[Cbor] Eric Rescorla's Discuss on draft-ietf-cbor-cddl-06: (with DISCUSS and COMMENT)

[Eric Rescorla <ekr@rtfm.com>]

Eric Rescorla has entered the following ballot position for
draft-ietf-cbor-cddl-06: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4234


I am marking this document discussed because I have concerns about
whether this document can be interoperably implemented. I have noted a
number of points below.

DETAIL
S 3.5.2.
>      point.)
>   
>   3.5.2.  Tables
>   
>      A table can be specified by defining a map with entries where the
>      keytype is not single-valued, e.g.:

this is the first use of the term single-valued, so I don't know how
to interpret this.

More generally: it seems like:

```
  square-roots = {x => y}
                             x = int
                             y = float
```

Defines a map and yet

```
  square-roots = {x => y}
                             y = float
```

Defines a struct. Is that correct? If so, does that mean that I don't
know whether something is a map or a struct until I ahve parsed the
whole definition?



S 3.5.3.
>                         mynumber = int / float
>   
>   3.5.3.  Non-deterministic order
>   
>      While the way arrays are matched is fully determined by the Parsing
>      Expression Grammar (PEG) algorithm, matching is more complicated for

PEG is an informative reference, and this text seems to create a
normative dependency.


S 3.6.
>                             * tstr => any
>                           }
>   
>   3.6.  Tags
>   
>      A type can make use of a CBOR tag (major type 6) by using the

What happens if I define a type twice? Is that permitted?


S 3.7.
>                               buuid = #6.37(bstr)
>   
>      In the following example, usage of the tag 32 for URIs is optional:
>   
>                           my_uri = #6.32(tstr) / tstr
>   

I am basically unable to make sense of this section. Your previous
example of tags used #7.25 but here you are specifying everything as
using 6.

It seems like the semantics here are something to the effect of:

 X = #6.Y(Z)

means: act as if this were a thing of type Z but it's tagged by Y.

Is that correct? But then is this about the wire encoding or the
interpretation or both? And in either case, what if what appears on
the wire has a different tag.




S 3.8.2.
>                           cwr: 15,
>                           ns: 0,
>                         ) / (4..7) ; data offset bits
>   
>                         rwxbits = uint .bits rwx
>                         rwx = &(r: 2, w: 1, x: 0)

What is the scope of the definition for r, w, and x? is it global.


S 3.9.
>               $$tcp-option //= (
>               sack-permitted: true
>               )
>   
>      Names that start with a single "$" are "type sockets", names with a
>      double "$$" are "group sockets".  It is not an error if there is no

what is the difference between these two?


S 7.3.
>      order of the rules given.  (It is not an error to extend a rule name
>      that has not yet been defined; this makes the right hand side the
>      first entry in the choice being created.)
>   
>      genericparm = "<" S id S *("," S id S ) ">"
>      genericarg = "<" S type1 S *("," S type1 S ) ">"

What is the meaning of  <a/b>


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

S 1.2.
>      capitals, as shown here.
>   
>   1.2.  Terminology
>   
>      New terms are introduced in _cursive_.  CDDL text in the running text
>      is in "typewriter".

I think you mean that these types of text will be indicated by being
bracketed by _ or ", but this isn't clear from this text. It's
especially not clear when you then quote byte and octet.


S 2.
>      There are a number of more or less atomic elements of a CBOR data
>      model, such as numbers, simple values (false, true, nil), text and
>      byte strings; CDDL does not focus on specifying their structure.
>      CDDL of course also allows adding a CBOR tag to a data item.
>   
>      The more important components of a data structure definition language

More important than what?


S 2.1.
>                                }
>   
>                    Figure 1: Using a group directly in a map
>   
>      The three entries of the group are written between the curly braces
>      that create the map: Here, "age", "name", and "employer" are the

This is kind of a confusing way to introduce this. Its seems like the
relevant point is that:

() makes a group
{()} or {} makes a map.

No?


S 2.1.
>                             }
>   
>                             dog = {
>                               identity,
>                               leash-length: float,
>                             }

So to be clear, this is a mixin, as in Go structs?


S 2.1.2.
>      only one big protocol data unit that has all definitions ad hoc where
>      needed.
>   
>   2.1.2.  Syntax
>   
>      The composition syntax intends to be concise and easy to read:

Syntax does not intend. perhasp you mean it is intended to be.


