IETF Logo Mail Archive

[Cellar] Re: Andy Newton's Discuss on draft-ietf-cellar-tags-20: (with DISCUSS and COMMENT)

Steve Lhomme <slhomme@matroska.org> Tue, 24 February 2026 08:41 UTC

Return-Path: <slhomme@matroska.org>
X-Original-To: cellar@mail2.ietf.org
Delivered-To: cellar@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6289ABCE86F5 for <cellar@mail2.ietf.org>; Tue, 24 Feb 2026 00:41:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=matroska-org.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WoVAcBTtDFDz for <cellar@mail2.ietf.org>; Tue, 24 Feb 2026 00:41:01 -0800 (PST)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F0671BCE8649 for <cellar@ietf.org>; Tue, 24 Feb 2026 00:40:35 -0800 (PST)
Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4836fc075d2so6189505e9.0 for <cellar@ietf.org>; Tue, 24 Feb 2026 00:40:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=matroska-org.20230601.gappssmtp.com; s=20230601; t=1771922435; x=1772527235; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=85NR7GYU67Zzu95OPsLpXEZvHn/rZIoCvhTwQxXQB1E=; b=g3DbiFHYhLn4jEsOtSv7g2K0zvHgeNt4mVAdkznyikNaaXdQkvpiQYIb84GwH4o58t jL3Z1xHCwCXbFa3vGGhzUQ1Gt0H0z23vQz8J+pJ4Tw6xiNItGGtIHLYCmB64fqv1P6Pw yXCISwaHRt5fsFCTX2XWRutVy+zZuXtLmiu1oa76EeLiFJsJDxK+KzdbeUNlt3Z+HH00 2wkojKcsdhEhe74mXJ6zo4/Xq07H525/1Sg99ZFERLl/mY3cqSu2+u3bY8IvBRdPst6K s9DuipKu9OY5XPCOv4se++XEDuUlI6FRyk57p7jacquVsUfefXA0VjhB1dF1H0jcAQ7z l/Bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771922435; x=1772527235; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=85NR7GYU67Zzu95OPsLpXEZvHn/rZIoCvhTwQxXQB1E=; b=cVW0gbHz1n8jHkfQAdiyloARZ6liygWuwPbaD/IrojtjWOFT2f9WHqhMA+oIZCIOfN pvpBsuuLsbq5aJZmSHaildukRs4Qz4y6Ce0/Smv7dg+8Ux9H8Ty2apqGEGzskL4aoU4s 5S978cduXDCJ5VAyatovaxsKdRhOi6NqouilmI9qgQPfKZx/HJig3ftrcdpeeZJBFnHK lRvEq1kKYKHPBSmcJwp3qoEmL9bKErFBwbe/aCe7wlAlLxdkSPCNkBpDt7ICRIvYBQfq 9OXPGp5oltJ0Z7I2JUIhE3SiVAkhQXawf9r5ofd3QN545U64mG+lW0eSFJEeNNE6NjxB mpdA==
X-Forwarded-Encrypted: i=1; AJvYcCVtZWK7DpSahzS2U1PsGb5SUGrW96jU7RbzvPydfDaxLyo+ZqQM4PrhQ0e6u09WdGgx59VUFwE=@ietf.org
X-Gm-Message-State: AOJu0Yymx7PRgZJQwft0m+yf3bndoBbQmfRZS3EZexVXfhSMMdASfEfb EmAh2CkT0I6UJEsUKEqYhnSsj3MRKj2G6E+nGKI5Gp+Af1opX8dSqyqVlVnCqCP77w==
X-Gm-Gg: AZuq6aJt0TmBfR7IZL8S/k0O9ajSCMlj8t+xKednTCPwEArnYk0QbcOdWlo68TOj/Nk 203E1WWiMRuTykXf1n+N9j3lb1itCpkOk3WBjFORXG4w6sMVq8eINmquiEv/pPMJ/QmqEL15et6 xrvtNFvKVdtyr3E0QPb3FQ5JwxvIDKT3DSXSRXZTAd54g75BcV0Zr6z0K6F0dhgcG+/ZV9ssXc8 KxshrZO+ztt+u1yfzw3NL8gNck+8rORMeDxaXxLVvxj3c2Qg921gluG/itD/9pGPVZ14DzOq0y9 Bnjpyscl9DxXY+fpyogIkpBKURuEGvTtmkxm27+pDQpu2Tw6uMO1SyWvpRONxcPTVgX94dNJoyz X1Wj8utNhxF8qIKlp5CZjy4/KqQN5o/p7kzCPP1Tpy9m4tg/nCCQKbWVzyI/uOwgrQGbxht4wbK 4vvJE+GnRhX2mIp9+Bj8dKG4ePIsHANUjwimjyg0oH8w89OUXL
X-Received: by 2002:a05:600c:34cb:b0:477:a16e:fec5 with SMTP id 5b1f17b1804b1-483a9555ad9mr111455785e9.0.1771922434763; Tue, 24 Feb 2026 00:40:34 -0800 (PST)
Received: from smtpclient.apple ([2001:861:34c4:290:f1e7:8a96:d824:d0ca]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b8919db6sm13061265e9.31.2026.02.24.00.40.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Feb 2026 00:40:34 -0800 (PST)
From: Steve Lhomme <slhomme@matroska.org>
Message-Id: <6C77B8F2-0F2A-4D4F-98CC-142A4FD01F10@matroska.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C7C2F390-49C9-40AA-BC0B-F8BB76386EAD"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81.1.4\))
Date: Tue, 24 Feb 2026 09:40:23 +0100
In-Reply-To: <CAKKJt-fx+PMbhVkyrLCcAF5fW9S1pZcXE9dMvcz-DVv3j2b78A@mail.gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
References: <176772159265.3617026.15718053658319749010@dt-datatracker-5656579b89-p6k4r> <399A5709-05A1-4160-B89B-13ECE136819E@matroska.org> <f615485f-3e99-4e6f-b070-22aaaabcfd7f@hxr.us> <CAKKJt-fx+PMbhVkyrLCcAF5fW9S1pZcXE9dMvcz-DVv3j2b78A@mail.gmail.com>
X-Mailer: Apple Mail (2.3826.700.81.1.4)
Message-ID-Hash: 64UVFJZTFLBHVPUCRVVMEKPDD7KBNV5X
X-Message-ID-Hash: 64UVFJZTFLBHVPUCRVVMEKPDD7KBNV5X
X-MailFrom: slhomme@matroska.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cellar.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andy Newton <andy@hxr.us>, The IESG <iesg@ietf.org>, cellar-chairs@ietf.org, cellar@ietf.org, draft-ietf-cellar-tags@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cellar] Re: Andy Newton's Discuss on draft-ietf-cellar-tags-20: (with DISCUSS and COMMENT)
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/srlpcDxlinEhlDwWXnWI8xcfgKA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Owner: <mailto:cellar-owner@ietf.org>
List-Post: <mailto:cellar@ietf.org>
List-Subscribe: <mailto:cellar-join@ietf.org>
List-Unsubscribe: <mailto:cellar-leave@ietf.org>

