IETF Logo Mail Archive

Re: [Cbor] Unusual map labels, dCBOR and interop

Orie Steele <orie@transmute.industries> Thu, 28 March 2024 01:58 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1B6C18DB98 for <cbor@ietfa.amsl.com>; Wed, 27 Mar 2024 18:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_4u9Co1yuee for <cbor@ietfa.amsl.com>; Wed, 27 Mar 2024 18:57:56 -0700 (PDT)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15FADC18DB97 for <cbor@ietf.org>; Wed, 27 Mar 2024 18:57:56 -0700 (PDT)
Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-5e8470c1cb7so297433a12.2 for <cbor@ietf.org>; Wed, 27 Mar 2024 18:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1711591075; x=1712195875; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Yxr59DVgKlyx8VTssvdmaof7yfVBw+gUj6FZ9zsucrk=; b=SrkfEbB8Z4RiQjN6vxnEf7L7zbWmoEuiI0iR7sqtOFPY4dYUNcYDcPO9dYj/pODQfA /PVsRrKxjmvzITSGVzkpCUna/Rm2JaTPzUX6GJGxAFC+dsLdKKUFgI4LZ8ARJm1906aV mtju8qCZpmsDCdMueuFMSOJbjHMms5EGdF2lCOUEjHcIzSZtYRiTLKjr9XhCBzMzbLSX pjXthKnoNmK3O+l+fCuf2Z6B/johfQHvVOqWPIokpuT124ioY2BDGSxQuGw89GNdvW/k zz0H2UJHg7Q7zEkbuploK3EHGM5EkovhM3B2uKyXDUSVoFR9a6PU/S6o1gYt/2F/JTBI 0bJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711591075; x=1712195875; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Yxr59DVgKlyx8VTssvdmaof7yfVBw+gUj6FZ9zsucrk=; b=SC9Vv3odJhNZUpbcYXy02iieNLupNZC3s4CET+pc8J3Ebd7qcHjcaDD/Zoq5Vlt0bz q1mFMq9i1fmxvsFYPWDDvlTfWsdsGo+cmjSAhCcym8Afbxq3C0gQZI1kYXV2KYEPCLhf 11u30CoTZ4OZKNwJtdAdeVUapjob5nN15jlKP164oWRUcHHnixo68keu0Fs1niGH2Zpt O5xr5Nz/UJ9ZeXSRZrlugZ91Db+sHqfMY78Cm4amh0jYI3RwwiYUnnUzoFuNemfykFQL RIG4OGZiowAmJLPcYuQMMBc0DxI4U3vken5vybCQVU4AZFaV7JneVcUA4Rbr2Ej0ZmSZ bziQ==
X-Forwarded-Encrypted: i=1; AJvYcCXVcMnKvfCUh+vB8b7vGdcxH8e4UDZbRDVwRgIaG5ICo2HKvfp5PDUV7AunFp4OpLHCHlcwj5C+TCxt6PCM
X-Gm-Message-State: AOJu0YznHIg5YIBmCx20MTWjA8donTpC6lNrxSAbr6W/I8tdkG89YekX GN4skqOWI0GOR5F2rHKIl9AxQ7nrjAYzIfT2FVKBy8xvXHp1ulR5eotAtmJaiVriQWdUAKe41oX jkL1RfCAawx3LeVsXDnxIftHBFsQU5Y7vZ0SYRA==
X-Google-Smtp-Source: AGHT+IGuYN9OOePKi+dJLOqP50sO83AmZGGXedptXhgjCDvR4+8ZWZsYvkZhVA428Ti4fwwKhfl/CHbrIkuHEwuGwl0=
X-Received: by 2002:a17:90a:6b82:b0:29b:961a:29c3 with SMTP id w2-20020a17090a6b8200b0029b961a29c3mr1148613pjj.49.1711591075445; Wed, 27 Mar 2024 18:57:55 -0700 (PDT)
MIME-Version: 1.0
References: <8C245824-1990-4616-AB70-FFD4FACB1AE9@island-resort.com> <11E8A8A5-D891-49FF-AF16-697C06F463B3@tzi.org> <9A0CE364-C141-4EBE-9703-292C416D12F5@island-resort.com> <3D62C4F0-D570-4EE4-AF6A-163C708AA6BE@tzi.org> <58BA8F8C-0C63-4534-9BF7-255C32D02C16@island-resort.com> <5F1E1133-4565-4D0A-98EE-A13C6F5F67AA@wolfmcnally.com>
In-Reply-To: <5F1E1133-4565-4D0A-98EE-A13C6F5F67AA@wolfmcnally.com>
From: Orie Steele <orie@transmute.industries>
Date: Wed, 27 Mar 2024 20:57:43 -0500
Message-ID: <CAN8C-_+72_H=mk6xGuSk72rZWVg9Ff0d_b_o8Rz+kRWn1FruCQ@mail.gmail.com>
To: Wolf McNally <wolf@wolfmcnally.com>
Cc: "lgl island-resort.com" <lgl@island-resort.com>, Carsten Bormann <cabo@tzi.org>, cbor@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000d9f140614aedaa2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/n3zoRL9y8uU6Ct0Hb9JvPo8C9YE>
Subject: Re: [Cbor] Unusual map labels, dCBOR and interop
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 01:58:00 -0000

Using deterministic encoding to serialize map keys is interesting.

I wonder about security issues with distinguishability.

Consider the case where a map has keys that are serialized with and without
deterministic encoding.

Restricting map keys, reminds me of another flavor of CBOR, I think it was
called dag-cbor, it required all map keys to be tstr... Whereas dCBOR
requires them all to be bstr?

Is it critical to assign unique media types in order for deserialization to
succeed?

I also wonder about interactions with COSE and related protocols especially
regarding unprotected headers.

OS






On Wed, Mar 27, 2024, 8:25 PM Wolf McNally <wolf@wolfmcnally.com> wrote:

> LL,
>
> On Mar 24, 2024, at 12:21 PM, lgl island-resort.com <lgl@island-resort.com>
> wrote:
>
> For dCBOR, I’d like to see map labels very restricted. I’m not a JSON
> user/expert, but it is a Jupiter-sized data point for me. It has massive
> use with only string labels.
>
> I’ll propose integers and strings (major types 0-3) to start discussion.
> Maps and arrays seem too much. Only strings might be OK.
>
>
> I’m not sure whether the issue you’re having is coming from a place of
> design advice, or implementation complexity. From a protocol design
> perspective, in the vast majority of cases I agree that using integers or
> strings for map keys makes the most sense. From an implementation
> perspective, our code simply incrementally manages maps by using the
> serialized CBOR of a key as the “real” key and keeps the map in sorted
> order, even though it hides this fact from the user. This lets us skip the
> sorting step during serialization, and facilitates the validation step
> during deserialization. It also lets us support arbitrary map keys per the
> CBOR spec. Obviously this isn’t the only approach that works to keeping the
> serialized map supported, its keys unique, and also support complex keys.
>
> I can imagine many use cases other than the Gordian Envelope finding dCBOR
> highly desirable because it eliminates all the CBOR stuff that is variable
> and a lot of stuff that is hard to understand. Most people aren’t as smart
> or as into this stuff as we are. Simple map labels line up with this.
>
>
> Again, the goal of dCBOR wasn’t “simple CBOR,” although it has some of
> that flavor, but “deterministic CBOR” as its name suggests, and I’ve kept
> that foremost in the design choices I made in its specification. I can see
> why someone might define an “sCBOR” protocol that further restricts dCBOR,
> but inasmuch as dCBOR meets its original goals, I don’t see the point of
> restricting it further.
>
> ~ Wolf
> _______________________________________________
> CBOR mailing list
> CBOR@ietf.org
> https://www.ietf.org/mailman/listinfo/cbor
>

v2.23.0 | Report a Bug | By Email