IETF Logo Mail Archive

Re: [media-types] Thoughts on suffixes, single and multiple

Orie Steele <orie@transmute.industries> Thu, 11 April 2024 15:55 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18C3AC14F691 for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 08:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZXh6w-8W46q for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F8FC14F682 for <media-types@ietf.org>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-2a2f82ded89so4494511a91.1 for <media-types@ietf.org>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1712850939; x=1713455739; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=47mbLHCyU//xQQ4in1kyRRtEUNV4Y307R8G6vt+JEGQ=; b=P+03pI2Leh8m7++jyPW8XIEkDaNhFATU/vh0vAKa7Ah9RBBh6iWkrmW6iiXa+S99Am FeRBCs/jeWn5okFFaXhkoLFGb7PXvw26H3GL+3oKWJG5gsV9q4H7V+/pErexEcQhpVtL ttJr2je66Vbau8lng/rNS3c4kRnz2yonSGZevJa5h2jQgfSQinVkPXnOkIDdD+N7HAVo et4H6Vp4+ZwU/ML9IAgK4qLOYt8lCkQ620dvELxqKvC3goFUq58sld8TVcfTz/4Y1JEr AscF4n8qqfqjHhDd0TiTGF2GZtZJqkkIosUFSX86w6WkjbY0iclwlrwpKeUGeuGWQZ0t iCcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712850939; x=1713455739; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=47mbLHCyU//xQQ4in1kyRRtEUNV4Y307R8G6vt+JEGQ=; b=hmi7d8RMUPsLic9bEoh93MlbSnjLeuk6RajioHCbe0JUEsWJRhSoJAbSBBvsIOeZr4 VOYhXAgB/X430FVuXNY78JZiK23DdvIXr+gxpVY5xDnPZtZL2aJx3qVG20/zIebos4S8 d+FLEcxqAAvkDAxFcncYkRoNmA7hIY3IO39JmPEdx+O9L8QaZO6lcZdGoMobwvHaf6z1 XCiT9CKRy3R5LAYnbflqIGk8aFJ9aNfmSpbuqdv2qqb+Ee26t56r/GwJMXHwP13Vw952 MXSHPXA5Mp2u1yrXAbYG+5BYodfKDp2LqIJNQ3SI9HsJtPXpQVKwt+xsT5He9RR5l8zY Ptag==
X-Forwarded-Encrypted: i=1; AJvYcCXkPNswS3gg+O2ISX1lab3WuccPNvCtegddG6V3uxY1/dG7nVU6vLQty79JdCViJ4FLmNXnDQJ/xpu2QCgGqUcvXrptgw==
X-Gm-Message-State: AOJu0YwlUPpHOudAXExBzzsD5Mn+mHGtCCpkhE5yiFF5dcm0e//rCCKL e55pbNNb+cejdDo4rGlmK3kqpNelezXF2iP4at0DODlefwaIVlIAhVzOZAb2TlGA1qdKwefhtsp UtK4IXqDQWm4xzw0AZGg5smxrAr0DIXTkg1Xnw1wdb0ZINQf/aY/1lw==
X-Google-Smtp-Source: AGHT+IFnsq5o6Nk9Koq5Oz9yfSutLW/ZGwTPpVpwe/UBMIqeF3MvmC5xVZD666XXSCN8pdBpCKXEn8QJGuDj//2YIgI=
X-Received: by 2002:a17:90b:1c0e:b0:2a6:bd41:a05e with SMTP id oc14-20020a17090b1c0e00b002a6bd41a05emr233112pjb.9.1712850939272; Thu, 11 Apr 2024 08:55:39 -0700 (PDT)
MIME-Version: 1.0
References: <2E20FEDE-C766-43EE-A6E2-1FB63E79CF0B@mnot.net> <1c404c4d-437c-464a-b414-4e0d39c1d8ea@alvestrand.no> <E83E80FF-5810-4A53-85D8-E5095F9C1C1C@openlinksw.com> <837B503B-B9F9-40F7-8078-7D1BCD66D076@mnot.net> <CAMBN2CTMk8GDeUT0ObHcW=xxaRMzd75PrtWwLa_YB-4JoF_FxA@mail.gmail.com> <DU0P190MB1978FF21206D608D2AECB9C2FD032@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CR4xT5BAsAN7ocWp4q84Bi8tb98ALGg7oUNobYYxgpKaw@mail.gmail.com> <DU0P190MB1978F8522FD3B435FD2401E2FD072@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com>
In-Reply-To: <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 11 Apr 2024 10:55:28 -0500
Message-ID: <CAN8C-_LvLCk4yzvNeb6FeTy4h6oxqALtYvF7wweizt-HJMNisg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Esko Dijk <esko.dijk@iotconsultancy.nl>, IETF Media Types <media-types@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c9fb990615d42fc1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/ixbbk27g-Bidgc3PZNclDbTHHms>
Subject: Re: [media-types] Thoughts on suffixes, single and multiple
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 15:55:44 -0000

