IETF Logo Mail Archive

Re: [media-types] Thoughts on suffixes, single and multiple

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 12 April 2024 08:28 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39717C14F60C for <media-types@ietfa.amsl.com>; Fri, 12 Apr 2024 01:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9z1c9sfaInyK for <media-types@ietfa.amsl.com>; Fri, 12 Apr 2024 01:28:16 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2105.outbound.protection.outlook.com [40.107.8.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26957C14F5F9 for <media-types@ietf.org>; Fri, 12 Apr 2024 01:28:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PuJfRwp9tgIxw/uxV8mglufV9Nmd0TImXPCgsE0LKG1g4EfAMhdDnczfypvjrjs94SkHUaOJmYf1iEUxiqO3qAC8ILj63b182PYX3puT1BT8bHuBN7eYOiV1WBIMiREP7pVqQNKekVhEXoAVVCS6HCLm4AK6ycc+4Q7JAmi8KlzwX6oK1dGdxt6WhNHovp2enQQ7LIn7jHG8fpXa9Vb1AZ9emEp1DaC4hC08PCaQmZORbOEph23XKU777Yz9jp8JOIY1C4nyJ3B/T7/Gr5b8hwgmOZSjeh3d457y5hWyGx+rMkze/11QVzKODFLqRu0Tb2viqJ0WKOEkb0+X4HIC9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gw6uT78UusTYSj1z4O/m7dvBz8VXnVSvmFGziYewq8c=; b=DO1wqqDMg5NXSlHheKOBJN6KqejivisKGb8+ZvH3KCuKUBh3GMZyV60wbf8pqonxgkKTOyZH3cf/3MgXw88CMQ5V7htF5sIYewLDCxaUskVmv3EQOXlkBlZ2jLCFlDOAisfcay/b0jG8gEo3XlpPjyVkQXB/IUVI25i7gB53UJ3zi3OIc1uVeJGUn96UxmmKY65eINS+n7WG1ohsIUgOGGreDBSM6KahHL1AktuK/uOddpt2Qy+ckZd/4BquYirDlQAELxNZbJX59HDbT8Sth6j/zcXaTaV3knCxoTIOvVBoz5qHi0i0aBJPlxSZkMxf0GCtt4fwevGKq00xZtzSgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Gw6uT78UusTYSj1z4O/m7dvBz8VXnVSvmFGziYewq8c=; b=whrJpRdCYveIJ202X0Tf0pa/36Htr2Z7XOHHmd62/FM+iJi1QlsvDJ95hA2Fe9g4miI/Z/hSetU0KiyxWfcaEvsGtly3NlmxVW7VXHjUbRKe2UucgfDAEgMlyXUBnIrUekDIccMvT/nDut+VbJnljhbMOBSRV52KZisd8emBRak=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DBAP190MB0998.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:1a6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Fri, 12 Apr 2024 08:28:12 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::2058:88ab:2f5a:8c02]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::2058:88ab:2f5a:8c02%7]) with mapi id 15.20.7409.042; Fri, 12 Apr 2024 08:28:11 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Orie Steele <orie@transmute.industries>, Manu Sporny <msporny@digitalbazaar.com>