Hi Spencer, Andy,

> On 23 Feb 2026, at 17:41, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> wrote:
> 
> Hi, Andy and Steve, 
> 
> I'm following up on your DISCUSS ballot. I see one DISCUSS comment that hasn't been addressed (and I don't think it's been DISCUSSed enough). 
> 
> I THINK ...
> 
> On Mon, Jan 12, 2026 at 2:08 PM Andy Newton <andy@hxr.us <mailto:andy@hxr.us>> wrote:
>> 
>> 
>> On 1/11/26 7:20 AM, Steve Lhomme wrote:
>> 
>> > 
>> >> And from your Security Considerations sections:
>> >>
>> >> 1671       Most of the time strings are kept as-is and don't pose a security
>> >> 1672       issue, apart from invalid UTF-8 values.  Implementations MUST
>> >> 1673       validate TagString inputs for UTF-8 correctness and reasonable length
>> >> 1674       before use, in accordance with the security considerations in
>> >> 1675       Section 10 of [RFC3629].
>> >>
>> >> I think you have to apply RFC 9839 to make a statement that UTF-8 values
>> >> don't apply a security risk.
>> > 
>> > Not being a UTF-8 or security experts, I’d rather stick with the Security Considerations of the  RFC that defines UTF-8. 
>> 
>> The problem is that you say the strings "don't pose a security risk", except 9839 discusses why they can. IMO, you can't make that claim without accounting for problematic code points.

It doesn’t say it’s not pose any security risks. The full sentence is “Most of the time strings are kept as-is and don't pose a security issue, apart from invalid UTF-8 values.”.  And the paragraph has a link to the section has a link to the security of considerations of RFC3629.

> ... Andy is asking that our Security Considerations point to RFC 9839, and especially to Section 3 of that document. The point is not that CELLAR has to figure out how to avoid security risks, it's that we need to point out risks for problematic code points. 
> 
> If I got that right, I'd add 
> 
> [RFC9839] discusses the risks encountered with problematic code points in more detail.
> 
> to the end of our paragraph. 
> 
> Does that make sense?

Yes. I added a Pull Request to mention the security considerations of RFC9839: https://github.com/ietf-wg-cellar/matroska-specification/pull/1074

It itself references the security considerations of RFC8264...

> Best,
> 
> Spencer

v2.46.0 | Report a Bug | By Email | System Status