Re: [Cbor] 🔔 WGLC with request for reviews on cbor-file-magic-02

John Mattsson <john.mattsson@ericsson.com> Sat, 31 July 2021 10:02 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56E903A2045 for <cbor@ietfa.amsl.com>; Sat, 31 Jul 2021 03:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yv9r6702-Wcz for <cbor@ietfa.amsl.com>; Sat, 31 Jul 2021 03:02:45 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2051.outbound.protection.outlook.com [40.107.22.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 472C13A2042 for <cbor@ietf.org>; Sat, 31 Jul 2021 03:02:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cfjfe+GwPggvL2LpW9RTEV9p+HshSC90+9iWKaKB2OxPXSCaE86Mz4RA1K4ikhGhE0WMa3oaWjbA9pTE97Hwwe/h1uXlZ907N2vKi56Go/PGFNY8GJR8fv32ILn5EbjC2tv/dtBNmPctpH11bhe359f4atGjHkJ139wO4FDGq1FVfN2bninHpcJZdqn0aSHAwHmbCJztTg8k63GKYVPrKDCLtr+0bvZYAejILXivwSyk2xET++z4FuXn4BU/UKX+QEohWuKxYk3nu4hqXSHyjpL49xEl2r6pJ1DfteaNehq1WjFS37h+2r4pTo8tt29D/CWY7MrUWng8Fi4SwLtgaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o4aGi4aC863ZcGS6P6/DlTvn9GhxB4+Iw8+EKJjKqog=; b=dJJ7mJDKMblpCEXBkzEEo2HQLlyENuaY2XmmVJpDnoVmj4oqvWCgD7KBf8vnR/7CmbHuq9XrEqw3e6VOD87q6eMejV2RMcHQKn+jO50Kc9qpGvccuRVECXK4/++CR+q+0yf6+axrPVXCbuKjNCrNXIiFclerGEHa5xAg1OG6PXWswkenRNKMI+FpCxje/q+5LmYxloovflFDcXhtHq7FKhl+0k0nHPITMiNePLknwwtR+2jaY6XjRnKFlyGg9R7294BHHA9PEPdUMUoh/TXAmQUf5lJtxvSLhf/TXBslepWacydYGbCmDSsY35U9O0awPQaM7Ehiyf/98zmxXUSZVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o4aGi4aC863ZcGS6P6/DlTvn9GhxB4+Iw8+EKJjKqog=; b=suyUVtmX0+PD1xdascUaBDWTkLJXLehYpd9Cyf8RKOkZy5Ef8Re8OHAnhnRgKBvVfXk+NOZuE3UAG0pLgtW3zxQaT1Udx01Lt2AWpwHviGS5REqRTMlgeXpGtMVtwQCjx2UjztHkCa6HFToY2WUzf30uaOOSkAWKjShUQHOW+lw=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR07MB4394.eurprd07.prod.outlook.com (2603:10a6:7:a0::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.12; Sat, 31 Jul 2021 10:02:38 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b%5]) with mapi id 15.20.4394.014; Sat, 31 Jul 2021 10:02:38 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cbor@ietf.org" <cbor@ietf.org>
Thread-Topic: =?utf-8?B?W0Nib3JdIPCflJQgV0dMQyB3aXRoIHJlcXVlc3QgZm9yIHJldmlld3Mgb24g?= =?utf-8?Q?cbor-file-magic-02?=
Thread-Index: AQHXhfAS9Se2kHf+O0W9QT88ioknUQ==
Date: Sat, 31 Jul 2021 10:02:37 +0000
Message-ID: <HE1PR0701MB3050661AAA66295ECE439A4089ED9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b83f8958-dac8-495e-3743-08d9540a53d8
x-ms-traffictypediagnostic: HE1PR07MB4394:
x-microsoft-antispam-prvs: <HE1PR07MB43941E6D7718407004AFD7CC89ED9@HE1PR07MB4394.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: abey2dydbxg7CUg6Y/TCziAOmHvs/73d8qkWQGiYbnX/L05j8lqBkiS4M3452CMEKg7mfJqb4OsXAy9uZHnTHtyH6MuXPx4JC+QXiEFD/iGqgFD1t72qmbGrvRIjhgrqckoslYvNYDFHoWe1pvz1hCfD13n/gFSDXUmn9QcgcObcLMlMO6wRuImFpzogu/c5c7Y6N76MU8dHbHf0hXD1TSOYxM+xgJCkJbUXsZWFukjsjtkxZ6Xclg/MNCAKyBLxuLTmhC/Dm2U0MwGKp5UhGq5YiHEziMBn4Rra89j4aZJNgdtzzI5wU5qZC8QTJgC5cWNwq3cENo6hGhKQZtb8nH/7l/y2WIDToo8/J/8pKMsqlihFlmEww6BQGwME22VrGrtwpnkAeEKVIrz5nMME7qZ9tSkp2cRSBZBMCYwU47flGgBZqHssp8eObeY0Y5CFTZhIF9D9uiDvqPv7f60Fqw1vtmcdW5aJixHpbVswEq22TOA5CIaGVYi5fpOZXmtkR/2exx4E+WX+fdbuyXjqxTsKMZbQOzRGkUhn3gnwim/K/5YkADm2G/9bWanuqtODWafXafoT4V76AJxmdE0pFghxaT9uw9VQ+tVH6n65NiIPKrObZhtghEJtoqY6y5YVJwFbsAa1gsx8wgzZfz+IATKSnnoGR71Q1UGHxruYXOkupBheYISUYg48xwVFhBeFDhvxlI8Ppj8L8XnfOZ17Wg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(508600001)(71200400001)(52536014)(186003)(7696005)(26005)(66946007)(8936002)(2906002)(55016002)(38070700005)(6506007)(76116006)(38100700002)(122000001)(316002)(86362001)(9686003)(44832011)(66446008)(66556008)(5660300002)(64756008)(33656002)(6916009)(66476007)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?YnpNbWRKUVRTMTZnTWlnTFNzSkpLUnUwWEZ6SXN5RUordjQxb09xcFh5R3Ux?