IETF Logo Mail Archive

Re: [Cbor] OID representation (was: Re: Robert Wilton's Discuss on draft-ietf-cbor-tags-oid-06: (with DISCUSS and COMMENT))

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 20 April 2021 12:56 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C0C3A2195 for <cbor@ietfa.amsl.com>; Tue, 20 Apr 2021 05:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OYOql1rBR1W5 for <cbor@ietfa.amsl.com>; Tue, 20 Apr 2021 05:56:30 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60048.outbound.protection.outlook.com [40.107.6.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3F5D3A2193 for <cbor@ietf.org>; Tue, 20 Apr 2021 05:56:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MTI4vNeLjxOz3zkG0TuPyDl+Vd1OfqGSLEtCXI8ED6PfU2+NMwxI0YjFN4Ew/NkCGe6A2w21VUCPjg9Axmlg39500WWIB1elY6NRi+Ig+GIpKgNeBI6bnlVR5NHTVDl2iTF6Xn78xT2FN30Orim2O43yS7rC3m0dr/a/WEeSDGraIFH9XiP8vL0ayldMHJixwfdcWXeol/2Q1PGejI4CRwgC/4Y/OpQlN1p2hAwWtQUXhdLwddNraVTseZcik83k0EW8jmGV9HNOX+c3RvZo2lfZpgcUsZ6mZPvzjfyRNZfDnQ6wbn3HDi6+9L3SVlTlgaaxzkxAWGoP4ws/gDHkjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5u7SIBxoR0SQ7qQEB7G6+O88ad9EwDlDWPXPwhPJxtU=; b=bTODzhrQ7sZmCiz1jBbOzsRgBzGELeKUrCDwNUROyhKNH6Uek5TzX7tOYfkKGG28x8SZ3WyRGt610RWnm47bJIsXpWr5aSXmiCShdy/yiJEmn9Z4JYdRBx3yHQK+chBey+4VHnvNmtsxxHez0Qrf9xY8LuWanR9vkk5Oz0BHmdk70jwmG2OENpWJl+3jymz+1WGcI938WHu6o5HSfug0bhosXdyqp2gV11HlFKEHWlU05V6zBRqpGf+TRXyrNS9Xq258SvVug/aeE8Mz5FrkjDygr2pDQfVsheb/7DSiYts2Wfh6uwhfPG1e4fQ54FOYmPDGO14RHyVvdt61aiEWXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5u7SIBxoR0SQ7qQEB7G6+O88ad9EwDlDWPXPwhPJxtU=; b=Utz/E2FG0HtQSjEJh3TTYgh1RenDdjY0CFg+epGmkctgeXGWwwuTPaDuHiJG5kt/vYmw4jG8Qj8CghuWdDFiSstFFv/49nHAFurZyTtpvhxcBt+ZRAj6ChxPwONQFWUym0F4S6S1k5MtdGO/BVWXTJ03Muuxc1iKmgVEH6HLG4U=
Received: from DB6PR07MB4213.eurprd07.prod.outlook.com (2603:10a6:6:49::32) by DBAPR07MB6885.eurprd07.prod.outlook.com (2603:10a6:10:198::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6; Tue, 20 Apr 2021 12:56:26 +0000
Received: from DB6PR07MB4213.eurprd07.prod.outlook.com ([fe80::915f:ef9a:3028:5a63]) by DB6PR07MB4213.eurprd07.prod.outlook.com ([fe80::915f:ef9a:3028:5a63%3]) with mapi id 15.20.4065.019; Tue, 20 Apr 2021 12:56:25 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>, "cbor@ietf.org" <cbor@ietf.org>
Thread-Topic: [Cbor] OID representation (was: Re: Robert Wilton's Discuss on draft-ietf-cbor-tags-oid-06: (with DISCUSS and COMMENT))
Thread-Index: AQHXLK+zN/eW/KIUt0uDrkx0R09iTKq9kUuA
Date: Tue, 20 Apr 2021 12:56:25 +0000
Message-ID: <38A1215C-6CE1-45B5-9880-38FF8EA3DC60@ericsson.com>
References: <161788356811.31539.2139615008210880278@ietfa.amsl.com> <74E0F02D-1AAB-444B-ABCA-82EACEF27B5F@tzi.org>
In-Reply-To: <74E0F02D-1AAB-444B-ABCA-82EACEF27B5F@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:1ba8:147a:eb00:2c0c:2164:d067:901e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 93419b50-aa47-4725-e84f-08d903fbb518
x-ms-traffictypediagnostic: DBAPR07MB6885:
