Re: [Cbor] Glitch in cddl-control AUTH48
Ira McDonald <blueroofmusic@gmail.com> Wed, 08 December 2021 15:48 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4BD3A0A85 for <cbor@ietfa.amsl.com>; Wed, 8 Dec 2021 07:48:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X-8NxwU7Sad for <cbor@ietfa.amsl.com>; Wed, 8 Dec 2021 07:48:32 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3F803A0A87 for <cbor@ietf.org>; Wed, 8 Dec 2021 07:48:31 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id o1so5470567uap.4 for <cbor@ietf.org>; Wed, 08 Dec 2021 07:48:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dQztJ6Cy4Jc4c0Cw9NcXNyUnki84Z8e2gIAe1dXSBGE=; b=k5WZyGrkNkzlgFgsZqdnkJaWF1x4bKp9vK7bxivgCeUh8xeBHayH2IgbKn7R3pwJ8M AQt3j96iGyfthEqdZTrn9w//CmOG658sOPQ/9+nqSDtZnuK9yts7mrCYdzpnMzStKwOo B+0RanCCB7fqzyyeI4f/bQiAdU1ChDR/ToHpY+WPwR04O4209Lv8nFq05yzEipH3JHzi KDAlBPxvGSNNOlufqU8GfTQyTurZTLAaNZRPLWytj+ir6W9vTY5KAHFGo5lcpEOShTeK uOtsIkfInqsqAUMn9QWQ/4abzgi2sW4CmmYOd90r/ddhWM7lm6ElByvH/zNE/AHU1cFC jGZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dQztJ6Cy4Jc4c0Cw9NcXNyUnki84Z8e2gIAe1dXSBGE=; b=uuIaokgqjGjJNsb6frMwQsSSFnomCCK42r1G8f6wAZsbZWO1cUo26b9Vc5M5DNUc7r esT4XVt1hWe/oDz8eX3u/6dc7Py8E6WNpRPNkhUxpph+4DcQh+ldItBazCGxqoGtHC/X /skeD2a4SKtwpiV6qdgaolJVA46GcQ248WwxlmOye/pcScrkbnOobxuRoBB840GDjPB4 udzSXa0icVOqMwAAB8MORzkSZAdMToSl0O64YzTN8h/qcRRIxhetKsvvxvjZSrKaCj7t KQ7pRPyBTdj0CMpWisnZyU448GdmsQ6peLXjVc1j0VUreu0mitz95zTafuYhuWmgnhr/ 2BfQ==
X-Gm-Message-State: AOAM531ETGvvbVpGYx/gQmRbZ06UAU2JDQwbm6Yq7agwdAy+tp2mHMHC Z8/AT1UY7EQOQmBV9SIMVpy+bkkwYv71IF1AUoo=
X-Google-Smtp-Source: ABdhPJxiwc9Uo/u4pqMgAr7A29mwSCVmjE65WVorJ7GqJEY+nrILkfen2RJ0f7Y+SrZ2z/yWEEolx2DjEnMFJs8cGA0=
X-Received: by 2002:a67:31d1:: with SMTP id x200mr51891125vsx.76.1638978509660; Wed, 08 Dec 2021 07:48:29 -0800 (PST)
MIME-Version: 1.0
References: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org> <BD71DE08-ABB4-445E-9215-AB8144F5A087@tzi.org>
In-Reply-To: <BD71DE08-ABB4-445E-9215-AB8144F5A087@tzi.org>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Wed, 08 Dec 2021 10:48:10 -0500
Message-ID: <CAN40gSurfgK8FCeiTO8=U3Nee36SUhAcBseAgCnqNfBj2H0+wA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>, Ira McDonald <blueroofmusic@gmail.com>
Cc: cbor@ietf.org
Content-Type: multipart/alternative; boundary="000000000000dce6a905d2a46b50"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/pnz0ruumw08UuOOd9ocg2UTdB-o>
Subject: Re: [Cbor] Glitch in cddl-control AUTH48
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 15:48:37 -0000
Hi Carsten, +1 to correcting the oversight as you proposae, even in AUTH-48. Cheers, - Ira *Ira McDonald (Musician / Software Architect)* *Chair - SAE Trust Anchors and Authentication TF* *Co-Chair - TCG Trusted Mobility Solutions WG* *Co-Chair - TCG Metadata Access Protocol SG* *Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic <http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc <http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com <blueroofmusic@gmail.com>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434* On Tue, Dec 7, 2021 at 4:12 PM Carsten Bormann <cabo@tzi.org> wrote: > Hi, > > In the last step (“AUTH48”) before a document like cddl-control becomes an > RFC, the author(s) are supposed to do a full reread to capture any problems > that remained hidden during the incremental development of the I-D. > > Normally, we find a few editorial problems (which we did; they since have > been dealt with). > This time, however, there is also a technical contradiction between an > illustration (Figure 4) and the normative text that would need to be > considered in making up the example in the illustration ( > > Background: cddl-control deliberately allows byte string literals in > places where text string literals would really make more sense. The reason > is that the content of these literals often is specification text (ABNF) > with