Markdown Version | Session Recording

Session Date/Time: 18 Feb 2026 15:00

CBOR

Summary

The CBOR working group held an interim call to discuss the status of the -03 draft, particularly focusing on the "Recommendations for CBOR Usage" section, the naming of "ordinary serialization," and the structure and content of the document's appendices. Key discussions included refining the guidance for protocol and library implementers regarding serialization choices, addressing concerns about the clarity and implications of "ordinary serialization," and deciding on the future of certain appendices.

Key Discussion Points

• Draft-03 Status Update:

  • Draft-03 has been published, incorporating significant rework in the recommendations section based on previous discussions.
  • A new section addresses the data model rule prompted by big numbers, clarifying that tags should not modify the data model of other types or tags without consent. Karsten expressed a preference for more blunt text stating that new tags should not provide alternative serializations of existing data model elements, and was asked to provide specific comments on the mailing list.
  • The section on "when to use determinism" has been rearranged for improved clarity.
  • Seven open issues remain on GitHub, including naming "ordinary serialization," questions about appendices B and C, requests for additional security considerations, test vectors, renaming control operators, and deterministic encoding of tag zero.
  • Lawrence noted that there isn't much serious writing left but that processing pull requests (PRs) with multiple changes can be time-consuming; smaller, focused PRs are preferred.

• Recommendations Section (Continued Discussion):

  • The -03 draft now includes separate subsections for recommendations for protocols and libraries.
  • Framework Protocols: Recommend allowing protocols to specify a serialization, rather than explicitly saying nothing.
  • End-to-End Protocols: Recommend specifying serialization and suggest either "ordinary" or "deterministic" to guarantee interoperability.
  • Karsten noted that protocols like COSE only specify serialization for small parts (e.g., generating signing inputs) and suggested this nuance be highlighted. Lawrence confirmed the document already reflects this.
  • "Ordinary Serialization" Definition and Implications:
    • Karsten raised strong concerns about recommending "ordinary serialization" in Section 2.1.2, specifically questioning what "normatively require ordinary serialization" means for both encoders and decoders, particularly regarding the handling of "general serialization" (any valid CBOR).
    • Karsten argued that an unclear definition could lead to interoperability problems, as recipients might error out on general serialization if they only support "ordinary."
    • Karsten highlighted that RFC 8949 (CBOR) describes "full implementations" as "variation tolerant" and that the idea of "definite length only" (DLO) is often a pragmatic simplification for constrained decoders, but he is not aware of interoperability problems arising from "preferred serialization" (a subset of "ordinary").
    • Lawrence stated that RFC 8949 does not contain "must" requirements for general serialization support and that many CBOR libraries/implementations do not accept general serialization, often only supporting the definite length only subset. He sees the draft as solving, not creating, interoperability problems in this area.
    • There was a robust discussion on whether the working group has consensus on "ordinary serialization" and its implications.
    • Action Item: Karsten agreed to provide a PR with specific text suggestions to clarify the recommendations, particularly separating encoding and decoding requirements.
  • Library Recommendations:
    • Libraries are recommended to use "ordinary serialization" as the default for encoding and to support decoding it.
    • They may also support deterministic serialization, potentially in place of ordinary serialization in some environments.
    • For framework protocol libraries (e.g., COSE, CWT), the recommendation is generally to use "ordinary serialization," with noted exceptions for specific sub-parts that might require deterministic serialization.
    • Karsten agreed with the general direction for library implementers to use preferred serialization and definite length only, noting this covers two-thirds of "ordinary serialization."

• Naming "Ordinary Serialization":

  • A poll of the room was taken regarding the name "preferred plus" instead of "ordinary" or "mainstream" (which had some consensus in a previous meeting).
  • Lawrence advocated for "preferred plus" due to its strong relationship to "preferred serialization" (the difference being definite lengths only and disallowed NaN payloads), suggesting it conveys a minor divergence and better fits internal library naming.
  • A sense of those present indicated support for "preferred plus." Karsten agreed that exposing the relationship to "preferred" and the two additional aspects is beneficial.

• Appendices Discussion (B and C):

  • Lawrence presented his philosophy for document structure: the main body for essential, direct information for implementers, and appendices for optional background and rationale. He emphasized its utility for implementers.
  • Karsten acknowledged the value of separating normative from informative content but cautioned against increasing the perceived complexity (page count) of specifications by moving too much into appendices. He suggested fanning out appendices to separate documents or wikis.
  • The group considered whether certain background information could reside in wikis or other external references, with informative RFC references.
  • Appendix C ("CBOR Diagnostic Notation (CDDL)"): Karsten noted that the working group hasn't developed much experience with the material in Appendix C, suggesting it might be better in a document with a different timeline. There was no objection to removing Appendix C.
  • Appendix B ("CBOR in Context"): No specific decision was made on Appendix B.
  • Appendix F ("Big Numbers Implementation Notes"): Lawrence preferred to keep Appendix F in the document, despite it being implementation notes.
  • Lawrence suggested moving the NAN (Not-a-Number) section to a wiki as a top candidate for removal, but stated it's a cleanup item that can be decided closer to IESG submission.

Decisions and Action Items

• Action Item: Karsten will submit a Pull Request (PR) with proposed text changes for the "Recommendations for CBOR Usage" section, particularly to clarify the meaning of "ordinary serialization" and separate encoding/decoding requirements.
• Decision: The working group intends to propose "preferred plus" as the new name for "ordinary serialization" to the mailing list for wider consensus.
• Decision: Appendix C will be removed from the next draft.
• Action Item: A discussion will be initiated on the mailing list about suitable locations (e.g., wikis) for background material that might be moved out of the document.

Next Steps

• Lawrence will circulate the proposed name "preferred plus" to the mailing list for wider feedback.
• Lawrence will remove Appendix C from the next iteration of the draft.
• An -04 draft is anticipated in approximately two weeks, coinciding with the next interim meeting.
• The next interim call (in two weeks) will also serve to collect agenda items and flesh out the agenda for IETF 125.
• The discussion on where to host external wiki content will continue on the mailing list.