[secdir] Re: [Cbor] Secdir last call review of draft-ietf-cbor-update-8610-grammar-05

Carsten Bormann <cabo@tzi.org> Mon, 27 May 2024 08:15 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02A8FC16940D; Mon, 27 May 2024 01:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPpPNZ4iP84u; Mon, 27 May 2024 01:15:41 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [134.102.50.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0A0C14F747; Mon, 27 May 2024 01:15:33 -0700 (PDT)
Received: from [192.168.217.145] (p5dc5d931.dip0.t-ipconnect.de [93.197.217.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4VnpNy5xD3zDCcs; Mon, 27 May 2024 10:15:30 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <171675947518.43268.3899139067632039091@ietfa.amsl.com>
Date: Mon, 27 May 2024 10:15:30 +0200
X-Mao-Original-Outgoing-Id: 738490530.338631-fddf9aa64e2eea60a0e3fab55e359481
Content-Transfer-Encoding: quoted-printable
Message-Id: <BCA22D62-A2E4-4A68-A7C9-A87E478D59F5@tzi.org>
References: <171675947518.43268.3899139067632039091@ietfa.amsl.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Message-ID-Hash: 2T6Z2FGNIKVY7ODEWBUD6HL5JBWTOCRF
X-Message-ID-Hash: 2T6Z2FGNIKVY7ODEWBUD6HL5JBWTOCRF
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, CBOR <cbor@ietf.org>, draft-ietf-cbor-update-8610-grammar.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: [Cbor] Secdir last call review of draft-ietf-cbor-update-8610-grammar-05
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/lXsviS3xK2XU1kn5Y4TZLre4tB8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Hi Yaron,

thank you for this review.

> On 2024-05-26, at 23:37, Yaron Sheffer via Datatracker <noreply@ietf.org> wrote:
> 
> Reviewer: Yaron Sheffer
> Review result: Ready
> 
> This document describes the results of applying several errata to the CDDL
> specification.
> 
> I concur with the Security Considerations section that the current document
> likely has zero security implications beyond what's in RFC 8610.

Thank you.

> I am clearly in the rough, but I'll say it anyway: from an implementer's
> perspective, a document that repeats all of RFC 8610 with the errata
> implemented (and clearly marked) would have been far superior to this one.

Superior: Probably.
(For those who already have implemented RFC 8610, having a short “update” document is actually more helpful; we are certainly unable to ship a -bis that leads to a clean diff…)

> Instead, we now require an implementer to read and keep in sync RFC 8610, RFC
> 9165 as well as the current document.

I’m not sure RFC 9165 is of the same class:
This exercises a well-defined extension point (control operators) of RFC 8610.
There is already a new set of such extensions underway [1], and applications often define their own control operators [2].
These little extensions are quite independent from each other, so there is little difference between having them all in one document or having them spread out over many.
The registry [3] serves as the focal point where they all flow together.
So I would expect an implementer to be fully prepared to look at multiple documents here.

[1]: https://www.ietf.org/archive/id/draft-ietf-cbor-cddl-more-control-04.html
[2]: https://www.rfc-editor.org/rfc/rfc9090.html#name-cddl-control-operators-2
[3]: https://www.iana.org/assignments/cddl/cddl.xhtml#cddl-control-operators

> Quoting from RFC 8610 itself: "Writers of CDDL specifications are strongly
> encouraged to value clarity and transparency of the specification over its
> elegance. Keep it as simple as possible while still expressing the needed data
> model."
> 
> This reviewer is of the opinion that having to juggle three documents is
> neither clear nor transparent.

Focusing on the two documents RFC 8610 and draft-ietf-cbor-update-8610-grammar, I’d say:

* Doing a grand -bis is certainly in the cards.
  For RFC 7049/8949, we did this after about seven years.
  Seven years after June 2019 would be June 2026, so we could start preparing for this now.

* At least the ABNF comes in an integrated, -bis-like form with draft-ietf-cbor-update-8610-grammar.

* We do have a few small extensions/related documents on the plate for RFC 8610 [1] [4] [5] [6] [7], so it would be preferable to have those completed first before undertaking a -bis, so a -bis might happen after those have accumulated some good amount of implementation experience, too.

[4]: https://datatracker.ietf.org/doc/draft-ietf-cbor-cde/
[5]: https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl-modules/
[6]: https://datatracker.ietf.org/doc/draft-ietf-cbor-edn-literals/
[7]: https://datatracker.ietf.org/doc/draft-ietf-cbor-packed/

* It is generally much more expensive in WG and IESG time to review a full -bis than to review small incremental documents, and we may be optimizing our products for this aspect instead of for implementer convenience.

So I think we did the right thing here.
But update vs. -bis is definitely a question we should always ponder. I’d say quite subjectively that the choice is taken way too often on the update-on-update-on-update side for many existing documents (and I’d venture to say, particularly so for security documents!).

Grüße, Carsten