embedded newlines, which are much easier to write as byte strings > (where embedded newlines are allowed in RFC 8610) than as text strings > (which inherit the JSON syntax that requires replacing every newline with a > linear \n, creating essentially unreadable source text). This is > demonstrated in Figure 2: > > > c = "foo" .cat ' > > bar > > baz > > ' > > ; on a system where the newline is \n, is the same string as: > > b = "foo\n bar\n baz\n" > > > > Figure 2: An Example of Concatenation of Text and Byte Strings > > So we handled that properly for .cat and .det, but it turns out we did not > for .abnf and .abnfb themselves. Here, bullet 1 (which mostly is about the > target and its interpretation) in Section 3 tersely says: > > > The controller string MUST be a text string. > > This is not only not what is implemented in the cddl tool (which accepts a > byte string just fine), it is also directly contradicting Figure 4: > > > oid = bytes .abnfb 'oid > > oid = 1*arc > > roid = *arc > > arc = [nlsb] %x00-7f > > nlsb = %x81-ff *%x80-ff > > ' > > > > Figure 4: Dedenting example: result of first .det > > To me, this is an oversight where we simply didn’t update that sentence to > the more useful way of accepting byte strings just for their better syntax > handling newlines. So I am suggesting we change the sentence to: > > > The controller MUST be a string. When a byte string, it MUST be valid > UTF-8 and is interpreted as the text string that has the same sequence of > bytes. > > … which I’m suggesting as a fix in the excerpt of the AUTH48 processing > mail copied below. I apologize for not seeing this earlier. > > Our AD Francesca brought to my attention that cbor@ietf.org is not copied > on AUTH48 processing; I had forgotten that (other WGs do that copying > habitually). So I didn’t think to bring this up separately here, which I > am now doing. > > You can find the text that will be published if we do make the last-minute > change, at the end of the bullet: > > https://www.rfc-editor.org/authors/rfc9165.html#section-3-4.1 > > (Note that this text is an RFC-to-be, not the final RFC, please don’t > start citing it as an RFC before it has been published.) > > Does anybody in the CBOR WG see a technical problem coming up with making > this last minute fix? If you see a problem (with implementation or use of > byte string literals not only in the controller arguments of .cat/.det, but > also in those of .abnf/.abnfb), please speak up quickly; this is the last > item standing in the way towards publishing this RFC. > > Grüße, Carsten > > > > > Begin forwarded message: > > > > From: Carsten Bormann <cabo@tzi.org> > > Date: 2021-12-04 at 17:00:03 CET > > To: <rfc-editor@rfc-editor.org> > > Cc: cbor-ads@ietf.org, cbor-chairs@ietf.org, Christian Amsüss < > christian@amsuess.com>, francesca.palombini@ericsson.com > > Message-Id: <077EDC59-74CE-42B4-B651-BA8846719CD9@tzi.org> > > > […] > > (0) > > The last sentence in the first bullet in 3 says "The controller string > MUST be a text string.”. > > However, the previous section’s example in Figure 4 happens to use a > byte string literal, and leniently allowing both kinds of strings is also > what is implemented. > > I believe loosening this up has the upside of simplifying cases such as > in Figure 4, and no downside, so I would suggest: > > > > OLD: > > The controller string MUST be a text string. > > NEW: > > The controller MUST be a string. When a byte string, it MUST be valid > UTF-8 and is interpreted as the text string that has the same sequence of > bytes. > […] > > _______________________________________________ > CBOR mailing list > CBOR@ietf.org > https://www.ietf.org/mailman/listinfo/cbor >
- [Cbor] Glitch in cddl-control AUTH48 Carsten Bormann
- Re: [Cbor] Glitch in cddl-control AUTH48 Ira McDonald
- Re: [Cbor] Glitch in cddl-control AUTH48 Barry Leiba
- Re: [Cbor] Glitch in cddl-control AUTH48 Barry Leiba