Re: [Rats] [Cbor] πŸ”” WGLC on draft-ietf-cbor-tags-oid-02

Carsten Bormann <> Sat, 31 October 2020 20:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4E5C23A0EA7; Sat, 31 Oct 2020 13:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3BWZcE36uVWf; Sat, 31 Oct 2020 13:36:55 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E430D3A0EA8; Sat, 31 Oct 2020 13:36:53 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4CNrZC4zmFzyX3; Sat, 31 Oct 2020 21:36:51 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Carsten Bormann <>
In-Reply-To: <>
Date: Sat, 31 Oct 2020 21:36:51 +0100
Cc: "" <>, "" <>, "" <>, Francesca Palombini <>
X-Mao-Original-Outgoing-Id: 625869411.257035-2f37acb6e1109856a215b83fad5b1ed6
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Laurence Lundblade <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Rats] [Cbor] πŸ”” WGLC on draft-ietf-cbor-tags-oid-02
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 31 Oct 2020 20:36:58 -0000

> CWT seems a little ambiguous as to whether thusly encoded OIDs are allowed as a label/key. Section 3 says:
>    To keep CWTs as small as possible, the Claim Keys are represented
>    using integers or text strings.
> This seems more of a statement of design intent rather than a prohibition against other types of Claim Keys, but one could interpret it as a prohibition.

It is neither: It is a statement of fact.
The dual of this statement is:
If the label (map key) is not an integer or a text string, this label is not a Claim Key.
(And, since Claims use Claim Keys, the key/value pair is not a Claim, and ... the whole thing is not a CWT.)

[We had an interesting discussion over at JSONpath about normative statements.
The upshot was that this is a normal way to phrase a normative statement, even without RFC 2119 language.  RFC 2119 language would not be wrong here, but it is not needed.  Just like an ABNF rule β€œid = 1*ALPHA” would not need an RFC 2119 statement with it that dollar signs MUST NOT occur in ids, unless that is for some reason a misunderstanding that suggests itself.]

Grüße, Carsten