Re: [Last-Call] Secdir last call review of draft-ietf-cbor-7049bis-14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Aug 10, 2020, at 2:00 AM, Yaron Sheffer via Datatracker <noreply@xxxxxxxx> wrote:

Upon a quick read, it is not even clear to me which parts of Sec. 5
are required/expected in a validating-mode decoder.

A generic decoder can do as little or as much validity checking as it wants to. What is required is that it documents what validity checking it does not do and that it does not prevent the user of the generic decoder from doing the validity checks.

The reason for this is that some validity checking is expensive for a CBOR decoder and is inexpensive for the consumer of the data. Checking the validity of UTF-8 or MIME-encoded messages are examples of this.

LL
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux