draft-ietf-cbor-tags-oid-01.txt   draft-ietf-cbor-tags-oid-02.txt 
Network Working Group C. Bormann Network Working Group C. Bormann
Internet-Draft Universität Bremen TZI Internet-Draft Universität Bremen TZI
Intended status: Standards Track S. Leonard Intended status: Standards Track S. Leonard
Expires: 3 April 2021 Penango, Inc. Expires: 1 May 2021 Penango, Inc.
30 September 2020 28 October 2020
Concise Binary Object Representation (CBOR) Tags for Object Identifiers Concise Binary Object Representation (CBOR) Tags for Object Identifiers
draft-ietf-cbor-tags-oid-01 draft-ietf-cbor-tags-oid-02
Abstract Abstract
The Concise Binary Object Representation (CBOR, draft-ietf-cbor- The Concise Binary Object Representation (CBOR, draft-ietf-cbor-
7049bis) is a data format whose design goals include the possibility 7049bis) is a data format whose design goals include the possibility
of extremely small code size, fairly small message size, and of extremely small code size, fairly small message size, and
extensibility without the need for version negotiation. extensibility without the need for version negotiation.
The present document defines CBOR tags for object identifiers (OIDs). The present document defines CBOR tags for object identifiers (OIDs).
It is intended as the reference document for the IANA registration of It is intended as the reference document for the IANA registration of
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 3 April 2021. This Internet-Draft will expire on 1 May 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 21 skipping to change at page 2, line 21
2. Object Identifiers . . . . . . . . . . . . . . . . . . . . . 3 2. Object Identifiers . . . . . . . . . . . . . . . . . . . . . 3
3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Tag Factoring with OID Arrays and Maps . . . . . . . . . . . 6 5. Tag Factoring with OID Arrays and Maps . . . . . . . . . . . 6
6. Applications and Examples of OIDs . . . . . . . . . . . . . . 7 6. Applications and Examples of OIDs . . . . . . . . . . . . . . 7
7. CDDL Control Operators . . . . . . . . . . . . . . . . . . . 9 7. CDDL Control Operators . . . . . . . . . . . . . . . . . . . 9
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . 11
10.2. Informative References . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . 11
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 12 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 12
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 14 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
The Concise Binary Object Representation (CBOR, The Concise Binary Object Representation (CBOR,
[I-D.ietf-cbor-7049bis]) provides for the interchange of structured [I-D.ietf-cbor-7049bis]) provides for the interchange of structured
data without a requirement for a pre-agreed schema. data without a requirement for a pre-agreed schema.
[I-D.ietf-cbor-7049bis] defines a basic set of data types, as well as [I-D.ietf-cbor-7049bis] defines a basic set of data types, as well as
a tagging mechanism that enables extending the set of data types a tagging mechanism that enables extending the set of data types
supported via an IANA registry. supported via an IANA registry.
skipping to change at page 3, line 25 skipping to change at page 3, line 25
"octet". "octet".
2. Object Identifiers 2. Object Identifiers
The International Object Identifier tree [X.660] is a hierarchically The International Object Identifier tree [X.660] is a hierarchically
managed space of identifiers, each of which is uniquely represented managed space of identifiers, each of which is uniquely represented
as a sequence of unsigned integer values [X.680]. (These integer as a sequence of unsigned integer values [X.680]. (These integer
values are called "primary integer values" in X.660 because they can values are called "primary integer values" in X.660 because they can
be accompanied by (not necessarily unambiguous) secondary be accompanied by (not necessarily unambiguous) secondary
identifiers. We ignore the latter and simply use the term "integer identifiers. We ignore the latter and simply use the term "integer
values" here, possibly calling out their unsignedness.) values" here, occasionally calling out their unsignedness.)
While these sequences can easily be represented in CBOR arrays of While these sequences can easily be represented in CBOR arrays of
unsigned integers, a more compact representation can often be unsigned integers, a more compact representation can often be
achieved by adopting the widely used representation of object achieved by adopting the widely used representation of object
identifiers defined in BER; this representation may also be more identifiers defined in BER; this representation may also be more
amenable to processing by other software making use of object amenable to processing by other software that makes use of object
identifiers. identifiers.
BER represents the sequence of unsigned integers by concatenating BER represents the sequence of unsigned integers by concatenating
self-delimiting [RFC6256] representations of each of the integer self-delimiting [RFC6256] representations of each of the integer
values in sequence. values in sequence.
