[Cellar] Re: draft-ietf-cellar-tags-19 ietf last call Artart review
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Tue, 21 October 2025 21:22 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: cellar@mail2.ietf.org
Delivered-To: cellar@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2CDD579DB588 for <cellar@mail2.ietf.org>; Tue, 21 Oct 2025 14:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJjjeUU6o14j for <cellar@mail2.ietf.org>; Tue, 21 Oct 2025 14:22:30 -0700 (PDT)
Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5BD6E79DB54B for <cellar@ietf.org>; Tue, 21 Oct 2025 14:22:30 -0700 (PDT)
Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-73b4e3d0756so68230107b3.3 for <cellar@ietf.org>; Tue, 21 Oct 2025 14:22:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761081744; x=1761686544; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zGKvBXMY9Ci7MpEuiwIq+VBN0lYyKKAdQzH4t7r3auA=; b=bY1J5fJCsW+A7PGcII1H8PEAftf8QhrPuo4Yy29cq04yh66Lr54Ho14P43e+k/E7lm nOLMp+b8J2okRP2oGNidgJvwEP7c74gZgEGyHWwtaHe5L0SRxqEwlGw1fHfK3EScImd8 7jiJ/KnV//kHoDYDX8eitYbf4DhlDqTLkZxJChGnscYTIHIY6H8iG/aLQV8C90T6He1T Bg/2AFd3FxBb39wwAH1WMfz2qN/Afj8Kt7EtmQFK8Z9Q051i4y6JHeDBpA+eVnC7yTl2 n6J2TnyfNTEHMuEh2xR9DqH5puZS1/ipJSSmyhRak8TkvwMBhGrWbZb2YGAt9GRVb6Rj HXAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761081744; x=1761686544; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zGKvBXMY9Ci7MpEuiwIq+VBN0lYyKKAdQzH4t7r3auA=; b=OHHnWpPhiXs8DpxUZj3gKxxidy56AFQd2lV/I2Jbqs/E7nS1OeKW51aFX+0cTzfBqj 7950ymDQa6YsJfKSzLhnvQJX00NDobdNrabTGcqjpeXoo6m31jJ70cAM1xa2Oe/zPi7l WQ+K15eDAnGril6djZ17rrNQKbYFrUwdjTgh7xG3nxMKnnZiLfoK22Je8x55vZZ2247b PLHhDxGvz0BbEHeXMixq919IAgx8fr+hOn27b4280YWTKMVwYFju3T4rEfWimQWPqpDp 1hKUj4hOGV0LfFvYOJanpTc8K9WwbeQsjDrkrqc1RfR0K43wHCSVdsqW8KgPWPR82rzh vbcA==
X-Forwarded-Encrypted: i=1; AJvYcCWU0F8sRJ3pNLF3fs9ZqcP8kIRLvvf9nXOq6X4e1uSiyntd3KXxXDql0W/3J4l3LpWILUGKRdk=@ietf.org
X-Gm-Message-State: AOJu0Ywrcrea2p1J3poC429x/yPaLKuc8MfzE2fijD06wC0rLwLjC96q zG1zyiMTrXxruBUX/OsD4cUOqGITz65/JJdxOpQXK4fNoucMdw+JcF/tX3yAy4XmL2i2O258eh2 bXJMS1BOQXhetRoH81FGv9w+E6SwrevL6UMBy
X-Gm-Gg: ASbGncv6N2SeoCXrFOHjvPil/MvzzvrXqm8+SaIFLlNYYcxsALL7ogxd8Quarjy+7IO SgAawokDhF2v/Ndzp/y8vHf6pTx5LD1QtwZ8SX1Z4u855upGre9VhYijwqhD7kpyVsAOsNiHqK4 q7FvW5LHk53kltCE3CcRJzC0k9VcpWpbDaEq861VVwcAZGEDYqNry97QkRUoB+w6saiETs7dRoU 1QrMpsXnFLvQ3585JBuR17QpHjE1uc8hOVag4/6+Frme5n/5ndy+BNYJ1YNDBgLPoLTh6jW53yC Skyhngo=
X-Google-Smtp-Source: AGHT+IFFqk+BRhjVe2C4o6FEAAHsv97OwzNyp/c+myW2YkJh709h0Wwy6VTkc9osY2INcbaZoCFLQucL67Dh6Gl6Zv8=
X-Received: by 2002:a05:690e:d5c:b0:63d:d8c1:4347 with SMTP id 956f58d0204a3-63e160e9854mr14261354d50.5.1761081744254; Tue, 21 Oct 2025 14:22:24 -0700 (PDT)
MIME-Version: 1.0
References: <176047489684.961409.12261770778965072425@dt-datatracker-84f8f646b-tg6mn> <7D0BD79F-91F7-4325-A2D5-F19496035A35@matroska.org>
In-Reply-To: <7D0BD79F-91F7-4325-A2D5-F19496035A35@matroska.org>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Tue, 21 Oct 2025 16:21:57 -0500
X-Gm-Features: AS18NWDnxzosmeu1opojwB1VtKD93jE1CFCTX13Na0SeYMh4k-Tu_oByaxQ_1PM
Message-ID: <CAKKJt-dJz3RaiLj0W+B-7hnv4+RiE2RTrLqffXcwtNPUU2BVMA@mail.gmail.com>
To: Steve Lhomme <slhomme@matroska.org>
Content-Type: multipart/alternative; boundary="000000000000c96c730641b1cb9a"
Message-ID-Hash: WOY2VB4TBI5BVK7BC6Q6NZYJSPMD4NET
X-Message-ID-Hash: WOY2VB4TBI5BVK7BC6Q6NZYJSPMD4NET
X-MailFrom: spencerdawkins.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cellar.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Sean Turner <sean+ietf@sn3rd.com>, art@ietf.org, cellar@ietf.org, draft-ietf-cellar-tags.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cellar] Re: draft-ietf-cellar-tags-19 ietf last call Artart review
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/4E1-1-YhhBgSVJkm7MuNa5w6GC0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Owner: <mailto:cellar-owner@ietf.org>
List-Post: <mailto:cellar@ietf.org>
List-Subscribe: <mailto:cellar-join@ietf.org>
List-Unsubscribe: <mailto:cellar-leave@ietf.org>