CC: IETF Media Types <media-types@ietf.org>
Thread-Topic: [media-types] Thoughts on suffixes, single and multiple
Thread-Index: AQHahZBhsu/WK9m5MEO52YHqUEh0GrFXun8AgADXNYCAALOsgIAAkpKAgAABhVCAAcZ2AIAEEGXwgANzPgCAACKoAIABFPsw
Date: Fri, 12 Apr 2024 08:28:11 +0000
Message-ID: <DU0P190MB197838E794806380E03267CBFD042@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <2E20FEDE-C766-43EE-A6E2-1FB63E79CF0B@mnot.net> <1c404c4d-437c-464a-b414-4e0d39c1d8ea@alvestrand.no> <E83E80FF-5810-4A53-85D8-E5095F9C1C1C@openlinksw.com> <837B503B-B9F9-40F7-8078-7D1BCD66D076@mnot.net> <CAMBN2CTMk8GDeUT0ObHcW=xxaRMzd75PrtWwLa_YB-4JoF_FxA@mail.gmail.com> <DU0P190MB1978FF21206D608D2AECB9C2FD032@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CR4xT5BAsAN7ocWp4q84Bi8tb98ALGg7oUNobYYxgpKaw@mail.gmail.com> <DU0P190MB1978F8522FD3B435FD2401E2FD072@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com> <CAN8C-_LvLCk4yzvNeb6FeTy4h6oxqALtYvF7wweizt-HJMNisg@mail.gmail.com>
In-Reply-To: <CAN8C-_LvLCk4yzvNeb6FeTy4h6oxqALtYvF7wweizt-HJMNisg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|DBAP190MB0998:EE_
x-ms-office365-filtering-correlation-id: 0f94deec-2e83-4013-b078-08dc5aca7db8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J7wRzu712Gzmm2Zlg2sDSMWOmk6li7EbcLfDGo35jDs8B65/6HtDBJ81LXvkZ0xhZ1hvDyemumS1ZbASfiUu9QdmLYlBaiKPOeMhRBIFoZCuLO0n5BEkn+0ny7PUdgUUv4WPumMsgvxR9rWEawz+zcgdqDsbgdRcJFQx5pEANVv9noy+D2MMf1j6dFszVCVFMZ7fLL84JEq2muW5bmlpbOlT/Lt61Duzq7iMCs2FaXWcNAsO0pjkEoDOblt6xBOsKA1kSqULXhmSq9Z/fxt18hjdsFZM7y4dB5l1kuITR/8irIgz7xJgYr3pD+t6vtV3l3raw188TKTGAkZEAoMCOvI2f6lMgF0TVN3ykp5ifPXW2XVZlQRTCp69nGPN0YiPxZBXqjApAVbaWYoBjGR6NSYe8zsS999Pf8IXEF/0G9a0CNKAnYZMa7jUF7BKKZNPP9r1aAmn76pml2JRyxgotXd8xewFDUpU78/SonxlcvO4niqQeddh6PO2hTD6fhTtVAGVH/pLjps+1MSy41QKOp5enkGKIklcF1fnJkjMpkQFtNKCDKTH55WpOxz1xhsczapzyzwb79zbCYBVxUa4IxCgry69hDmBUqpzxjFnkp2Ej43ZKU499rBL/o9yLjvUrATc6EKIy2bqdfDN9VPLz4BXwsgPS1QKsvfjYL0hc+rc7Fm/Vae8hqnbCPWPqIa5
