Re: [core] [T2TRG] Review of CoRAL

Christian M. Amsüss <> Mon, 05 November 2018 12:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0ED00128CFD for <>; Mon, 5 Nov 2018 04:01:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JwsqD92neEAj for <>; Mon, 5 Nov 2018 04:01:17 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DCEEA1277CC for <>; Mon, 5 Nov 2018 04:01:16 -0800 (PST)
Received: from (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by (Postfix) with ESMTPS id B000A41E9D; Mon, 5 Nov 2018 13:01:14 +0100 (CET)
Received: from (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by (Postfix) with ESMTP id 1A80410A; Mon, 5 Nov 2018 13:01:11 +0100 (CET)
Received: from ( [IPv6:2a02:b18:c13b:8010::71b]) by (Postfix) with ESMTPSA id A357B5B; Mon, 5 Nov 2018 13:01:10 +0100 (CET)
Received: (nullmailer pid 9079 invoked by uid 1000); Mon, 05 Nov 2018 12:01:10 -0000
Date: Mon, 5 Nov 2018 13:01:10 +0100
From: Christian =?iso-8859-1?B?TS4gQW1z/HNz?= <>
To: Klaus Hartke <>
Cc: " WG" <>
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sHrvAb52M6C8blB9"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <>
Subject: Re: [core] [T2TRG] Review of CoRAL
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Nov 2018 12:01:19 -0000

Hello Klaus,

(recipients reduced as CoRE indicated interest in adoption)

On Sun, Nov 04, 2018 at 03:56:28PM +0100, Klaus Hartke wrote:
> > * How are compressed URIs expressed in CBOR? Flat [6, "foo", 6, "bar"]
> >   or nested [[6, "foo"], [6, "bar"]]?
> should be flat: [6, "foo", 6, "bar"].

Very well (saves ~10% message size in the 6690 example), now fixed in

> If it improves clarity, the Python code could be updated to operate
> on flat lists instead.

The grouper version is probably more concise than the note that "the
Python code expects base and href not to be input in the trivial
deserialization of a CBOR array, but as a list of (option number, option
value) pairs" that should otherwise be there.

> >                if ':' in i.relation:
> >                    rel = i.relation
> >                else:
> >                    rel = '' + i.relation
> When a relation is provided as a string, the intention is that the
> string always contains the IRI. I don't think the current set of
> IANA-registered link relation types is relevant enough in the context
> of IoT that it should get special treatment.

Indeed. I don't know where the mistake came from -- my mental model
after my current reading of the document was yours, just my the code and
example from March did not match it.

> >            elif isinstance(i, BaseDirective):
> >                base = base / i.iri
> The draft currently specifies that a base IRI is resolved against the
> current context IRI, not the previous base IRI.

Thanks; likewise, I missed updating the current relation number. Both
being fixed.

> > * Is there a difference between a CoRAL registry and a CoRAL profile?
> >   Both terms are used.
> The draft uses the "profile" media type parameter defined in
> <> to indicate the CoAL registry,
> which I think makes more sense to define a new "registry" parameter
> with essentially the same semantics. So "profile" should appear only
> as the parameter name. I've replaced all instances where "profile"
> appeared without this meaning with "registry".

Having read up on them, a "profile" has a no-changes-to-interpretation

  A profile MUST NOT change the semantics of the resource representation
  when processed without profile knowledge, so that clients both with
  and without knowledge of a profiled resource can safely use the same

Given that a client without knowledge of the profile can't process a
representation, the parameter should probably be called something else.

> In general, I think URNs would make more sense for identifiers than
> HTTP URIs, as the latter always look like they could be successfully
> dereferenced. But it seems that HTTP URIs are more popular in the
> Semantic Web...

It's a matter of style; my take: Devices that dereference URIs on a whim
will cause trouble in some form anyway, better let that show on expected
input and not only when under attack. And as a developer, I'd rather
have a link to follow than know where to look up values in


To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom