Markdown Version | Transcript | Session Recording

Session Date/Time: 10 Jun 2026 14:00

CBOR

Summary

The CBOR Working Group held an interim meeting to discuss the path forward for the Working Group Last Call (WGLC) on the EDN literals specification, as well as a status update on the CBOR serialization specification.

The meeting featured two presentations on draft-ietf-cbor-edn-literals:

1. Rohan Mahy highlighted readability, security, and syntax improvements.
2. Carsten Bormann provided a status report on WGLC comment resolution, including draft naming and syntactic adjustments.

Additionally, Laurence Lundblade presented a brief status update on the development of draft-ietf-cbor-serialization.

Key Discussion Points

1. EDN Readability and Syntax Design

Rohan Mahy presented EDN readability, etc. focusing on how the design of EDN should prioritize readability and prevent semantic obfuscation.

• Security & Readability: Readability in EDN is critical for spotting deliberate attacks or human error, particularly in environments like CI/CD configurations, test vectors, and cryptographic formats (such as WebTokens where side-channel key exfiltrations are possible).
• Backtick-Quoted Strings: Rohan Mahy argued that long, unconstrained sequences of backticks (e.g., raw strings) are hard for human brains to parse (violating subitizing limits) and complicate syntax-highlighting regex engines. He proposed restricting raw backtick strings to a maximum of 8 backticks and forbidding leading or trailing backticks. Alternatively, dropping backtick strings entirely or adopting Вадим Гончаров's proposal of fenced backticks was discussed.
• Comments: Rohan Mahy raised concerns about the risk of comments embedded inside quoted strings. While C-style comments are allowed in hex/b64 strings for backwards compatibility, he strongly opposed allowing EDN-style comments inside new quoted string extensions.
• Optional Commas: To avoid unreadable code and syntax errors, Rohan Mahy suggested a style guideline recommending explicit commas except when entries are separated by a newline.
• String Concatenation & Indefinite Strings: Rohan Mahy proposed a rule for handling conflicting encoding indicators on concatenated strings (e.g., using the highest indicator). He also suggested replacing the current indefinite-length string syntax with a cleaner sequence extension (e.g., tstring-i or tstring-indefinite).
• Extension Models: Rohan Mahy contrasted two mental models for the return values of application extensions:
  • Carsten Bormann’s model: Returns equivalent EDN text.
  • Joe Hildebrand & Вадим Гончаров’s model: Returns a sequence of CBOR bytes and a type (which easily enables features like indefinite strings and map sorting as extensions).
• Map Ordering: Rohan Mahy emphasized that preserving map order in diagnostic outputs is crucial for debugging security issues, and failing to do so breaks the principle of least surprise.
• Stand-in Syntax: The current stand-in syntax was identified by Rohan Mahy as an unneeded attack vector with zero known implementations. He proposed removing it or disabling it by default via pragmas/metadata.

2. WGLC Status & Document Progression

Carsten Bormann presented CDN (EDN (CEDN)) slides summarizing the state of WGLC comments.

• Comment Resolution: Merged PRs have resolved comments from Laurence Lundblade, Marco Tiloca, Mikolai Gütschow, and Martin. Remaining editorial PRs are being evaluated, with plans to consolidate section movements and clean up the ABNF structure.
• The "Great Renaming" Discussion: Although the group previously converged on "Concise Diagnostic Notation" (CDN), several participants reported collisions with "Content Delivery Network" (CDN) in their daily work. Alternatives like "Concise Practical Diagnostic Notation" or "CEDN" (as an un-abbreviated name) are being considered.
• Symmetrical Raw Strings: Carsten Bormann reported that a symmetric raw string delimiter implementation has been successfully tested and will be converted into a PR.
• WGLC Path Forward: Paul Hoffman noted there is a clear consensus that the working group wants to publish this document, but there is disagreement on which features to keep, modify, or drop.

3. CBOR Serialization Update

Laurence Lundblade gave a verbal update on draft-ietf-cbor-serialization.

• Introduction & Terminology: The introduction is being streamlined to avoid extensive exposition. The terminology choice between "serialization" versus "serialization constraint" remains an open mailing list discussion.
• Floating-Point Sample Code: Laurence Lundblade is integrating and clean-coding floating-point conversion routines, balancing readability against the optimized bitwise constants used in the CBOR Common Deterministic Encoding (CDE) document.
• NaN Payloads: To align with the core text, sample code for shortest-length floats for NaN payloads has been excluded, as there is no single preferred serialization for NaN payloads.
• Next Draft: Laurence Lundblade expects to submit an updated draft in approximately one week.

Decisions and Action Items

• draft-ietf-cbor-edn-literals Target Draft: Carsten Bormann will compile ready PRs and submit draft-ietf-cbor-edn-literals-26 by Monday (to allow a weekend buffer).
• Consensus-Building Process: The Chairs (Paul Hoffman and Christian Amsüss) will formulate a structured procedure to systematically work through remaining contentious points (such as raw strings, stand-in syntax, comments, and renaming) to establish rough consensus.

Next Steps

• Mailing List Discussions: Participants are encouraged to move specific technical debates (including the renaming of EDN/CDN/CEDN) from the interim chat to the main CBOR mailing list.
• draft-ietf-cbor-serialization Update: Laurence Lundblade to publish a new revision of the serialization draft with updated sample code and resolved PRs within the next week.

Related Documents

draft-ietf-cbor-edn-literals, draft-ietf-cbor-edn-literals-26, draft-ietf-cbor-serialization