= =?utf-8?B?VzZ4djFWZXgzbi9kRzErbVNpQ3k4ZEFKdDB0SHdFeTNvL3VjSFpmUTJ1MW9S?= =?utf-8?B?b3RKQVRYdG5LRCt2TkduaCs2eVI1MERYQzBNbFlBTmxaeHNZZ2xsbk9VSXU2?= =?utf-8?B?QXdhSTBMeExocC9Ob1VVeGExMDFPMGR1ak5rU0dORXVXR3VYRXR5Q0l4Qnh1?= =?utf-8?B?Sk4zTy9DL0VGVmlkeEFhWmVZZWpJT3ZoQkJTamI4Q3BLUnNZQWp6bWJ5aGFI?= =?utf-8?B?TWdjbG9uQ3RvTWlrMDkvaG01eGVtNU1Obk1wVGtOS2NLdmdWN2NxMmVHeGtW?= =?utf-8?B?WVhXUXhPM2JFWE56U1ZCaDlDUm1sYjFyK3c4a3BnVERLcEZBc0crQlU2eStR?= =?utf-8?B?NS92UGJkdjVRekNHWm14ZVQ3Q3RjMHJEK1pDUEhtRHNnaStBVE1weHNjYUFv?= =?utf-8?B?VHdtMXQ0dXkxRUExenhiTXB5R04vNjg5TFlwdWNZQitUQTNiQUd0S2xVUnV1?= =?utf-8?B?RWZYc1lNcnZKRm1MKzlaOHZrcnBvK0Z6NlFEWDlkak5oZThmaVQvdi8zM0c5?= =?utf-8?B?NndHRnJsbUpMb2hkTFpUTER3UlNWRUNrdG9EMXB1bU0zMmd6bGwvT2J6QkFD?= =?utf-8?B?VktSbldoNkRwMkxqVHVCalZrQW5sMHJqMEd0MWxPRUZvQTRBdWdtdE1MWENY?= =?utf-8?B?UGgzS0VCSDB2TGUrbDdNa0xobW50alNUZE5VNkdKbXhqcDViaGJjZVpiaHdq?= =?utf-8?B?RGYxcTNqbExzSzIyUmVwSkd0VkpIMCtEWGswZUh0dGZxQmJxWUNqYTNUQzFo?= =?utf-8?B?dUpVUWtyY1dqYVNGM3hXeTRsNHE0Y1ROVjZidHFNVitrUXJKRElBdTAzdG1k?= =?utf-8?B?a1NIVW45eGtPOXJ1SUVDMTVmTTFHZTA1djkyelV1ZW13czBoY0NJNGlUa2dD?= =?utf-8?B?ei9MampKcXRjQkJDRm1WVC9wVEFDV1hmUDVENUFySWk2VXZobDhlM0VYS25X?= =?utf-8?B?WERJMDRqNmExbjQ3UHF3dDEvSEhyTlNvb0M4aWdzT1hjdTE3MWducldqejdM?= =?utf-8?B?bGFRNEhJNWEvVVMrS3lmd05BSmo5bW1XMk1jbHZ0eGRTTFp1K1VxbTVnRXYv?= =?utf-8?B?V3pMeDE4TEp0UnYyYlBZUCtxUlFaeHRtREtUSlVQMXRaLzB1ek4xd1laODZL?= =?utf-8?B?SU9kTjZVQ01zWDNwK01hV09WRFhtcEtPMVVpS2k3MjVtR0xDeUE0NFk3VkJW?= =?utf-8?B?VUVBMDdOMUl0TVh3NkdtR2NNczY4QXFXYnR2NldES3dadjNGaExNeUdmUXpQ?= =?utf-8?B?MWk2cWJzZEF2RmRmbUdyQVdvTmtBbUJEeWoybDh6YzJjc0MrWGNCYVcyb01Z?= =?utf-8?B?NWJybzRyaWpmdzQvcHNVaHg4NkM1RklJTXpZODF4RjQxQm9mOFozZ1FGZm1I?= =?utf-8?B?bU95a0tWUjBqRFhuZTFZQlkrTzhCMXZlRVlFRzFFd2M1ZVZIby9LOTBzT3lR?= =?utf-8?B?eGJUbXJqV1lRTDJrbVZxZUFUZy9WZXZTdmllNzhQL0UxYnpwV093eDhiNW5r?= =?utf-8?B?R1c4RllRV2FUVEp4ck9ob1NpNSt6T29oZm1CYmZoVjdwR1BtemNvRkx2YWlu?= =?utf-8?B?Yzl3SGw5eGk5OGMySkY4cWdFYzI5bFNtZlhPNFVwODZ2dU10NHJXRCthblF6?= =?utf-8?B?aEsrRjhpQWRUeWhVWldpQ00rUE44MHpIVU1kYjdiYXAxVlZwbUJBa3FxeG94?= =?utf-8?B?RWozU1ZtTzVnUDBrZHpjSGFyZ2w1SFRVckphcXZNOXBXWnVMUDh3RFpPYUF5?= =?utf-8?B?VVYxMjdXTmhBazBSbWpTUT09?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050661AAA66295ECE439A4089ED9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b83f8958-dac8-495e-3743-08d9540a53d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2021 10:02:37.8842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Z0iXcrYIMC+qKFR7D9w3qun0uVOS51Ke5I2GtfB/b+IihHYAj7ziNDEvBUWDfRtGyf0y42Un/0nTQkAe5Tkq9t5wDGyGjek2CTJgl7QWrpM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4394
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/mxVhcytAIBgPqMCGwlQwXYZiOOo>
Subject: Re: [Cbor] =?utf-8?q?=F0=9F=94=94_WGLC_with_request_for_reviews_on_c?= =?utf-8?q?bor-file-magic-02?=
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 10:02:50 -0000