x-microsoft-antispam-prvs: <DBAPR07MB68850AE6A064DE25EDDC438698489@DBAPR07MB6885.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IVeZeYA+wZnVvyeDBPezIRec1fPnYrBv9ql1aCzErp/sF9o0W8vhkZj4urxsTWGAFxnE35CxIga6C3hmm7U9K7NSawiw/tzl+w2WK7aeyuu7DZiwfQ3OgIhAXpu9WkubXRb0R9miwa2XA7UIH/L+wbzWQ305jh0m6KQNZtUMFhE/l2r5EW8F3InjPLSw9MTwIBy3wj9nUFYKETn0+2+VV9CTcPgnlHy1Y4NIGFe+e3GL+T7baW2vhSkCJNAvx7tB5iZKj8s9Vg/6+3efwtSCoFLVn/i8IAB4znuk27pg/M0qXbCsRbcCJ1A8DgUzXHQRwec8JGfNiAeU6l5TdVTvIT/ZtCYnDAP84kgH8T7thm7pfzR2UHrAlJk1HzBWTKwXiGn7jw7tTna2PN8hbq81vx3teEtm7GdM3z0LM1FcBE4LfRdeUV1jvphi+nas/EEqbQdkiw4hlyZhj+RlQUXogJZVnzNh0eC/Fr18BbNp3AP3qQAVMSaAsZFhPNf7UAeVNSCCUDdbc41rDQZZ6BlcVxOYnNJ+UYp6ReqFwP7kKItOV+Fa6BEqO0xeYutxcosrkiAn/77n/6f+OFzUn+5Ylok8xR0Bm+1v12iWD+zD8NKouef2qcBYZPS5MbXqlQrlxaMvE9R06xDXM8zELWmS/qqligrWDV8//ONAajRv0mLvGkQhv9oR0kr2Mw+/ZU7+rAaFN4OuEWZgQIILmKsD5NklSl4oEUwCxh3wUF1lhh8uJsjsP3UBF6TjO2uSKtba
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR07MB4213.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(366004)(346002)(396003)(39860400002)(6486002)(6506007)(966005)(186003)(110136005)(86362001)(316002)(2906002)(66476007)(6512007)(64756008)(66556008)(5660300002)(66946007)(66446008)(91956017)(8936002)(76116006)(33656002)(8676002)(478600001)(2616005)(38100700002)(83380400001)(71200400001)(44832011)(122000001)(36756003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: GGiChO5lw8etnSZvR5OT3qQVq1cP/tDl5lzN+plkWF71nuN3re5l2hNfJRUz2d0alqdxoTxiIt1D4GfgVHauVuxuCFQpf0zwubyc83OIT7qPI06ee1z+6f5GylT1PQwrDrsr0gXAGrlM8vVi6FvOkmx/db0q7KpJ2VMAn+UpeYVw7T7DbFNv80JFwkxNxeDVu4yoV0tEZ4qI/E3F9cWjRQ17iQYQAhG//rBE7U9w/pLiNvpCmXlzXslds4h22cdOiXzA+C9DqvmnSC3GrORLPunxNKyPHZOvLswfZlEIf7oWh2OYIPOmMMFqh0IKK80h9fFdAmGYrFsjU5DCk+YVDh3im5bN7SdtZVpCQHRIvqSfGJ6pJQgJ/p7OsxV50Q6t8Zaeeg2C5JtRLzMwwXCYkjMv+6gZITNHcJw9X5c7tGNwEuexn7zdzWdBnXpA4nCErB4PUgGHMyV8cMvwdmRoKszIPscw2fbBVzB35PkMDIHcPNAyyecOBAAElTXYP1rOR6GBNq3x7MDZxmkxHZQcZ3aaETWRM8YopNxXSC/RbHxGe2Gj39a6QP5N+NWI0gxXyokBd32dR7w3BEoL2Q/ZbOijjLHS4SujPXuGwBGc+yEisVkFrQ5pL3vhCvZ9+QJuNXYd6XEYL6pFY5YRnpzoePiOjKBjddKx8Vs5PGzW7DF56O7SbJPuXxQXIkNFgXb9PNAP4kFI07BMZWxAHhoWOEMPurSgIVE7zLw3D5c4rxEZPPYvPZOMijCTs7mGo6nPuEcA0qGHjnNy4A9Tkjzt/yZNO9eU46TeNRJnFu9Ks9Ex7BPtWaOOvXBFBrlnX51ws0YHX/ITbH3s4B30XNXq3dj3cRmlSwjMbTqdWKeo4sBDm+hzGSw8XhlEliESFPIqkRKx8atST9FdWLcm7idxcgdI11pPrOd6qQoSYO1eugjeSZY1JhPZ7vikflHcWI5sddI6eI7QwTn50cozLocYrR47efaS+9BBbX8lpcjbwlDEB8/qQkTdUl9RVWRNkDfM6i9QBpTAKrcg0tg5TFAW91J97NDmQGIhR/zjNv6+Lmgao4b/tcK4tEqVvxy8kvQdP4obL36HwnHreKCTRFtcmpDdtuLLisTuDCrXRygmxhYLgGBCJhweSn6K2gaKubia9xduiJnp6HWvPfy5zRUz9yu9brFYPiesApK+5bwNgh/Z541HuCPaHpfI75oe19wh0JBJgnOs7biAO2ythvO1n5IVA0yq9pbZz3EdRolLJAJBdQp8KzwYLNYPVHEYu3JRLWlDdKBlkHFk2Quw4CE16XnJZ1bHDFvyq5fGcOeOvGSRKquokNFFYy9N2pdK1eyC0EyM63N0xhWl57ts6TXMp7Zwc0oqgYA/6mH8sV14cDQdIM0tiYDLlrdA+UCjcKrzqQMeoL4Qn0yIen2yA5j7lw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <B2F8E171B1CD3E4787131D81D3CB7E05@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR07MB4213.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 93419b50-aa47-4725-e84f-08d903fbb518
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2021 12:56:25.8809 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GXU1qK1FisKgZfWtZ1Wlk6QT25pBwWfM078+WMZAQhvrG7b1BGVlIvi6FAmFDEsivC+TE488zh1lP+dnzSks3LZbFlk7Bd4VkpepgvmMOVJMur5MrxiA6+wJtV65A+/w
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6885
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/uUW8GQdbApQD3Ruu9HD7ypwgv18>
Subject: Re: [Cbor] OID representation (was: Re: Robert Wilton's Discuss on draft-ietf-cbor-tags-oid-06: (with DISCUSS and COMMENT))
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 12:56:35 -0000

Hi all,

Any opinions on this? Chairs, it might be good to add this to the agenda tomorrow.

Thanks,
Francesca

On 08/04/2021, 21:45, "CBOR on behalf of Carsten Bormann" <cbor-bounces@ietf.org on behalf of cabo@tzi.org> wrote:

    CBOR WG,

    in the IESG processing of draft-ietf-cbor-tags-oid, Rob Wilton raises some questions that I think the WG needs to consider before we reply.

    I’ll include some excerpts from Rob’s message and try to translate this into questions to the WG.

    ## Question that needs to be decided by WG

    > I would like to please see some more clarity or guidance about when TAG TBD112
    > should be used, given that there are two possible encodings of absolute OIDs
    > below "1.3.6.1.4.1".
    > 
    > Specifically, the questions that I have, that probably need to be clarified are:
    > - is a CBOR encoder allowed to optimize a TBD110 tag into a TBD112 tag?
    > - Should CBOR decoder clients always expect to be able to handle both TBD110
    > and TBD112 tags? - Or, it the decision over whether to use TBD110 or TBD112
    > down to the application and the application needs to agree which is use.

    This is indeed a good question (about TBD111 vs. TBD112, actually).
    This can be seen as related to issues about preferred representations, or about minimizing interoperability problems by nailing down exactly one allowed representation.

    So what we could propose as a WG is:

    (1) Not establishing any stronger connection between TBD111 and TBD112, i.e. status quo.
    (2) Declaring TBD112 as the preferred encoding of an absolute OID that starts with 1.3.6.1.4.1 (0x2b06010401), but still allowing the use of TBD111 as non-preferred.   This would mean a requirement on decoders implementing TBD111 to also implement TBD112.
    (3) Outlawing any TBD111 starting with (0x2b06010401) and requiring the use of TBD112 in all such cases.  This would mean a requirement on both encoders and decoders.  It would also mean a slight complication in tag factoring: replace all naked byte strings that start with h’2b06010401’ by TBD112(rest) (saving three bytes), unless *all* such byte strings start with h’2b06010401’, in which case these prefixes would all be removed and an outer tag of TBD112 used.

    (2a) would be (2) with a deterministic encoding requirement to use the shortest form (i.e., (3) in deterministic encoding only).

    ## Other responses, to be vetted by the WG

    > I found this document to be interesting because I knew from the title that it
    > was going to only be 4 pages long and say that OIDs are obviously encoded as a
    > tagged array, hence I was surprised to see that was not the solution and it
    > uses BER encoded OIDs instead.
    > 
    > The document explains, and I think that I understand why this has been done,
    > but I question whether the title of the document and name of the tags is right.
    > Is it really a CBOR representation of OIDs, or is it actually a CBOR
    > representation of BER encoded OIDs?  

    The first, using the technical approach named in the second.

    > I.e., it is plausible that there would
    > ever be a requirement for non BER encoded OIDs.  E.g., I'm not an ASN.1 expert,
    > but say if somewhat wanted to do a CBOR encoding of ASN.1, then it is not
    > obvious to me that they would use a BER encoding for OIDs.  