Hi, Sean, I have a couple of things that occurred to me on your as always excellent review. Please see below. Hi, Steve, I've approved all the PRs for the tags specification. I made a couple of suggestions, but I trust the authors to Do The Right Thing with them. If we hear back from Sean about my thoughts before November 1, we'll Do The Right Thing. If not, Sean and Robert are both registered for IETF 124 as onsite attendees, and they know each other by sight. đ On Sun, Oct 19, 2025 at 8:45âŻAM Steve Lhomme <slhomme@matroska.org> wrote: > Hi, > > On 14 Oct 2025, at 22:48, Sean Turner via Datatracker <noreply@ietf.org> > wrote: > > Document: draft-ietf-cellar-tags > Title: Matroska Media Container Tag Specifications > Reviewer: Sean Turner > Review result: Ready with Issues > > Hi! Here's my ARTART review: > > NOTE I did not validate the XML examples. > > 0) s3 (and elsewhere): Often we use example domain names, IP addresses, > etc. In > the example presented in s3 (and elsewhere), the I-D uses actual band, > person, > and track names. I assume that this is okay and we're not stepping into > some > kind of IPR issue with a litigious band member/manager/record company. > > > There is an example from Daft Punk and one from The Orb. The links > provided to illustrate the examples and give a usable reference are on > discogs.com which is like a Wikipedia for recorded music (with a way to > buy the things as well). All data are entered by users. I donât think there > was any problem about using a track listing with durations anywhere. Weâre > using âmetadataâ about the content which I donât think are copyrighted, > unlike the music or cover art that comes with it. > Sean, is it accurate (in your opinion) to say that the purpose of http://rfc-editor.org/rfc/rfc6761 Section 6.5 (if that's the right reference) is to prevent implementers from clobbering domain names that someone else controls by simply reusing names from an RFC? ISTM that in this case, we are actively encouraging implementers to go look at the domain names we don't control, because we like the resource stored there. That might qualify as an example, but it's not a http://rfc-editor.org/rfc/rfc6761 Section 6.5 *.example.*" example. Does that make sense? > 1) s3.2.2.1: Why is this not using the time-related ABNF from RFC 3339? > > > It says why in the text. Itâs not the same date format, in particular it > adds milliseconds. > > 2) s3.2.2.*: I see that RFC 9559 contains text about language codes, but > this > I-D does not. Why not? > > > The TagString element is defined in RFC 9559 as UTF-8. The language to use > to classify each string is defined by the TagLanguage and TagLanguageBCP47 > elements that can be found in the parent SimpleTag element. > > This new document doesnât mention them because there is probably nothing > more to add than already found in RFC 9559. > > 3) s3: Table 1 and Table 33 of RFC 9559 donât seem to quite line up. If I > interpret whatâs in Table 1 for the lowest level thatâs either a dash or > nothing. Table 33 doesnât seem to allow for those - it allows for âSHOTâ. > > > Table 1 of the new document and Table 33 of RFC 9559 are basically the > same table split in two to distinguish the values for audio and video. For > Audio I couldnât think of an equivalent for a SHOT. Maybe the dash line > should be removed to avoid any confusion. > > Note these strings are just informational, so whatever string you put in > the TargetType doesnât really matter (even if itâs a dash). > > 4) s3: 3rd to last para refers to s24.2 of RFC 9559 for the void string. I > didnât see it there. Is that the right reference? > > > This is referring to this part of the section: > > If an upper value doesn't apply to a level but the actual value to use is > not known, an empty TagString (Section 5.1.8.1.2.5 > <https://www.rfc-editor.org/rfc/rfc9559#tagstring-element>) or an empty > TagBinary (Section 5.1.8.1.2.6 > <https://www.rfc-editor.org/rfc/rfc9559#tagbinary-element>) MUST be used > as the tag value for this level. > > I changed the text to use the same wording in > https://github.com/ietf-wg-cellar/matroska-specification/pull/1036 > > âthe value MUST be set to an empty string "" as detailed in Section 24.2 > <https://rfc-editor.org/rfc/rfc9559#section-24.2> of [RFC9559]," > > 5) s4.5: CHOREGRAPHER (also mispelt), COSTUME_DESIGNER, & MIXED_BY > Descriptionâs entries are missing â.