IETF Logo Mail Archive

Re: [Cbor] Glitch in cddl-control AUTH48

Ira McDonald <blueroofmusic@gmail.com> Wed, 08 December 2021 15:48 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4BD3A0A85 for <cbor@ietfa.amsl.com>; Wed, 8 Dec 2021 07:48:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X-8NxwU7Sad for <cbor@ietfa.amsl.com>; Wed, 8 Dec 2021 07:48:32 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3F803A0A87 for <cbor@ietf.org>; Wed, 8 Dec 2021 07:48:31 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id o1so5470567uap.4 for <cbor@ietf.org>; Wed, 08 Dec 2021 07:48:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dQztJ6Cy4Jc4c0Cw9NcXNyUnki84Z8e2gIAe1dXSBGE=; b=k5WZyGrkNkzlgFgsZqdnkJaWF1x4bKp9vK7bxivgCeUh8xeBHayH2IgbKn7R3pwJ8M AQt3j96iGyfthEqdZTrn9w//CmOG658sOPQ/9+nqSDtZnuK9yts7mrCYdzpnMzStKwOo B+0RanCCB7fqzyyeI4f/bQiAdU1ChDR/ToHpY+WPwR04O4209Lv8nFq05yzEipH3JHzi KDAlBPxvGSNNOlufqU8GfTQyTurZTLAaNZRPLWytj+ir6W9vTY5KAHFGo5lcpEOShTeK uOtsIkfInqsqAUMn9QWQ/4abzgi2sW4CmmYOd90r/ddhWM7lm6ElByvH/zNE/AHU1cFC jGZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dQztJ6Cy4Jc4c0Cw9NcXNyUnki84Z8e2gIAe1dXSBGE=; b=uuIaokgqjGjJNsb6frMwQsSSFnomCCK42r1G8f6wAZsbZWO1cUo26b9Vc5M5DNUc7r esT4XVt1hWe/oDz8eX3u/6dc7Py8E6WNpRPNkhUxpph+4DcQh+ldItBazCGxqoGtHC/X /skeD2a4SKtwpiV6qdgaolJVA46GcQ248WwxlmOye/pcScrkbnOobxuRoBB840GDjPB4 udzSXa0icVOqMwAAB8MORzkSZAdMToSl0O64YzTN8h/qcRRIxhetKsvvxvjZSrKaCj7t KQ7pRPyBTdj0CMpWisnZyU448GdmsQ6peLXjVc1j0VUreu0mitz95zTafuYhuWmgnhr/ 2BfQ==
X-Gm-Message-State: AOAM531ETGvvbVpGYx/gQmRbZ06UAU2JDQwbm6Yq7agwdAy+tp2mHMHC Z8/AT1UY7EQOQmBV9SIMVpy+bkkwYv71IF1AUoo=
X-Google-Smtp-Source: ABdhPJxiwc9Uo/u4pqMgAr7A29mwSCVmjE65WVorJ7GqJEY+nrILkfen2RJ0f7Y+SrZ2z/yWEEolx2DjEnMFJs8cGA0=
X-Received: by 2002:a67:31d1:: with SMTP id x200mr51891125vsx.76.1638978509660; Wed, 08 Dec 2021 07:48:29 -0800 (PST)
MIME-Version: 1.0
References: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org> <BD71DE08-ABB4-445E-9215-AB8144F5A087@tzi.org>
In-Reply-To: <BD71DE08-ABB4-445E-9215-AB8144F5A087@tzi.org>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Wed, 08 Dec 2021 10:48:10 -0500
Message-ID: <CAN40gSurfgK8FCeiTO8=U3Nee36SUhAcBseAgCnqNfBj2H0+wA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>, Ira McDonald <blueroofmusic@gmail.com>
Cc: cbor@ietf.org
Content-Type: multipart/alternative; boundary="000000000000dce6a905d2a46b50"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/pnz0ruumw08UuOOd9ocg2UTdB-o>
Subject: Re: [Cbor] Glitch in cddl-control AUTH48
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 15:48:37 -0000

Hi Carsten,

+1 to correcting the oversight as you proposae, even in AUTH-48.

Cheers,
- Ira

*Ira McDonald (Musician / Software Architect)*

*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*

*Co-Chair - TCG Metadata Access Protocol SG*








*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com
<blueroofmusic@gmail.com>(permanent) PO Box 221  Grand Marais, MI 49839
906-494-2434*


On Tue, Dec 7, 2021 at 4:12 PM Carsten Bormann <cabo@tzi.org> wrote:

> Hi,
>
> In the last step (“AUTH48”) before a document like cddl-control becomes an
> RFC, the author(s) are supposed to do a full reread to capture any problems
> that remained hidden during the incremental development of the I-D.
>
> Normally, we find a few editorial problems (which we did; they since have
> been dealt with).
> This time, however, there is also a technical contradiction between an
> illustration (Figure 4) and the normative text that would need to be
> considered in making up the example in the illustration (
>
> Background: cddl-control deliberately allows byte string literals in
> places where text string literals would really make more sense.  The reason
> is that the content of these literals often is specification text (ABNF)
> with embedded newlines, which are much easier to write as byte strings
> (where embedded newlines are allowed in RFC 8610) than as text strings
> (which inherit the JSON syntax that requires replacing every newline with a
> linear \n, creating essentially unreadable source text).  This is
> demonstrated in Figure 2:
>
> >    c = "foo" .cat '
> >      bar
> >      baz
> >    '
> >    ; on a system where the newline is \n, is the same string as:
> >    b = "foo\n  bar\n  baz\n"
> >
> >        Figure 2: An Example of Concatenation of Text and Byte Strings
>
> So we handled that properly for .cat and .det, but it turns out we did not
> for .abnf and .abnfb themselves.  Here, bullet 1 (which mostly is about the
> target and its interpretation) in Section 3 tersely says:
>
> >    The controller string MUST be a text string.
>
> This is not only not what is implemented in the cddl tool (which accepts a
> byte string just fine), it is also directly contradicting Figure 4:
>
> >    oid = bytes .abnfb 'oid
> >    oid = 1*arc
> >    roid = *arc
> >    arc = [nlsb] %x00-7f
> >    nlsb = %x81-ff *%x80-ff
> >    '
> >
> >              Figure 4: Dedenting example: result of first .det
>
> To me, this is an oversight where we simply didn’t update that sentence to
> the more useful way of accepting byte strings just for their better syntax
> handling newlines.  So I am suggesting we change the sentence to:
>
> > The controller MUST be a string.  When a byte string, it MUST be valid
> UTF-8 and is interpreted as the text string that has the same sequence of
> bytes.
>
> … which I’m suggesting as a fix in the excerpt of the AUTH48 processing
> mail copied below.  I apologize for not seeing this earlier.
>
> Our AD Francesca brought to my attention that cbor@ietf.org is not copied
> on AUTH48 processing; I had forgotten that (other WGs do that copying
> habitually).  So I didn’t think to bring this up separately here, which I
> am now doing.
>
> You can find the text that will be published if we do make the last-minute
> change, at the end of the bullet:
>
> https://www.rfc-editor.org/authors/rfc9165.html#section-3-4.1
>
> (Note that this text is an RFC-to-be, not the final RFC, please don’t
> start citing it as an RFC before it has been published.)
>
> Does anybody in the CBOR WG see a technical problem coming up with making
> this last minute fix?  If you see a problem (with implementation or use of
> byte string literals not only in the controller arguments of .cat/.det, but
> also in those of .abnf/.abnfb), please speak up quickly; this is the last
> item standing in the way towards publishing this RFC.
>
> Grüße, Carsten
>
>
>
> > Begin forwarded message:
> >
> > From: Carsten Bormann <cabo@tzi.org>
> > Date: 2021-12-04 at 17:00:03 CET
> > To: <rfc-editor@rfc-editor.org>
> > Cc: cbor-ads@ietf.org, cbor-chairs@ietf.org, Christian Amsüss <
> christian@amsuess.com>, francesca.palombini@ericsson.com
> > Message-Id: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org>
> >
> […]
> > (0)
> > The last sentence in the first bullet in 3 says "The controller string
> MUST be a text string.”.
> > However, the previous section’s example in Figure 4 happens to use a
> byte string literal, and leniently allowing both kinds of strings is also
> what is implemented.
> > I believe loosening this up has the upside of simplifying cases such as
> in Figure 4, and no downside, so I would suggest:
> >
> > OLD:
> > The controller string MUST be a text string.
> > NEW:
> > The controller MUST be a string.  When a byte string, it MUST be valid
> UTF-8 and is interpreted as the text string that has the same sequence of
> bytes.
> […]
>
> _______________________________________________
> CBOR mailing list
> CBOR@ietf.org
> https://www.ietf.org/mailman/listinfo/cbor
>

v2.23.0 | Report a Bug | By Email