See the IANA registries:
jose application/jose
<https://www.iana.org/assignments/media-types/application/jose> [RFC7515
<https://www.iana.org/go/rfc7515>]
jose+json application/jose+json
<https://www.iana.org/assignments/media-types/application/jose+json> [
RFC7515 <https://www.iana.org/go/rfc7515>]and:
cose application/cose
<https://www.iana.org/assignments/media-types/application/cose> [RFC9052
<https://www.iana.org/go/rfc9052>]
Note that there is no "cose+cbor", because cose is CBOR.
Whereas "jose" is the compact representation that uses base64url and "."

Regards,

OS

On Thu, Apr 11, 2024 at 8:52 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Tue, Apr 9, 2024 at 5:56 AM Esko Dijk <esko.dijk@iotconsultancy.nl>
> wrote:
> > Kind of like a digital bazaar of formats ;-)
>
> *lol* I see what you did there. :)
>
> > The media type is currently stated as "application/voucher-jws+json" -
> see first introduction paragraph.
> > I'm assuming this is correct as the outer envelope appears to be JSON
> (Section 3.1 defines this).
> > There was a long discussion about using "voucher+jws" or other names
> instead:
> > https://github.com/anima-wg/anima-jws-voucher/issues/7
>
> I've now read the entire thread, thanks for the pointer.
>
> Yes, this highlights the current confusion around media type suffixes.
>
> Using "+json" as the suffix when the syntax of the message is clearly
> not JSON is just plain wrong.
>
> Using "+jws" or "+jose" as the suffix if the syntax matches the "JWS
> Syntax" is problematic because it doesn't specify if "JWS Compact
> Serialization" or "JWS JSON Serialization" is used. If you're using
> the former, the pattern seems to be to use "+jwt" (JOSE experts,
> please correct me if there is more nuance to this). If you're using
> the latter pattern, it's not clear what the suffix should be, though I
> know "+json+jwt" has not received unanimous support previously, and
> that might signal that the JOSE community needs to register another
> suffix for "JWS JSON Serialization" form.
>
> > The end goal of this work is to have one "Voucher" data model, that can
> be presented in both JSON and CBOR, and signed in multiple ways (e.g. CMS,
> COSE, JWT i.e. JOSE, ... )
>
> Ah! This is interesting. That is the same model that the W3C
> Verifiable Credentials WG has adopted, which triggered the whole
> multiple suffixes discussion in that group. Are you saying that
> "application/voucher" could be thought of as a meta model (there is a
> set of information that you are encoding there), but the syntax isn't
> determined until you serialize it to JSON or CBOR, and then it's not
> secured until you use COSE, JWT, JOSE, etc?)
>
> This is all useful information as it demonstrates that at least two
> groups came to the same sort of design through completely independent
> operation, and are now being hit by the "which suffix should we use?"
> discussion. If I had to guess, you're probably exploring something
> like the following:
>
> * application/voucher+jwt
>   * Base64 encoded JSON payload of voucher data model
> * application/voucher+jose or application/voucher+jws
>   * JWS JSON Serialization with base64-encoded JSON payload of voucher
> data model
> * application/voucher+cose
>   * COSE CBOR serialization with ??deterministic?? CBOR payload of
> voucher data model
>
> What am I getting wrong wrt. the above?
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> https://www.digitalbazaar.com/
>
> _______________________________________________
> media-types mailing list
> media-types@ietf.org
> https://www.ietf.org/mailman/listinfo/media-types
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email