Re: CBOR and a tag for "critical"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Paul,

I am quite sure that I fully understand the semantics of "critical" (probably erroneously), so I'm not the right person to clarify the various meanings of the word. I would appreciate a proposal.

Just for the record, my "critical" means: the reader must be able to process the data item according to its specification, not just syntactically but also semantically, and must fail otherwise. There may still be contained non-critical data items that are NOT understood by the reader.

Sec. 2.4 consistently mentions "tag" in the singular. For example, the first sentence could be "a data item can optionally be preceded by one or more tags" - but it isn't.

Thanks,
	Yaron


On 2013-08-15 22:57, Paul Hoffman wrote:
On Aug 15, 2013, at 12:26 PM, Yaron Sheffer <yaronf.ietf@xxxxxxxxx> wrote:

- One tag value you may want to consider adding is "critical" in the
security sense of the word, i.e., an application is required to fail if
it does not understand the value (probably best applied to map keys).

That's also an interesting idea.  If included, it would be best to add
this as soon as possible, and ensure that it gets added to the test
vectors, to avoid problems we've had in the past with inadequate
implementations of criticality.

I agree this needs to go into the base spec ASAP, so that it really is treated correctly. And it certainly cannot be a later extension, as Paul suggested in another message.

You and I have been in IETF security WGs together for over a decade, and we have seen how often implementers have gotten "critical" wrong regardless of the wording in the various specs. They disagree about what it means to "understand" an extension, to "be able to process" an extension, and so on. They are completely sure that people who disagree with them are obviously wrong, even in the face of multiple examples by seasoned programmers.

Someone joked at the mic in some WG years ago that the critical bit was called that because we should be criticized for how poorly it is understood.

Instead of thinking "this time I'm sure we'll get everyone to understand this", it might be better to have an extended discussion which possibly ends in multiple tags with varying descriptions.

Also note that "critical" can be applied to all sorts of data, including data items that are already tagged! I think this is not allowed for according to the spec.

That is incorrect. Please point to the area where you think it says that so we can make it clearer.

--Paul Hoffman





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]