â at the end. > > > I added the fix with typo fix in > https://github.com/ietf-wg-cellar/matroska-specification/pull/1034 > > 6) s4.8: Are multiple values for COMPOSER_NATIONALITY supported for > composers > with multiple nationalities? > > > Yes, you can use multiple times the same tag name at any level to âaddâ > values. Itâs better than putting all the values in a single element. See > section 3.2.2. > > 7) s4.9: s/The number of time the/The number of times the > > > Also added to > https://github.com/ietf-wg-cellar/matroska-specification/pull/1034 > > 8) Some thoughts on Security Considerations: > > 8.1) Some of the tags do allow for âidentifyingâ information to be stored, > e.g., names, email addresses, location, so you probably need to say > something > about the privacy implications of including values for these fields. > > > Indeed! > I proposed a new section here > https://github.com/ietf-wg-cellar/matroska-specification/pull/1037 > > 8.2) COMMENT (s4.9) can be anything so maybe something needs to be said > about > not including information in the tag that the person applying the tag > wouldnât > want to share it. E.g., I put âThis reminds me of my bossâ in COMMENT and > then > I stream the track and the track is Johnny Paycheck's âTake this Job and > Shove > Itâ :) > > > I added both ânested informationâ and âuser informationâ in the tag values > that may need restricted access for things that should not go public, (or > in the wrong circles). > > 8.3) PURCHASE_INFO (s4.12) is a URL where you can buy somethings so maybe > you > need to say something about not blindly following the link to buy > something; > i.e., is this a potential phishing vector? > > > Indeed. We used to have other URLs in the format but we removed them. So > tags are the only place where there is one. > I proposed a new section here > https://github.com/ietf-wg-cellar/matroska-specification/pull/1038 > > 8.4) Since there's no security standardized (as per RFC 9559), might be > worth > noting either generally or as it applies to certain tags that you can't > rely on > the values present. Like say "LAW_RATING" is set to like "X" and then later > changed to "G" - is that a concern? Or that the PURCHASE_PRICE was $1, but > it > gets made $1,000,000.00? Or the date is moved back or up? Or that all of > the > legal fields get changed/removed? > > > This is a valid concern. However Iâm not sure how we would say anything > about that. These values are informational. They are definitely not legally > binding when you use the file. Anything using these values as tamper-proof > would be broken. > Sean/Steve, is the point here that it's not possible to detect when a tag has been modified, either innocently or maliciously? If https://www.rfc-editor.org/rfc/rfc9559#name-security-considerations handles this, it seems to be in this text: *Matroska Reader implementations need to be robust against malicious payloads. Those related to denial of service are outlined in Section 2.1 of [RFC4732].* and https://www.rfc-editor.org/rfc/rfc4732.html is, of course, focused on malicious DoS attacks - "denying a user of the service of their money" doesn't seem quite the same as what RFC 4732 is talking about. If we need to say something about unprotected tags, I would think that needs to happen in the base Matroska specification (RFC 9559), rather than being handled in -tags. Does that make sense? Best, Spencer > Thanks again, > Steve > _______________________________________________ > Cellar mailing list -- cellar@ietf.org > To unsubscribe send an email to cellar-leave@ietf.org >
- [Cellar] draft-ietf-cellar-tags-19 ietf last call⌠Sean Turner via Datatracker
- [Cellar] Re: draft-ietf-cellar-tags-19 ietf last ⌠Steve Lhomme
- [Cellar] Re: draft-ietf-cellar-tags-19 ietf last ⌠Spencer Dawkins at IETF
- [Cellar] Re: draft-ietf-cellar-tags-19 ietf last ⌠Sean Turner