[netconf] base64encodedvalue== is an invalid base64 value

Kent Watsen <kent+ietf@watsen.net> Fri, 29 January 2021 18:19 UTC

Return-Path: <010001774f5f7df0-89830501-6d1a-465b-a172-dd95e98e8a3e-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D3B813A11F8 for <netconf@ietfa.amsl.com>; Fri, 29 Jan 2021 10:19:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yPCodTOAgwFy for <netconf@ietfa.amsl.com>; Fri, 29 Jan 2021 10:19:56 -0800 (PST)
Received: from a48-93.smtp-out.amazonses.com (a48-93.smtp-out.amazonses.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79C4C3A11F0 for <netconf@ietf.org>; Fri, 29 Jan 2021 10:19:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1611944394; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:To:Feedback-ID; bh=Ja7xbD023Wjbsje6FfgWY9RXK9+BrboB37ZRnCJ5RpA=; b=GNtrxtWDqWM4rveKjTBlLKWrIbMTk6geh1caMbxdbTqSo6j+kZeZNSiM41Z17qHI aCM4M7u9Os0nZfJfigs+VKHmb0CHL1Dj9xcX3d3jnUZQZDpxhrgtz1Qo0gDMneQe5IQ RHKfYEokQTI0ZHZxBbkOUEQKG14Mmh1zNSVPa22I=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AEF8B755-B1CA-481C-B512-D0C42A4DB39D"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Message-ID: <010001774f5f7df0-89830501-6d1a-465b-a172-dd95e98e8a3e-000000@email.amazonses.com>
Date: Fri, 29 Jan 2021 18:19:54 +0000
To: "netconf@ietf.org" <netconf@ietf.org>
X-Mailer: Apple Mail (2.3608.
X-SES-Outgoing: 2021.01.29-
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/EXGJxcmNOvQ7ZY3O7E1a6_UXyjQ>
Subject: [netconf] base64encodedvalue== is an invalid base64 value
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2021 18:19:58 -0000

I’m unsure if this issue warrants a fix, but be aware that using "base64encodedvalue==“ in code doesn't roundtrip correctly:

$ echo "base64encodedvalue==" | base64 -d | base64

Specifically, there is no binary input that results in “ue==“.

$ echo "ue==" | base64 -d | base64

The reason is a more detailed than this message warrants, but effectively, the second sextet is quantized and, worse, none of three different implementations I tested against raise a warning, much less an error...which is reasonable, IMO.


1) stick with "base64encodedvalue==“ for the examples.
2) use a different value that is a valid base64 string.


With regards to option #1:
  - still seems okay, as the value never occurs in practice

With regards to option #2:

  - if it is desired to end with “==“:
      - the last character must be one of [A, Q, g, w]
      - options: b64tag==, BASE64DATA==

  - if it is desired to end with “=“:
      - the last character must be one of [A, E, I, M, Q, U, Y, c, g, k, o, s, w, 0, 4, 8]
      - options: BASE64VALUE=

  - if it is desisired to end with no padding:
      - any alphanumeric string with length%4==0 works
      - options: base64encodedval, anybase64val, b64value, base64string