IETF Logo Mail Archive

Re: [netmod] CBOR YANG encoding of union & bits [draft-ietf-core-yang-cbor-12]

Andy Bierman <andy@yumaworks.com> Wed, 06 May 2020 16:14 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 563A43A0B99 for <netmod@ietfa.amsl.com>; Wed, 6 May 2020 09:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYqXyvG0lRaG for <netmod@ietfa.amsl.com>; Wed, 6 May 2020 09:14:57 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE703A0BA0 for <netmod@ietf.org>; Wed, 6 May 2020 09:14:56 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id d128so1280666ybb.2 for <netmod@ietf.org>; Wed, 06 May 2020 09:14:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VKytoqgY9T8ga3XpvnPQTZ2tC7y8XiUr6yecXXE8cnw=; b=rrh0vAYqvZxTaBC0JGLcy1OVBY1f+Q5R3YTXRHcorCSoXLM5bxdadmCrbBaMknu+Db 3BO3Z0kM7SW4j6PllhzHHDBbZXLY12BXeZeYxLYARJVnTFPUHuB1XxduW+gTF4E5Jzmj cyyEkOY0ISSp9BUiuiAHiXptBu8yRlERmntWFdS21ZqC7JrNsm4iU4fxjG5MqAg7dMcj xRug/fD9akRmw/FWLb6wXnmDifwCUaE6XHoRtALoRg1ki0vM5Wp5tni0k1BM4X0aUTqH cGuPLRLfLt52GEb3JPUXHRHc2zMkAL07iz0Rz2sLKQqY9pRUp1xX2e7j+00YpDlMmlES 25JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VKytoqgY9T8ga3XpvnPQTZ2tC7y8XiUr6yecXXE8cnw=; b=gjUeK21E9XYjHVw0e6lNS8ausGbAlNcUtLm3dbuzltY3lJPXNmQGnjvuM3ooDsF6rw elZ62+jzxn6NMi3SzcYigFaXjBLqElYGRvcH2Pp3l/77hbZKcWFWkDdfUPIPZ0D10cO4 b9kznXAfxwFIC6qarLr3wKk2ZYxEmzqt0VtK5DXFqosCdhtqmSTnWXzqSGdts3cp1Iu4 mJaqx+qyDUmlpZ3Uc1kNFujHXUEyrB/aWOR8SXW2CBcY8Myk1f6avzVHOnX5xUYq6TLT JukRPaXwAS2pD44PppxN7xi4U18+O644iFmmuXd3X4oRx3+iaPod31W6DTVWyjJSaXPq zC0A==
X-Gm-Message-State: AGi0PublWQIGhqv8CKT8nQzkl/CM32ZAH6YAFEEjCpIrSu6NZWtWkoBD WLhEwCHhNDQvOSMhf+pnjfJJYWsBr0ul34s1F3y8PmOj6NA=
X-Google-Smtp-Source: APiQypIf68IQgXvKdMZc6vEKy6X+/106PRuQJ9pSvtaFMNYmSQYpMTRKqpZGV1fYLZa0RJEdr1To6C4BgBFK1j4Oyms=
X-Received: by 2002:a25:d015:: with SMTP id h21mr13561746ybg.145.1588781695370; Wed, 06 May 2020 09:14:55 -0700 (PDT)
MIME-Version: 1.0
References: <BY5PR11MB4355C26250C9CF46713C9956B5A40@BY5PR11MB4355.namprd11.prod.outlook.com> <D66596CE-7F5C-4562-89A4-48FCE96D0E18@tzi.org>
In-Reply-To: <D66596CE-7F5C-4562-89A4-48FCE96D0E18@tzi.org>
From: Andy Bierman <andy@yumaworks.com>
Date: Wed, 06 May 2020 09:14:44 -0700
Message-ID: <CABCOCHR+H43FML544pYgKBRe83rhx2grTyndCf-1MLNF-sMcDQ@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>, "draft-ietf-core-yang-cbor@ietf.org" <draft-ietf-core-yang-cbor@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, "core@ietf.org" <core@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000094260e05a4fd1028"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/emZw4VvIyLJYszlqkxzzSUzvYZk>
Subject: Re: [netmod] CBOR YANG encoding of union & bits [draft-ietf-core-yang-cbor-12]
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 16:14:59 -0000

On Wed, May 6, 2020 at 8:52 AM Carsten Bormann <cabo@tzi.org> wrote:

