Markdown Version | Session Recording

Session Date/Time: 13 Dec 2023 15:00

CBOR

Summary

The CBOR working group meeting addressed the status of drafts in shepherding, discussed the Common Deterministic Encoding (CDE) with a focus on floating-point NaN payloads, and extensively covered the path forward for CDDL 2.0, including "more control" operators and modules. A key decision was made to set a feature freeze for the "more control" and "modules" CDDL 2.0 drafts. The meeting also included an update on external developments concerning CBOR-LD.

Key Discussion Points

Shepherding of CDDL Grammar and Diagnostic Notations Drafts

• The drafts covering updates to CDDL grammar and diagnostic notations have passed working group last call and are now undergoing shepherd review.
• Completion of shepherd review is expected soon, though publication may face delays in the RFC Editor queue.

Common Deterministic Encoding (CDE)

• The working group is committed to quickly advancing the CDE document.
• NaN Payloads: A primary technical challenge identified is the interoperability of Not-a-Number (NaN) payloads in IEEE 754, due to ambiguities and historical implementation divergences.
  • The CDE document aims to provide guidance for generic CBOR encoder/decoder implementers, especially concerning quiet vs. signaling NaNs and the use of the most compact form (e.g., float16) where applicable.
  • The discussion highlighted that NaN payloads are a "niche topic" for many implementers, but increasing attention to floating-point processing in machine learning models suggests growing relevance.
  • A concern was raised about potential "traps" for implementations not interested in floats but receiving malicious NaN payloads, emphasizing the need for robust handling.
  • It was agreed that some discussion on NaN specifics, though not a core CDE issue, is appropriate within the CDE document to aid implementers.

CDDL 2.0 - More Control

• The "more control" document aims to enhance CDDL's ability to support both JSON and CBOR target representations within a single specification, including features like base64 support.
• A request for fixed-digit hexadecimal text numbers with 0x prefix led to the proposal of adding printf-like functionality to CDDL, which will require detailed specification.
• There is a need for broader community input on desired control operators, given almost a hundred ITF documents now use CDDL.
• The working group decided to reach out to other working groups and external communities that use CDDL to solicit feedback.

CDDL 2.0 - Modules

• The modules document facilitates rule importation (e.g., from RFC 1952) and is already in use in some specifications (e.g., UCCS).
• There is a desire to complete this document quickly to reduce the need for "hidden references" in other specifications.
• A poll of the room indicated low direct usage of the modules feature among attendees, suggesting that primary users might be in other working groups or external SDOs (e.g., TCG, Global Platform).
• Ira provided context on extensive use of CBOR and CDDL by Global Platform, TCG, and related groups for client APIs, attestation protocols, and universal key stores, which heavily rely on module/import functionality. These groups have explicitly opted against using floats in their core libraries due to implementation complexity.

CBOR-LD (CBOR for JSON-LD)

• The JSON-LD community is exploring CBOR for efficiency in applications, noting the existence of an initial cldd (CBOR-LD) specification, which is currently a description of an implementation rather than a fully fleshed-out normative document.
• Discussion covered the broader context of representing RDF in CBOR, potentially leveraging JSON 1.1's "framing" mechanism to shape RDF information into a more consumable JSON/CBOR structure.
• Concerns were raised about the potential for lossy transformations and the risk of designing by examples that don't translate well to real-world machine-generated applications. The need for cldd to be machine-generatable in a reasonable way was emphasized.

Decisions and Action Items

1. CDDL 2.0 Feature Freeze: A feature freeze for the "more control" and "modules" CDDL 2.0 documents is set for end of February 2024. After this date, only editorial changes and bug fixes will be accepted, with no new features. This aims for a working group last call by the next IETF meeting.
2. Solicit CDDL Input: The working group chairs will draft and send an email to relevant working groups and potentially other external communities to solicit feedback on the "more control" and "modules" CDDL 2.0 drafts.
   • Action Item: Carsten Bormann to draft the outreach email and coordinate with the WG chairs.
3. Interim Meeting: The working group will consider designating an interim meeting (e.g., mid-February) to discuss CDDL 2.0 topics and attract broader participation, particularly from identified user communities like Global Platform/TCG.
   • Action Item: Chairs to coordinate scheduling and announcement of an interim.

Next Steps

• Complete shepherd review for the CDDL grammar and diagnostic notations drafts.
• Incorporate guidance on NaN payloads into the CDE document, ensuring clarity for implementers and addressing potential security concerns.
• Gather feedback from other working groups and external SDOs on the "more control" and "modules" CDDL 2.0 drafts by the end of February 2024 feature freeze.
• Monitor developments around CBOR-LD and its implications for CBOR and RDF representation.
• Continue to gather input from implementers and spec writers on general CBOR developments.