ASN.1 distinguishes absolute object identifiers (ASN.1 Type "OBJECT ASN.1 distinguishes absolute object identifiers (ASN.1 Type "OBJECT
IDENTIFIER"), which begin at a root arc ([X.660] Clause 3.5.21), from IDENTIFIER"), which begin at a root arc ([X.660] Clause 3.5.21), from
relative object identifiers (ASN.1 Type "RELATIVE-OID"), which begin relative object identifiers (ASN.1 Type "RELATIVE-OID"), which begin
relative to some object identifier known from context ([X.680] Clause relative to some object identifier known from context ([X.680] Clause
3.8.63). As a special optimization, BER combines the first two 3.8.63). As a special optimization, BER combines the first two
integers in an absolute object identifier into one numeric identifier integers in an absolute object identifier into one numeric identifier
by making use of the property of the hierarchy that the first arc has by making use of the property of the hierarchy that the first arc has
only three integer values (0, 1, and 2), and the second arcs under 0 only three integer values (0, 1, and 2), and the second arcs under 0
and 1 are limited to the integer values between 0 and 39. (The root and 1 are limited to the integer values between 0 and 39. (The root
arc "joint-iso-itu-t(2)" has no such limitations on its second arc.) arc "joint-iso-itu-t(2)" has no such limitations on its second arc.)
If X and Y are the first two integers, the single integer actually If X and Y are the first two integer values, the single integer value
encoded is computed as: actually encoded is computed as:
X * 40 + Y X * 40 + Y
The inverse transformation (again making use of the known ranges of X The inverse transformation (again making use of the known ranges of X
and Y) is applied when decoding the object identifier. and Y) is applied when decoding the object identifier.
Since the semantics of absolute and relative object identifiers Since the semantics of absolute and relative object identifiers
differ, this specification defines two tags, collectively called the differ, this specification defines two tags, collectively called the
"OID tags" here: "OID tags" here:
skipping to change at page 7, line 15 skipping to change at page 7, line 15
When an OID tag is applied to a map, it means that the respective tag When an OID tag is applied to a map, it means that the respective tag
is imputed to all keys in the map that are byte strings, arrays, or is imputed to all keys in the map that are byte strings, arrays, or
maps; again, there is no effect on keys of other major types. Note maps; again, there is no effect on keys of other major types. Note
that there is also no effect on the values in the map. that there is also no effect on the values in the map.
As a result of these rules, tag factoring in nested arrays and maps As a result of these rules, tag factoring in nested arrays and maps
is supported. For example, a 3-dimensional array of OIDs can be is supported. For example, a 3-dimensional array of OIDs can be
composed by using a single TBD111 tag containing an array of arrays composed by using a single TBD111 tag containing an array of arrays
of arrays of byte strings. All such byte strings are then considered of arrays of byte strings. All such byte strings are then considered
OIDs. OIDs.
// Now what may be needed is a tag that can stop the recursive
// application. I'm not sure that level complexity is really useful,
// instead, simply don't tag-factor arrays with elements or maps with
// keys where you are not sure you really want recursive application.
6. Applications and Examples of OIDs 6. Applications and Examples of OIDs
6.1. X.500 Distinguished Name 6.1. X.500 Distinguished Name
Consider the X.500 distinguished name: Consider the X.500 distinguished name:
+==============================+=============+ +==============================+=============+
| Attribute Types | Attribute | | Attribute Types | Attribute |
| | Values | | | Values |
skipping to change at page 9, line 40 skipping to change at page 9, line 40
country-value = text .size 2 country-value = text .size 2
Figure 7: Using .sdnvseq Figure 7: Using .sdnvseq
country-rdn = {country-oid => country-value} country-rdn = {country-oid => country-value}
country-oid = bytes .oid [2, 5, 4, 6] country-oid = bytes .oid [2, 5, 4, 6]
country-value = text .size 2 country-value = text .size 2
Figure 8: Using .oid Figure 8: Using .oid
(Note that the control type need not be a literal; e.g., "bytes .oid Note that the control type need not be a literal; e.g., "bytes .oid
[2, 5, 4, *uint]" matches all OIDs inside OID arc 2.5.4, [2, 5, 4, *uint]" matches all OIDs inside OID arc 2.5.4,
"attributeType".) "attributeType".