> Hi Rob,
>
> > 1) Regarding the encoding of the bits datatype:
> > [draft-ietf-core-yang-cbor-12, section 6.7]
> >
> > The CBOR YANG encoding of the bits datatype is defined as a byte string
> encoding of a bitfield.  However, my concern here is that YANG bit
> positions are allowed to be up 2^32-1.
> >
> > E.g. the following, pathologically bad, bits definition would seem to
> have a very inefficient encoding in CBOR:
> >
> >   typedef alarm-state {
> >     type bits {
> >       bit unknown {
> >         position 4000000000;
>
> My knee jerk reaction would be “don’t do that then” [1].
>
> [1]: http://catb.org/jargon/html/D/Don-t-do-that-then-.html
>
>
I remember this issue was discussed by the WG.
The only real reason to assign explicit bit positions is to match some
protocol specification,
which would never waste space in a bitset.

Rob has a valid concern -- what if a large bit position is encountered?


> >       }
> >       bit under-repair;
> >       bit critical;
> >       bit major;
> >       bit minor;
> >       bit warning;
> >       bit indeterminate;
> >     }
> >   }
> >
> >
> > How much should we be concerned about this pathological case?  Would it
> be reasonable for implementations to reject bitfields larger than a small
> set size (e.g. perhaps 256 bits)?
> >
> > Or, if it is supported by the language then is it reasonable that
> implementation SHOULD support it?  In which case I think that we might need
> a second encoding of bits that supports this pathological case.  Perhaps an
> array of 'set' bit positions, or alternatively the union string encoding of
> bits could be used.
>
> This could reduce the attack vector by malicious YANG specification, but I
> think an arbitrary limit (such as the 256 mentioned above) should work, too.
> (Except that arbitrary limits always come back to bite you, but that’s
> what we have software maintenance contracts for.)
>
>

This is the approach we started with for the union type but ended up
changing it later.
It is better to fully support YANG semantics with a less efficient
encoding, rather than
tag some YANG modules as "unsupportable".

> 2) Regarding the encoding of unions:
> >
> > I was questioning whether the special encoding of bits type within a
> union was required in CBOR [draft-ietf-core-yang-cbor-12, section 6.7].  Am
> I right to presume that this is to ensure that the CBOR encoding of unions
> is always at least as specific as XML?  If so, this seems like a reasonable
> design choice.
>
> The semantics of Union types in YANG is closely married to the XML
> representation of YANG; if two branches of a union have a (non-empty)
> intersection in their XML encoding, this ambiguity is pretty much
> considered a feature.
> So YANG-CBOR falls back to something that looks more like XML encoding
> (i.e., is less efficient) in unions.
> The one nice thing is that a YANG spec writer can avoid the pathology by
> not using unions in this way; unfortunately, the fallback cannot rely on
> recognizing that the intersection is non-empty.
>
> It occurs to me that this fallback could also be used for the above
> anomalies; we would need to agree on a threshold when that becomes active.
>
>

Would it be possible to have 2 encoding formats for bits?
   1) binary encoding using bit positions (only bit positions 0 -- 255
allowed)
   2) YANG XML encoding using bit names (any bit positions over position
255)

The client and server already have to deal with the YANG XML encoding for
union types
so this would not be that different.



> > But that leads on to these general YANG questions:
> >
> > Should the value encoding of a YANG union type behave the same way
> regardless of whether the encoding is XML/JSON/CBOR?
>
> Of course it “should”, while retaining reasonableness for each of the
> encodings, but that ship seems to have sailed (at least for 1.0/1.1).
>
> > Or is it reasonable for there to be differences in the case of
> conflicting values?  Perhaps this is already answered by RFC 7951 that can
> behave differently from the XML encoding of unions.
> >
> > Longer term, should YANG be looking for a discriminated-union type?  Or
> perhaps it would be sufficient for tooling to flag up potentially ambiguous
> union definitions, particularly those that may be encoding dependent.
>
> These are all good questions.
> I don’t have an answer, except that the marriage of YANG to XML semantics
> probably should get a divorce at some point.
>
>

This is already the case but the RFCs have not caught up yet.
If YANG is ever updated the XML-specific text will probably get moved to a
separate document.


> Grüße, Carsten
>
>

Andy


> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>

v2.23.0 | Report a Bug | By Email