Re: [Cbor] [COSE] CBOR magic number, file format and tags

Laurence Lundblade <> Sat, 23 January 2021 20:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DC0913A0D9D for <>; Sat, 23 Jan 2021 12:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 88MCZ_D3Gzvk for <>; Sat, 23 Jan 2021 12:36:11 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A017D3A0CC1 for <>; Sat, 23 Jan 2021 12:36:11 -0800 (PST)
Received: from [] ([]) by :SMTPAUTH: with ESMTPA id 3PdilVYVxadtz3Pdjl4NSU; Sat, 23 Jan 2021 13:36:11 -0700
X-CMAE-Analysis: v=2.4 cv=He3R8gI8 c=1 sm=1 tr=0 ts=600c88bb a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=gKmFwSsBAAAA:8 a=wh29FQHvAAAA:8 a=48vgC7mUAAAA:8 a=2mlRVy4LF0kdu59ZuA8A:9 a=ejogz6UW6PrXvIFk:21 a=DrZspXItkYScIyNf:21 a=QEXdDO2ut3YA:10 a=M0GNvqWmc-bWtbJt:21 a=TLt5vWk0PBTPL1Yn:21 a=VO86ReMV8Kmn-hOJ:21 a=_W_S_7VecoQA:10 a=nnPW6aIcBuj1ljLj_o6Q:22 a=VXYcH7iyBJRhg1WiYCsm:22 a=w1C3t2QeGrPiZgrLijVG:22
From: Laurence Lundblade <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BC78565B-2B25-4295-839C-9D7D84B8ABDC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Sat, 23 Jan 2021 12:36:10 -0800
In-Reply-To: <>
Cc: "Dale R. Worley" <>,, Michael Richardson <>,
To: Carsten Bormann <>
References: <> <>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfHbgXLg/pK8xQWlw5/LoCw8UG2j725OvTiPfuZURVkkV1Tfs+1rBICm47tq+XKiiK/u9M+cqqESjE2+KQiW9tsue5/BRxlyShwF+927GbTZKE0NL4Dj0 vakfbTMMuKi+4QxzfQja1dm63cEWPYgoRbMnf1UFOYfQKaNvr2lHdWQG2nSVVfmogXnEcsAeY+ok9nSkdqL0YklQ62nRmHAzKLctrG6rzY59bhxh+XrLwUaU p1yL+dfcxP8PLW9U6IDbHczrd+LeDeVXPl40kd++83Wt1KjpsDI5t0q05nBPcNay
Archived-At: <>
Subject: Re: [Cbor] [COSE] CBOR magic number, file format and tags
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 23 Jan 2021 20:36:16 -0000

My choice would be to parallel what is done for COSE, CWT and most other CBOR protocols I’ve seen:

1) Make the compressed CBOR certs an array instead of a sequence for all use. This makes it one byte bigger, but it makes it work just like the other CBOR protocols that have been defined. I see the use of CBOR sequence here as an outlier, somewhat confusing and burdensome. It is burdensome because you can’t just drop them into other CBOR protocols and because a tag for it has to be special. As far as I can tell the only reason this is a sequence and not an an array is to save the one byte. 

2) Assign a tag that indicates compressed CBOR cert and use it just like the tags for COSE and CWT or any other protocol with an identifying tag. Or said another way, most CBOR protocols have an identifying tag. Compressed CBOR certs should have one too.

3) When you put it in a file, use the 55799 magic number to indicate it is CBOR and then the compressed CBOR cert tag to indicate it is a compressed CBOR cert. If the tag number was 48 then the first bytes of the file would be:

d9 d9 f7 d8 30 8b … 

You could take d9 d9 f7 d8 30 to be the magic number for a compressed CBOR cert. The 8b is to open the array for step 1) above. When you want to put the compressed CBOR cert into a protocol message field that needs no tagging you can just exclude those five bytes. When you take it out of a protocol message and put it in a file, you add those five bytes.

This mechanism would work for CWTs and COSEs in files too.  Similarly a COSE_Sign1 CWT in a file would be:

d9 d9 f7 d8 3d d2 84

This is three nested tags 55799(61(18(…))), a COSE_Sign1 in a CWT in a 55799. You can treat d9 d9 f7 d8 3d d2 the magic number.

Or take d9 d9 f7, the 55799 tag, to be the magic number indicating CBOR causing a general CBOR dispatcher to be started. That dispatcher looks for a second tag. Based on a second tag it dispatched to the handler for the compressed cert, the CWT, the COSE, the CoSWID, the UCCS...


> On Jan 23, 2021, at 5:07 AM, Carsten Bormann <> wrote:
>> On 2021-01-23, at 04:14, Dale R. Worley <> wrote:
>> Here's an alternative.  It is aligned with the magic number tag of CBOR
>> itself (55799) and the CBOR way of doing things.  Specifically, reserve
>> a large range of tags (such as 55800 to 65000, or 100000 to 109999) for
>> use as magic numbers; the CBOR object has the appropriate magic number
>> tag applied to that, and optionally, the CBOR magic number tag 55799
>> applied to that.  That can leave the generic CBOR magic number visible
>> at the start of the file, immediately followed by the bytes of the
>> specific magic number for the object type.
> Right.  Something like this would probably make sense as an alternative to the primary approach proposed, which is based on CBOR sequences.  If you want to keep the magic-numbered file a single data item, this is the way to go.
> Two issues:
> — This should probably be a 1+4-byte tag.  The range you mention leads to a zero byte in the magic number.  Not sure if that is a bug or a feature.  (It is also way too small.)
> — As I mentioned before, we don’t have a good way to assign a purpose to a range and then let IANA do the allocation within the range.
> Grüße, Carsten
> _______________________________________________
> CBOR mailing list