Re: [Cbor] 7049bis: The concept of "optional tagging" is not really used in practice #126

Carsten Bormann <cabo@tzi.org> Mon, 04 November 2019 00:03 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E9FA12004F for <cbor@ietfa.amsl.com>; Sun, 3 Nov 2019 16:03:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AyDxVNaaB1kv for <cbor@ietfa.amsl.com>; Sun, 3 Nov 2019 16:03:13 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDD0A12003E for <cbor@ietf.org>; Sun, 3 Nov 2019 16:03:12 -0800 (PST)
Received: from [192.168.217.102] (p548DC893.dip0.t-ipconnect.de [84.141.200.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 475tKm60dXzySF; Mon, 4 Nov 2019 01:03:08 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <87889E65-0152-455A-A6B7-C5F336DC97A4@island-resort.com>
Date: Mon, 4 Nov 2019 01:03:10 +0100
Cc: Christophe Lohr <christophe.lohr@imt-atlantique.fr>, cbor@ietf.org
X-Mao-Original-Outgoing-Id: 594518588.141502-c7ea9df27385886642688ba33870ba98
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8CCD1C9-268B-4B78-9FDD-DF2E5E2A96B5@tzi.org>
References: <92400DAA-A713-4905-A721-34B138E25192@tzi.org> <ed45e995-1858-3169-1be6-0cce5ce37ce3@imt-atlantique.fr> <87889E65-0152-455A-A6B7-C5F336DC97A4@island-resort.com>
To: Laurence Lundblade <lgl@island-resort.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/sw33XM4pvIG_9Nf_LmCj_C8HvZQ>
Subject: Re: [Cbor] 7049bis: The concept of "optional tagging" is not really used in practice #126
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 00:03:16 -0000

On Nov 3, 2019, at 17:45, Laurence Lundblade <lgl@island-resort.com>; wrote:
> 
> It seems like CBOR and JSON say “no schema’” to distance from the horror of XML schemas, but in reality CDDL and prose protocol specs are schemas in spirit.

One of the innovations of XML with respect to SGML was that it allowed schemaless parsing (parsing without a DTD).  In practice, this was marred by having default values in the DTD, so you couldn’t quite use schemaless parsing with a lot of real-world data.  But it still was a major item of progress, and people who got the point started to shun adding defaults to DTDs.

Schemaless parsing means that you can develop a parser independent of the application.
This is a major boon when you consider the fact that it is quite easy to introduce bugs in parsers, and bugs in input parsers are a significant attack vector.
Application considerations don’t enter a schemaless parser, so you can use a hardened, debugged implementation for parsing.

Default value processing is an example of data transformation, from the parsed input to something that an application can use (and back!).  Adding information about more general forms of such a transformation to a data definition language is a major item of interest.  First of all, it needs a data model for what the application can use.  Doing only defaults processing as in a DTD-based XML parser is easy, because the application data model is a simplified version of the interchange data model.  Now if you add something like tag processing (or, more generally, conversions between platform data types and the conventions used for representing them in interchange), the abstractions can get more leaky.

Fortunately, none of this is needed for completing 7049bis.

Grüße, Carsten