8. IANA Considerations 8. IANA Considerations
8.1. CBOR Tags 8.1. CBOR Tags
IANA is requested to assign the CBOR tags in Table 2, with the IANA is requested to assign the CBOR tags in Table 2, with the
present document as the specification reference. present document as the specification reference.
+========+================+============================+ +========+================+============================+
| Tag | Data Item | Semantics | | Tag | Data Item | Semantics |
skipping to change at page 11, line 9 skipping to change at page 11, line 9
OIDs and relative OIDs can always be treated as opaque byte strings. OIDs and relative OIDs can always be treated as opaque byte strings.
Actually understanding the structure that was used for generating Actually understanding the structure that was used for generating
them is not necessary, and, except for checking the structure them is not necessary, and, except for checking the structure
requirements, it is strongly NOT RECOMMENDED to perform any requirements, it is strongly NOT RECOMMENDED to perform any
processing of this kind (e.g., converting into dotted notation and processing of this kind (e.g., converting into dotted notation and
back) unless absolutely necessary. If the OIDs are translated into back) unless absolutely necessary. If the OIDs are translated into
other representations, the usual security considerations for non- other representations, the usual security considerations for non-
trivial representation conversions apply; the integer values are trivial representation conversions apply; the integer values are
unlimited in range. unlimited in range.
9.1. Conversions Between BER and Dotted Decimal Notation
[PKILCAKE] uncovers exploit vectors for the illegal values above, as
well as for cases in which conversion to or from the dotted decimal
notation goes awry. Neither [X.660] nor [X.680] place an upper bound
on the range of unsigned integer values for an arc; the integers are
arbitrarily valued. An implementation SHOULD NOT attempt to convert
each component using a fixed-size accumulator, as an attacker will
certainly be able to cause the accumulator to overflow. Compact and
efficient techniques for such conversions, such as the double dabble
algorithm [DOUBLEDABBLE] are well-known in the art; their application
to this field is left as an exercise to the reader.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-cbor-7049bis] [I-D.ietf-cbor-7049bis]
Bormann, C. and P. Hoffman, "Concise Binary Object Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", Work in Progress, Internet-Draft, Representation (CBOR)", Work in Progress, Internet-Draft,
draft-ietf-cbor-7049bis-15, 24 September 2020, draft-ietf-cbor-7049bis-16, 30 September 2020,
<http://www.ietf.org/internet-drafts/draft-ietf-cbor- <http://www.ietf.org/internet-drafts/draft-ietf-cbor-
7049bis-15.txt>. 7049bis-16.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6256] Eddy, W. and E. Davies, "Using Self-Delimiting Numeric [RFC6256] Eddy, W. and E. Davies, "Using Self-Delimiting Numeric
Values in Protocols", RFC 6256, DOI 10.17487/RFC6256, May Values in Protocols", RFC 6256, DOI 10.17487/RFC6256, May
2011, <https://www.rfc-editor.org/info/rfc6256>. 2011, <https://www.rfc-editor.org/info/rfc6256>.
skipping to change at page 12, line 18 skipping to change at page 12, line 5
X.680, August 2015. X.680, August 2015.
[X.690] International Telecommunications Union, "Information [X.690] International Telecommunications Union, "Information
technology — ASN.1 encoding rules: Specification of Basic technology — ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, August 2015. X.690, August 2015.
10.2. Informative References 10.2. Informative References
[DOUBLEDABBLE]
Gao, S., Al-Khalili, D., and N. Chabini, "An improved BCD
adder using 6-LUT FPGAs", 10th IEEE International
NEWCAS Conference, DOI 10.1109/newcas.2012.6328944, June
2012, <https://doi.org/10.1109/newcas.2012.6328944>.
[OID-INFO] Orange SA, "OID Repository", 2016, [OID-INFO] Orange SA, "OID Repository", 2016,
<http://www.oid-info.com/>. <http://www.oid-info.com/>.
[PCRE] Ho, A., "PCRE - Perl Compatible Regular Expressions", [PCRE] Ho, A., "PCRE - Perl Compatible Regular Expressions",
2018, <http://www.pcre.org/>. 2018, <http://www.pcre.org/>.
