IETF Logo Mail Archive

Re: [media-types] Thoughts on suffixes, single and multiple

Manu Sporny <msporny@digitalbazaar.com> Thu, 11 April 2024 13:52 UTC

Return-Path: <msporny@digitalbazaar.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F15BBC14F708 for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 06:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digitalbazaar.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5bcjfVuOdqFv for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 06:52:33 -0700 (PDT)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 726B8C14CE55 for <media-types@ietf.org>; Thu, 11 Apr 2024 06:52:04 -0700 (PDT)
Received: by mail-ua1-x92e.google.com with SMTP id a1e0cc1a2514c-7e05b1ef941so2583315241.3 for <media-types@ietf.org>; Thu, 11 Apr 2024 06:52:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalbazaar.com; s=google; t=1712843523; x=1713448323; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=JbnTOwzFKBPETVduUQo16mm8Ezsc37rGCst8nuwbnKU=; b=eQ+LWhL1j+kedyFXRbAEH+GuC0PClq2R/po02z6Cvyjxm4N7PMc+jPSfmOBRTaaO5Z puDl9n/6a21aXhH36V/nNmQIc/YLQhl6mdKqu3RUJto/DPJLI92gH7/4JjfkS2I9eI5y G9GHLn6CKBI1VYEK3bJgOus3hIPV9dYEKaUkb9CKVq5p3DMXgt2+t+RKG7p6c07S+2Ny bQUaRv8EzsaLngmt2m6ADT17YTIDskR5CoG7ujUMq9fdT1naCLyVm1PdMkpFQWWoeQa4 tZ17mrGq2BM/0X4zp8WFrJH7jEXOzdy/tzPmYQgBxptBczeJB6N9wv0bQD3UdJaEYkk9 mwmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712843523; x=1713448323; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JbnTOwzFKBPETVduUQo16mm8Ezsc37rGCst8nuwbnKU=; b=C1qRrg/W1WHN3AgujkrnAPSnHQTY6LDE6fsAeYmT0J0wH4J5+UKJ2CaZrND/e3zgR4 4+8UYRZmOfODrgUpvEA0k9J5jObbMyN4yVH07UT6DxBEjSNKJQAQNhMgJ2G5KLZpUx7c RlvWr9V6APz5Zv0QFnVKLpeovNXYtUvGlZ0mNiRuQ163+1qS94+GlUFUAQbYK41a3wDJ hKR2y+MHTR6gu1QvgyHuCpVOkm0dAA9au0DR4RAZR07Ramt1Q+ilaQxkK9OegtnvBMuZ sT9xfQgssAJU12jt4aFCTnJb/oWF8xNcbwLajY0AwlwsLEqClPthBrJwOxtYk1JSBPYO P8Kg==
X-Gm-Message-State: AOJu0Ywsl86Z5+Mhmn+WZ62qKcj9VSNgor5fS8A0dL6DtNQlapL0TrAd fRfUxYqEtFTeEz2vJba+diH3jXt3UAfQj0wNSDyvpVJNmfskbdnm/3j51IX5LSxDXBnKZeYuGAK bPmOcPxsiekyChN70WVMzMXmPCN+wr/5lyCP1jF2Rl5nUtKssZ3o=
X-Google-Smtp-Source: AGHT+IFIVtpoUCgEH+lpwMUVKhvmXLUKFc+kY0n1YMPiVxFryzRN9TBM9qs1g+c1oqdnIfLJjBoJhSPzCOO3l4P1sZE=
X-Received: by 2002:a05:6122:4582:b0:4da:aabe:6f6c with SMTP id de2-20020a056122458200b004daaabe6f6cmr6150898vkb.7.1712843522970; Thu, 11 Apr 2024 06:52:02 -0700 (PDT)
MIME-Version: 1.0
References: <2E20FEDE-C766-43EE-A6E2-1FB63E79CF0B@mnot.net> <1c404c4d-437c-464a-b414-4e0d39c1d8ea@alvestrand.no> <E83E80FF-5810-4A53-85D8-E5095F9C1C1C@openlinksw.com> <837B503B-B9F9-40F7-8078-7D1BCD66D076@mnot.net> <CAMBN2CTMk8GDeUT0ObHcW=xxaRMzd75PrtWwLa_YB-4JoF_FxA@mail.gmail.com> <DU0P190MB1978FF21206D608D2AECB9C2FD032@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CR4xT5BAsAN7ocWp4q84Bi8tb98ALGg7oUNobYYxgpKaw@mail.gmail.com> <DU0P190MB1978F8522FD3B435FD2401E2FD072@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <DU0P190MB1978F8522FD3B435FD2401E2FD072@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 11 Apr 2024 09:51:26 -0400
Message-ID: <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: IETF Media Types <media-types@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/IXPlJAkBNRjh0CoX9b8VldhKBwk>
Subject: Re: [media-types] Thoughts on suffixes, single and multiple
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 13:52:38 -0000

On Tue, Apr 9, 2024 at 5:56 AM Esko Dijk <esko.dijk@iotconsultancy.nl> wrote:
> Kind of like a digital bazaar of formats ;-)

*lol* I see what you did there. :)

> The media type is currently stated as "application/voucher-jws+json" - see first introduction paragraph.
> I'm assuming this is correct as the outer envelope appears to be JSON (Section 3.1 defines this).
> There was a long discussion about using "voucher+jws" or other names instead:
> https://github.com/anima-wg/anima-jws-voucher/issues/7

I've now read the entire thread, thanks for the pointer.

Yes, this highlights the current confusion around media type suffixes.

Using "+json" as the suffix when the syntax of the message is clearly
not JSON is just plain wrong.

Using "+jws" or "+jose" as the suffix if the syntax matches the "JWS
Syntax" is problematic because it doesn't specify if "JWS Compact
Serialization" or "JWS JSON Serialization" is used. If you're using
the former, the pattern seems to be to use "+jwt" (JOSE experts,
please correct me if there is more nuance to this). If you're using
the latter pattern, it's not clear what the suffix should be, though I
know "+json+jwt" has not received unanimous support previously, and
that might signal that the JOSE community needs to register another
suffix for "JWS JSON Serialization" form.

> The end goal of this work is to have one "Voucher" data model, that can be presented in both JSON and CBOR, and signed in multiple ways (e.g. CMS, COSE, JWT i.e. JOSE, ... )

Ah! This is interesting. That is the same model that the W3C
Verifiable Credentials WG has adopted, which triggered the whole
multiple suffixes discussion in that group. Are you saying that
"application/voucher" could be thought of as a meta model (there is a
set of information that you are encoding there), but the syntax isn't
determined until you serialize it to JSON or CBOR, and then it's not
secured until you use COSE, JWT, JOSE, etc?)

This is all useful information as it demonstrates that at least two
groups came to the same sort of design through completely independent
operation, and are now being hit by the "which suffix should we use?"
discussion. If I had to guess, you're probably exploring something
like the following:

* application/voucher+jwt
  * Base64 encoded JSON payload of voucher data model
* application/voucher+jose or application/voucher+jws
  * JWS JSON Serialization with base64-encoded JSON payload of voucher
data model
* application/voucher+cose
  * COSE CBOR serialization with ??deterministic?? CBOR payload of
voucher data model

What am I getting wrong wrt. the above?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

v2.23.0 | Report a Bug | By Email