    One example for a CBOR encoding of something that previously has been encoded in ASN.1 is draft-mattsson-cose-cbor-cert-compress, which normatively references the tags-oid spec.  The certificate spec actually goes ahead and registers translation tables between likely OIDs and small integers.  But if the full range of OIDs is needed, the byte string derived from the BER content indeed is the representation chosen.  (As the C509 certificates are schema-driven, they do not need the actual tags defined here.)

    > Hence the
    > suggestion is to make the title, abstract, and name of the tags clear that it
    > is about the CBOR encoding or BER encoded OIDs.

    The specification proposes to use BER in a number of tags for binary encoding of OIDs.
    The BERness is not a feature that the OIDs already need to have before these tags apply.
    So a title "CBOR encoding of BER encoded OIDs” (which is what I think Rob wanted to say) would be a restriction beyond what this spec is about.

    ## Answers that probably don’t need WG input

    > In the introduction:
    >   Since the semantics of absolute and relative object identifiers
    >   differ, this specification defines two tags, collectively called the
    >   "OID tags" here:
    > 
    > I presume that this should be three tags?

    (Fixed by Ben’s PR, https://protect2.fireeye.com/v1/url?k=ba6fc850-e5f4f150-ba6f88cb-86fc6812c361-13a7df472860fde1&q=1&e=0e7a159f-e848-4868-ba83-77bd15bd7109&u=https%3A%2F%2Fgithub.com%2Fcbor-wg%2Fcbor-oid%2Fpull%2F9 .)

    > In section 4.1.  Tag Factoring Example: X.500 Distinguished Name:
    > 
    > The diagram uses a mix of single letters (e.g. c for country), and a full name
    > "street".  Is this how the X.500 attributes are defined?  

    This uses the naming defined e.g. in RFC 4519, section 2.2 and section 2.34, which has been derived from X.520 and is quite ubiquitous, going back to Table 1 of RFC 1779.

    >    The country and street RDNs are single-valued. The second and fourth RDNs
    >    are multi-valued.
    > 
    > Perhaps:  "The country (first) and street (third) RDNs are single-valued. The
    > second and fourth RDNs are multi-valued."

    Now in https://protect2.fireeye.com/v1/url?k=068b030f-59103a0f-068b4394-86fc6812c361-0b9af94b8776f5cf&q=1&e=0e7a159f-e848-4868-ba83-77bd15bd7109&u=https%3A%2F%2Fgithub.com%2Fcbor-wg%2Fcbor-oid%2Fcommit%2F3d0fd8b .

    >    h'550407': "Los Angeles", h'550408': "CA",
    > 
    > I think that the example would be more clear by splitting the city and county
    > onto separate lines.

    Now in https://protect2.fireeye.com/v1/url?k=1256d235-4dcdeb35-125692ae-86fc6812c361-c69fb84326c526c2&q=1&e=0e7a159f-e848-4868-ba83-77bd15bd7109&u=https%3A%2F%2Fgithub.com%2Fcbor-wg%2Fcbor-oid%2Fcommit%2F3d0fd8b .

    > Finally, the document contains these two sentences that seem to somewhat
    > conflict with each other:
    > 
    > "While these sequences can easily be represented in CBOR arrays of unsigned
    > integers, a more compact representation can often be achieved by adopting the
    > widely used representation of object identifiers defined in BER; this
    > representation may also be more amenable to processing by other software that
    > makes use of object identifiers."
    > 
    > compared to:
    > 
    > "Staying close to the way object identifiers are encoded in ASN.1 BER makes
    > back-and-forth translation easy; otherwise we would choose a more efficient
    > encoding."


    While the BER form is reasonably efficient, a more efficient representation of sequences of unsigned integers that roughly follow Zipf’s law in distribution has been described in  <https://mailarchive.ietf.org/arch/msg/cbor/9owRyOcXdsK7Ooc1S3D9-AImDdU>, which would for instance represent 1.3.6.1.4.1 as 0x136141 and does not need a special case to make absolute OIDs efficient.

    The WG instead decided to follow the existing BER representation because it is so widely implemented and is compatible with SDNVs, which are used in additional applications and often have good platform support (e.g., Ruby pack/unpack(“w*”)).
    For OID-style applications, BER content is often still more compact than a CBOR array of unsigned integers.

    Tagged (homogeneous) arrays of arcs don’t help as the OID arcs vary widely in their range; e.g., the common OID 1.2.840.113549.1.1.1 (*, 2+9 bytes in BER) would need to be an array of seven 32-bit integers (2tag+2head+28 bytes) instead of a basic CBOR array of unsigned integers of 14 bytes.

    In general, I don’t think we need to discuss an extensive set of alternative approaches (paths not taken) in this specification.

    Grüße, Carsten

    (*) {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) rsaEncryption(1)}

    _______________________________________________
    CBOR mailing list
    CBOR@ietf.org
    https://www.ietf.org/mailman/listinfo/cbor

v2.19.0 | Report a Bug | By Email