[PKILCAKE] Kaminsky, D., Patterson, M., and L. Sassaman, "PKI Layer
Cake: New Collision Attacks against the Global X.509
Infrastructure", Financial Cryptography and Data
Security pp. 289-303, DOI 10.1007/978-3-642-14577-3_22,
2010, <https://doi.org/10.1007/978-3-642-14577-3_22>.
[RFC7388] Schoenwaelder, J., Sehgal, A., Tsou, T., and C. Zhou, [RFC7388] Schoenwaelder, J., Sehgal, A., Tsou, T., and C. Zhou,
"Definition of Managed Objects for IPv6 over Low-Power "Definition of Managed Objects for IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs)", RFC 7388, Wireless Personal Area Networks (6LoWPANs)", RFC 7388,
DOI 10.17487/RFC7388, October 2014, DOI 10.17487/RFC7388, October 2014,
<https://www.rfc-editor.org/info/rfc7388>. <https://www.rfc-editor.org/info/rfc7388>.
[X.672] International Telecommunications Union, "Information [X.672] International Telecommunications Union, "Information
technology — Open systems interconnection — Object technology — Open systems interconnection — Object
identifier resolution system", ITU-T Recommendation X.672, identifier resolution system", ITU-T Recommendation X.672,
August 2010. August 2010.
Appendix A. Change Log Appendix A. Change Log
This section is to be removed before publishing as an RFC. This section is to be removed before publishing as an RFC.
A.1. Changes from -07 (bormann) to -00 (ietf) A.1. Changes from -01 to -02
Minor editorial changes, remove some remnants, ready for WGLC.
A.2. Changes from -00 to -01
Clean up OID tag factoring.
A.3. Changes from -07 (bormann) to -00 (ietf)
Resubmitted as WG draft after adoption. Resubmitted as WG draft after adoption.
A.2. Changes from -06 to -07 A.4. Changes from -06 to -07
Reduce the draft back to its basic mandate: Describe CBOR tags for Reduce the draft back to its basic mandate: Describe CBOR tags for
what is colloquially know as ASN.1 Object IDs. what is colloquially know as ASN.1 Object IDs.
A.3. Changes from -05 to -06 A.5. Changes from -05 to -06
Refreshed the draft to the current date ("keep-alive"). Refreshed the draft to the current date ("keep-alive").
A.4. Changes from -04 to -05 A.6. Changes from -04 to -05
Discussed UUID usage in CBOR, and incorporated fixes proposed by Discussed UUID usage in CBOR, and incorporated fixes proposed by
Olivier Dubuisson, including fixes regarding OID nomenclature. Olivier Dubuisson, including fixes regarding OID nomenclature.
A.5. Changes from -03 to -04 A.7. Changes from -03 to -04
Changes occurred based on limited feedback, mainly centered around Changes occurred based on limited feedback, mainly centered around
the abstract and introduction, rather than substantive technical the abstract and introduction, rather than substantive technical
changes. These changes include: changes. These changes include:
* Changed the title so that it is about tags and techniques. * Changed the title so that it is about tags and techniques.
* Rewrote the abstract to describe the content more accurately, and * Rewrote the abstract to describe the content more accurately, and
to point out that no changes to the wire protocol are being to point out that no changes to the wire protocol are being
proposed. proposed.
skipping to change at page 13, line 46 skipping to change at page 13, line 28
of ASN.1. of ASN.1.
* Rewrote the introduction to be more about the present text. * Rewrote the introduction to be more about the present text.
* Proposed a concise OID arc. * Proposed a concise OID arc.
* Provided binary regular expression forms for OID validation. * Provided binary regular expression forms for OID validation.
* Updated IANA registration tables. * Updated IANA registration tables.
A.6. Changes from -02 to -03 A.8. Changes from -02 to -03
Many significant changes occurred in this version. These changes Many significant changes occurred in this version. These changes
include: include:
* Expanded the draft scope to be a comprehensive CBOR update. * Expanded the draft scope to be a comprehensive CBOR update.
* Added OID-related sections: OID Enumerations, OID Maps and Arrays, * Added OID-related sections: OID Enumerations, OID Maps and Arrays,
and Applications and Examples of OIDs. and Applications and Examples of OIDs.
* Added Tag 36 update (binary MIME, better definitions). * Added Tag 36 update (binary MIME, better definitions).
 End of changes. 22 change blocks. 
50 lines changed or deleted 29 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/