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007)(38070700009)(4143199003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EOJC9Fnuov7b8khrqccn9CuL5uTbbbXojYTCkQ6dhIuSyEGE1goCOlEpTa2mpOTzxN67Mk6jewf3F8EKFMP4SoKHXIg7R4hT8M0pZeun70sdN5OVG+Rjga7f9cXc4IdplVWHFVz0OLa89EjbicWIzN+C2nV0Gm+zq8Mm5JrO0ZpRrS3Z9qGxbddiPlUP8rSzSWVkqTY4u0yHQrZH/0VLy2vUbKsB1TC5qAMCOzT6sOkoMQKlf8m+FVSs90KZ3Veivi4GI+m9/ZU69KfjijfkRLxqFH8aeqHsbPXrX1kfpMyhUwbywAI+ucREBlP2wmSLCKPiGHaoU0Bi7QnVgntVtX931fDrbTGXTL+THiQIb85C8rJzoOWlFOGx4oDQM7dLzUJUZ/B/t/2I8RhjlUFo6GpZlXMKYQAZcdup35nl+kc1lUN+j+pEnsv6n8Xqo4UqFcV7Vgm0N1Dr7/Lq3DCy2tdqiBjvEqgyUNVEkAXhcDOJIW7LYQv8EvHWCM47zVlR2jwrkwR6vhfYDWJcbNyyTajZdUReim2cicFvPCE+kSzkLF9/61cjRxvA7YZWpMdo7FE6T6+set80+vjCl/eqSWNBdzLZD2nt5yK1nHctCAC42ZzLICYMB1ZF6cmNkEHa99gkcvqe8JL7ji27JssK1HB24J++jhcKdum2ChJcTjln/xfPXE9aB07S2eYQxAZZzf38Lw2zHInQgStldA2D7DuroEkb4gvMvkhHKzYP67sde7fJFTGx2hVvF8vEEwRblUc+axn1WIjKuCHGcJlTSyDkwg4epp/J1huELA+6KZQ5m8yu7wHiOJp4misCQJY6u21zhTzIGlmNh36C6jOxfN875sMrlsmaT1uG6Qrv6qLx2g1uwrBokzKscxK4tLvYDjQEORljCEbvbp3dxWfBMQH88fzczpykI2EbYgJRvcAP7xNtoVVHpxEOqIugoQUtzVl8oZW0onG3BaZkBssNutQBcACvt2e6dJESXkRWpWna7obvqBNx0kjSB7LBV03eFy4TnTbOP7dg0mUeEPzlTm6ua9TrcPXAc1uKBqjUTXy6SqZBnEAXfPRgdaD3WemleiLGUCPZCoj1gA8YSU2ENym8WyJoiF8/rjKhaJXMYLxNxdThHIz91+wYdpHko+scUkKqaHaYRTU1hrXlpVMM0jMqkuGNA/MadS6+MzZ3INI9yRIiGJa+QOA5KYcsNcJACoFBidP1WjyJOdqKY2+v6GhGOB97iadhE7HZeunC7Z3TermDGlQbUmq8hvjG1veU1OR8opbOP0mJBEs/GxXe0JyD424Hl8eDbW8W9EAjkDCiTYczRIWdV1I6as4wA81oCaoHPhfsiXTSFX6D/R8I9REKyjIqONn4/2MoX4VqKUifRODiEcWWy0SbV5qV62Mbcv4WBzIfphmkOCX6NiMYN9F6uwRuRfGmLtsKIMxOIUkJ+FpMxLHwCE47bE/71Gyrkb9cygjyenKfYN6t8jzxG7QeuLz7wXGqTBnpMmgeTt1Wz3OTxge+aSi0Sng/8HPYQ3351Ppv+4DjxSV4xc1gmMpCIeuAJs1o6HdoMwlJ3Dv6VgsIbG/ePil56k6AFEUwIzGQjeXZzLP4fKI+A3WVAPnP5Irg5si3Tx7YnMXqncJDHGz3DS5U7/uhomhPplMJFCCi/MEPu9eyyoibLVIuQw==
Content-Type: multipart/alternative; boundary="_000_DU0P190MB197838E794806380E03267CBFD042DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f94deec-2e83-4013-b078-08dc5aca7db8
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2024 08:28:11.8668 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: usjGR9ikGuF3Ju4Ih06IHYaJBODCtgI0XQMuiMfqnkXypd1LXIjOHF5pSGdZ7l//holHm/w8m3vXE7m8sMy++TYGgxoxRiAjbdhdx2hjkD8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAP190MB0998
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/KtqpB-gWNJZojB7-g7K9UTScO4E>
Subject: Re: [media-types] Thoughts on suffixes, single and multiple
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 08:28:21 -0000

