[Cbor] Re: CBOR Tooling breadth of use
"A.J. Stein" <ajstein.standards@gmail.com> Fri, 26 July 2024 01:22 UTC
Return-Path: <ajstein.standards@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21F44C1CAE6E for <cbor@ietfa.amsl.com>; Thu, 25 Jul 2024 18:22:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEpnxWH8lnwq for <cbor@ietfa.amsl.com>; Thu, 25 Jul 2024 18:22:42 -0700 (PDT)
Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35A4AC151087 for <cbor@ietf.org>; Thu, 25 Jul 2024 18:22:42 -0700 (PDT)
Received: by mail-io1-xd43.google.com with SMTP id ca18e2360f4ac-819c1f53617so28408739f.2 for <cbor@ietf.org>; Thu, 25 Jul 2024 18:22:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721956961; x=1722561761; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vFn7F43H3w3SBRkqEfyWcLK9DdNjyRI4f1j2po1W+Ck=; b=BQRBwl+VxtV5EZ2GES2VFz7vqp8r0gJK18zXzSemUD8wXf+UMD/ohO3irQB7Ah/Viz vnCpKH3wBWoClEWPFY7vW4DVX7hn1HWQ/FMuEbejZSCtbfQXrqdiyU95Fet1ifmXUwLJ 4zX++RCMd+FJU58up+YMaqDt61VRx4BQ0dmwXzmQt0wXw+VKRDUyPWnMVnZKKokkVkgB Y+hcvQlZuWj7TMiPqTSuyVkKwMUMht1nzKsN2pTOwWiIo/l0szRhInLPeQShcX15UWwb ARBIUNGS/oD5oEpHfa5DZnhylUIKduOt1VWRSMlinjC4yIhOAg3TszevwwFYllCqNSW2 h6Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721956961; x=1722561761; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vFn7F43H3w3SBRkqEfyWcLK9DdNjyRI4f1j2po1W+Ck=; b=KzCUHCeTfALjWxbShR6XPdt3uZLrdjpdFe9REI7CRxyr3ANrSucm3cQxn6hYPvPeR9 vBVYYyoMrYv3du0R1r16j6UjMRROBe7r6c0j3JsHHSxeNufd+XiW0q7gqCy3pDNViTG5 76H6xnmo0gJK56/L63zvYxEMlEGZJivr6NSRthvwKgvNzEtocfMA7WPMutiB2st004Ec gCux0Iy6dr2NMBl76+4Fltx32N3urYQKP/oKzHducc2qTArE8lkDqJ5l/BrxCM9McZgL p36l1+hPgei3bPkyxg9UXYmRaoocrxKo17UFOA9TzKKSVoEYVE5lZioh70TeaXeAEVMm 8FBg==
X-Gm-Message-State: AOJu0YzDnhB4XE5gDrWS2gftAEM/afb6ESgiaGPKNx5EUCSbpDd8wIwe n7rV9D/kVQQ0Gt3xpR5kw4wx3zWhzOD4Sfk/4aVwqjol/8q45VbQrbwoDo+xR+2/PeKAi+ncsq7 Jlw3f7OpQ5o5HH+eRxH6bShMNzEI=
X-Google-Smtp-Source: AGHT+IGRLukEkheRIkZfOsWJp2pvA5YvOwbYu4JZRAW4z7yrTGNlz18yptANkTgRropQZUD+Hhbg8tXsTAbYd7J3IuQ=
X-Received: by 2002:a05:6602:3423:b0:7fa:8178:d672 with SMTP id ca18e2360f4ac-81f7bcf7a52mr709464439f.4.1721956961071; Thu, 25 Jul 2024 18:22:41 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR17MB433422441779AB52D3B3194ED2AB2@SJ0PR17MB4334.namprd17.prod.outlook.com> <CAMvBLPL_jKRunWX6U5x64rEO+oEXTwOxQ3vZ6dnj2=VKcKqofQ@mail.gmail.com> <SJ0PR17MB433430BB2B216B34A8F87E8DD2B42@SJ0PR17MB4334.namprd17.prod.outlook.com>
In-Reply-To: <SJ0PR17MB433430BB2B216B34A8F87E8DD2B42@SJ0PR17MB4334.namprd17.prod.outlook.com>
From: "A.J. Stein" <ajstein.standards@gmail.com>
Date: Thu, 25 Jul 2024 21:22:30 -0400
Message-ID: <CAMvBLP+aVg4pgAfY1TQ=qyjxkEVxgf5peDe7ZafeiFLcuCbWmQ@mail.gmail.com>
To: Steve Lasker <StevenLasker@hotmail.com>
Content-Type: multipart/alternative; boundary="000000000000fbbdfd061e1c5829"
Message-ID-Hash: M7IRXPYE7DQQ5KAV6R2IXTGLV22R7CT6
X-Message-ID-Hash: M7IRXPYE7DQQ5KAV6R2IXTGLV22R7CT6
X-MailFrom: ajstein.standards@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cbor@ietf.org" <cbor@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Cbor] Re: CBOR Tooling breadth of use
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/tbOjE4Zv7LPwjfUAoxQY1Zca11A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>
On Thu, Jul 25, 2024 at 9:03 PM Steve Lasker <StevenLasker@hotmail.com> wrote: > A.J. – yes, round tripping a serialization format is “easy”-ish. There are > many aspects that go beyond. Auto-complete, validation, are the generic > ones. Pulling in public and private CBOR registries are another specific to > CBOR. > Let me more clear: alternative serialization formats are easier to use. Markup language or not, there are very popular classes of vulnerability around serializing and deserializing them because it allows developers, we are all human after all (me included) to make shortcuts. Beyond vulnerabilities, they support dangerous ambiguities that I, personally, find incredibly risky where whitespace alignment and weird gotchas can be find into a complex processor and bring down whole systems by accident. Ask me how I know! (Sarcasm aside, I have been bitten by these issues in doing DevOps work and why I am very worried of approving code changes with configuration management tools that use YAML without distraction and not quickly approving in less than sixty seconds). https://en.wikipedia.org/wiki/YAML#Criticism > I'll throw my hat in helping scope, build, document, evangelize CBOR and > COSE tooling > > Without spamming this WG further, If anyone on this mailing group would > like to contribute, please let me know and I'd be happy to help facilitate. > And I wasn't trying to be overly flippant. I think it is good to discuss this here or anywhere else, but when working on an emerging technology (it seems CBOR per RFC 7049 is 11 years old? wow) this issue is always presented to me or the "early" adopters group. On this list or elsewhere, it would be nice to know what problems those critics have and how that is helped at a finer granularity than "where is the tooling I can get with X or Y?" Believe me, I am not dismissing you with these replies, this thread is the third or maybe fourth iteration of this theme for me in different technologies in the last three years (this is the first time in IETF and not elsewhere). Starting with specific pain points and building an ecosystem around the system is hard, but details matter. I am more than happy to engage on this list or elsewhere, let me/us/list know?
- [Cbor] CBOR Tooling breadth of use Steve Lasker
- [Cbor] Re: CBOR Tooling breadth of use A.J. Stein
- [Cbor] Re: CBOR Tooling breadth of use Carsten Bormann
- [Cbor] Re: CBOR Tooling breadth of use A.J. Stein
- [Cbor] Re: CBOR Tooling breadth of use Steve Lasker