Hi,

I have reviewed the submitted version -02. I have not looked at GiHub. COSE will likely use this for C509 and will try to specify that use soon.

I think the draft is in a good state. My comments are mostly non-technical.

Cheers,
John


Major comments:

- "as is a file extension"
The draft does not say anything about how to chose a file extension. I think the needs to say something and give guidance. Are protocols supposed to use some generic ".cbor" or use there own like ".c509". Is it recommended to use several tags with the same extension, i.e., should .c509 be used for several different tags (chain, bag, CSR, CRL,...) or should each tag use its own file extension. In the later case it would be good if the file extension was registered together with tag number in IANA.

- I think it would help the reader to have an examples (CBOR diagnostic + CBOR encoding) already in Sections 3.1 and 3.2.
  Something like the example in appendix B: "55800(1330664270(h'424F52'))"
  Example CBOR protocol values and the resulting bytes in the file would be even better and would really help to make the draft easy to understand.


Minor comments:

- "MacOS"
The official spelling of the current version is "macOS"

- "classic MacOS..."
Earlier versions were "Mac OS", "Mac OS X", and "OS X".

- "such as when attempting to do forensics on a damaged system"
Is that important enough to motivate additional bytes for Iot devices?

- "ZIP files of XML files."
Also media and fonts etc.

- "artifacts"
Is artifacts the right word here?

- "A magic number is ideally a unique fingerprint, present in the first 4 or 8 bytes of the file"
  "that results in a deterministic first 8 to 12 bytes"
  You should explain why you did not chose the "ideal" solution, or change the text on what is ideal.

- Would be good with a sentence explaining that if the protocol is a CBOR sequence then 3.1 cannot be used.

- "for each tag number NNNN, the representation of content-format (RFC7252) NNNN-1668546560"
  I don't understand the ” NNNN-1668546560” notation. Should it be NNNN + 1668546560 ?

- "Subregistry"
RFC 8126 states that the term subregistry was unfortunatly used in the past. I think "CoAP Content-Formats" is a registry in the "Constrained RESTful Environments (CoRE) Parameters" group.

- "00000000  d9 d9 f8 da 4f 50 53 4e  43 42 4f 52         |....OPSNCBOR|"
I don’t understand where the zeroes come from? Seems like postfix instead of prefix.

OLD "Both OpenOffice or MSOffice files"
NEW "Both OpenOffice and MSOffice files"

OLD "QRcode"
NEW "QR code"

OLD "This new sequence of tags are"
NEW "This new sequence of tags is"

OLD "the the use of CBOR"
NEW "the use of CBOR"

OLD "private keys, certificate requests and S/MIME content."
NEW "private keys, certificate requests, and S/MIME content."
(IETF use the Oxford comma)

OLD "certificate requests"
NEW "certification requests" or "certificate signing request"