S 2.2.3.
>      tool when displaying integers that are taken from that choice).
>   
>   2.2.3.  Representation Types
>   
>      CDDL allows the specification of a data item type by referring to the
>      CBOR representation (major and minor numbers).  How this is used

RFC 7049 does not refer to "minor" numbers.


S 2.2.3.
>      in the prelude:
>   
>         my_breakfast = #6.55799(breakfast)   ; cbor-any is too general!
>         breakfast = cereal / porridge
>         cereal = #6.998(tstr)
>         porridge = #6.999([liquid, solid])

What is the parenthetical syntax here?


S 3.1.
>         according to the respective syntactic rules of that definition.
>   
>      o  A name can consist of any of the characters from the set {'A',
>         ..., 'Z', 'a', ..., 'z', '0', ..., '9', '_', '-', '@', '.', '$'},
>         starting with an alphabetic character (including '@', '_', '$')
>         and ending in one or a digit.

This seems to say that names end in a digit, but none of your name
examples do.


S 3.2.
>      An optional _occurrence_ indicator can be given in front of a group
>      entry.  It is either one of the characters '?' (optional), '*' (zero
>      or more), or '+' (one or more), or is of the form n*m, where n and m
>      are optional unsigned integers and n is the lower limit (default 0)
>      and m is the upper limit (default no limit) of occurrences.
>   

isn't bare * then just a degenerate case of n*m


S 3.5.1.
>      written with quoted strings in the member key positions.  More
>      generally, all the types defined can be used in a keytype position by
>      following them with a double arrow -- in particular, the double arrow
>      is necessary if a type is named by an identifier (which would be
>      interpreted as a string before a colon).  A string also is a (single-
>      valued) type, so another form for this example is:

I'm sorry, I'm not following this. Can you give an example of when you
have to use =>


S 3.10.
>         message<t, v> = {type: t, value: v}
>   
>      When using a generic rule, the formal parameters are bound to the
>      actual arguments supplied (also using angle brackets), within the
>      scope of the generic rule (as if there were a rule of the form
>      parameter = argument).

This looks more like a macro than a generic.


S 7.3.
>      definition with different member names); RFC 7071 could be read to
>      forbid the repetition of ext-value ("A specific reputon-element MUST
>      NOT appear more than once" is ambiguous.)
>   
>      The CDDL tool (which hasn't quite been trained for polite
>      conversation) says:

It seems like it might be a good idea to clean up the examples here so
they are in fact polite.


S 7.3.
>         "Thumbnail": {"Width": 1111, "Height": 176, "Url": 32("scrog")},
>         "IDs": []}}
>   
>   Appendix B.  ABNF grammar
>   
>      The following is a formal definition of the CDDL syntax in Augmented

It's pretty odd to have the formal specification -- which clearly is
needed to understand and implement this document -- in an appendix.


S 7.3.
>         CRLF = %x0A / %x0D.0A
>   
>                              Figure 14: CDDL ABNF
>   
>      Note that this ABNF does not attempt to reflect the detailed rules of
>      what can be in a prefixed byte string.

I am trusting others to have read the ABNF.


S 7.3.
>      for a group expression (production "grpent"), with the intention that
>      the semantics does not change when the name is replaced by its
>      (parenthesized if needed) definition.  Note that whether the name
>      defined by a rule stands for a type or a group isn't always
>      determined by syntax alone: e.g., "a = b" can make "a" a type if "b"
>      is one, or a group if "b" is one.  More subtly, in "a = (b)", "a" may

It would be clearer to say 'if "b" is a type' and 'if "b" is a group'


S 7.3.
>      type = type1 S *("/" S type1 S)
>   
>      A type can be given as a choice between one or more types.  The
>      choice matches a data item if the data item matches any one of the
>      types given in the choice.  The choice uses Parsing Expression
>      Grammar [PEG] semantics: The first choice that matches wins.  (As a

Is this the only information I need?


S 7.3.
>      control operators.
>   
>      group = grpchoice S *("//" S grpchoice S)
>   
>      A group matches any sequence of key/value pairs that matches any of
>      the choices given (again using Parsing Expression Grammar semantics).

This also seems not fully defined.