com>;
Cc: cbor@ietf.org; Sean Leonard <dev+ietf@seantek.com>;
Subject: Re: [Cbor] Do we care about array-tags issue 6, clamped-uint8 arrays?

On Jul 25, 2019, at 16:36, Jeffrey Yasskin <jyasskin@google.com>; wrote:
> 
> I remain
> uncomfortable with having a serialization format describe behaviors 
> that the data had or should have when it was or is loaded into a 
> program.

I don’t know how to avoid that.  If the input is an array, in most generic decoders I get an array to work from.  If the input is instead a map, I get a map (or a JavaScript object); that has quite different behavior.  So the supplier of the input already has a lot of control over the data structures that are input to my system.  Uint8ClampedArray just adds a slight twist to that as it might look too much like a Uint8Array.
None of this relieves an application of validating its input — with a standard serialization format and a robust generic decoder, this can now simply be done on a higher level.

[JLS]  In many respects I kind of agree with Carsten on this.   When I look at this I have a hard time distinguishing between this case and some of the other cases where similar rules are also being required.  For example, if you tag something as UTF-8 or as MIME, the sender is controlling how both the generic decoder and the application are supposed to handle this information.   If I created a tag which defined a subset of UTF-8 then this would be even more true.   For my application both Uint8ClampedArray and Uint8Array would be placed in the same data structure type as I don't have a native type for clamped arrays.  There are then rules on how I manipulate the data.  The same is true for the subset of UTF-8.  This is going to be put into a native format for my machine - maybe UTF16 since that is the native C# data type - but there are still rules on what can be done with the data and how it can be changed.  The application is not permitted to place items in the string which do not match the legal subset of strings allowed.

Jim


Grüße, Carsten

_______________________________________________
CBOR mailing list
CBOR@ietf.org
https://www.ietf.org/mailman/listinfo/cbor