Discussion continued on Github: https://github.com/anima-wg/anima-jws-voucher/issues/7#issuecomment-2049753674



In summary, "voucher" is indeed a single YANG-defined data model with multiple possible serializations and signature methods.

Using "voucher-jws+json" looks fine because the JWS voucher is actually always encoded in the JSON serialization, hence +json.

While the authors could have registered a new single suffix for JSON-serialized JOSE (e.g. +jose-json or +jwtjson or so) this was not done.

I guess because it's extra text and doesn't add much benefit to the core protocol operation where both parties already know the type, whatever its name.



And multiple suffixes wasn't "ready to use" yet.



Esko


From: Orie Steele <orie@transmute.industries>
Sent: Thursday, April 11, 2024 17:55
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Esko Dijk <esko.dijk@iotconsultancy.nl>; IETF Media Types <media-types@ietf.org>
Subject: Re: [media-types] Thoughts on suffixes, single and multiple

See the IANA registries:
jose
application/jose<https://www.iana.org/assignments/media-types/application/jose>
[RFC7515<https://www.iana.org/go/rfc7515>]
jose+json
application/jose+json<https://www.iana.org/assignments/media-types/application/jose+json>
[RFC7515<https://www.iana.org/go/rfc7515>]
and:
cose
application/cose<https://www.iana.org/assignments/media-types/application/cose>
[RFC9052<https://www.iana.org/go/rfc9052>]
Note that there is no "cose+cbor", because cose is CBOR.
Whereas "jose" is the compact representation that uses base64url and "."

Regards,

OS

On Thu, Apr 11, 2024 at 8:52 AM Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>> wrote:
On Tue, Apr 9, 2024 at 5:56 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
> Kind of like a digital bazaar of formats ;-)

*lol* I see what you did there. :)

> The media type is currently stated as "application/voucher-jws+json" - see first introduction paragraph.
> I'm assuming this is correct as the outer envelope appears to be JSON (Section 3.1 defines this).
> There was a long discussion about using "voucher+jws" or other names instead:
> https://github.com/anima-wg/anima-jws-voucher/issues/7

I've now read the entire thread, thanks for the pointer.

Yes, this highlights the current confusion around media type suffixes.

Using "+json" as the suffix when the syntax of the message is clearly
not JSON is just plain wrong.

Using "+jws" or "+jose" as the suffix if the syntax matches the "JWS
Syntax" is problematic because it doesn't specify if "JWS Compact
Serialization" or "JWS JSON Serialization" is used. If you're using
the former, the pattern seems to be to use "+jwt" (JOSE experts,
please correct me if there is more nuance to this). If you're using
the latter pattern, it's not clear what the suffix should be, though I
know "+json+jwt" has not received unanimous support previously, and
that might signal that the JOSE community needs to register another
suffix for "JWS JSON Serialization" form.

> The end goal of this work is to have one "Voucher" data model, that can be presented in both JSON and CBOR, and signed in multiple ways (e.g. CMS, COSE, JWT i.e. JOSE, ... )

Ah! This is interesting. That is the same model that the W3C
Verifiable Credentials WG has adopted, which triggered the whole
multiple suffixes discussion in that group. Are you saying that
"application/voucher" could be thought of as a meta model (there is a
set of information that you are encoding there), but the syntax isn't
determined until you serialize it to JSON or CBOR, and then it's not
secured until you use COSE, JWT, JOSE, etc?)

This is all useful information as it demonstrates that at least two
groups came to the same sort of design through completely independent
operation, and are now being hit by the "which suffix should we use?"
discussion. If I had to guess, you're probably exploring something
like the following:

* application/voucher+jwt
  * Base64 encoded JSON payload of voucher data model
* application/voucher+jose or application/voucher+jws
  * JWS JSON Serialization with base64-encoded JSON payload of voucher
data model
* application/voucher+cose
  * COSE CBOR serialization with ??deterministic?? CBOR payload of
voucher data model

What am I getting wrong wrt. the above?

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

_______________________________________________
media-types mailing list
media-types@ietf.org<mailto:media-types@ietf.org>
https://www.ietf.org/mailman/listinfo/media-types


--



ORIE STEELE
Chief Technology Officer
www.transmute.industries<http://www.transmute.industries>

[https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc]<https://transmute.industries/>

v2.23.0 | Report a Bug | By Email