You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-mcnally-deterministic-cbor.md
+10-13Lines changed: 10 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -180,23 +180,20 @@ dCBOR decoders:
180
180
2. MUST reject any encoded major type 7 values other than `false`, `true`, `null`, and the floating point values.
181
181
{:start="2"}
182
182
183
-
# CDDL support
183
+
# CDDL support, Declarative Tag
184
184
185
185
Similar to the CDDL {{-CDDL}} support in CDE {{CDE}}, this specification adds two CDDL control operators that can be used to specify that the data items should be encoded in CBOR Common Deterministic Encoding (CDE), with the dCBOR application profile applied as well.
186
186
187
187
The control operators `.dcbor` and `.dcborseq` are exactly like `.cde` and `.cdeseq` except that they also require the encoded data item(s) to conform to the dCBOR application profile.
188
188
189
-
For example, the normative comment in Section 3 of {{GordianEnvelope}}:
190
-
191
-
~~~ cddl
192
-
leaf = #6.24(bytes) ; MUST be dCBOR
193
-
~~~
194
-
195
-
...can now be formalized as:
196
-
197
-
~~~ cddl
198
-
leaf = #6.24(bytes .dcbor any)
199
-
~~~
189
+
Tag 201 ({{tag201}}) is defined in this specification as a way to declare its tag
190
+
content to conform to the dCBOR application profile at the data model level.
191
+
As a result, when this data item is encoded using CDE rules, the encoded
192
+
result will conform to dCBOR also at the encoded data item level.
193
+
(In conjunction with this semantics, tag 201 may also be employed as a
194
+
boundary marker leading from an overall structure to specific
195
+
application data items; see {{Section 3 of GordianEnvelope}} for an
196
+
example for this usage.)
200
197
201
198
# Implementation Status
202
199
{:removeinrfc}
@@ -250,7 +247,7 @@ This document inherits the security considerations of CBOR {{-CBOR}}.
250
247
251
248
Vulnerabilities regarding dCBOR will revolve around whether an attacker can find value in producing semantically equivalent documents that are nonetheless serialized into non-identical byte streams. Such documents could be used to contain malicious payloads or exfiltrate sensitive data. The ability to create such documents could indicate the failure of a dCBOR decoder to correctly validate according to this document, or the failure of the developer to properly specify or implement application protocol requirements using dCBOR. Whether these possibilities present an identifiable attack surface is a question that developers should consider.
252
249
253
-
# IANA Considerations
250
+
# IANA Considerations {#tag201}
254
251
255
252
RFC Editor: please replace RFCXXXX with the RFC number of this RFC and remove this note.
0 commit comments