Skip to main content

Concise Data Definition Language (CDDL): Additional Control Operators for the Conversion and Processing of Text
draft-ietf-cbor-cddl-more-control-08

Revision differences

Document history

Date Rev. By Action
2025-01-13
08 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2025-01-10
08 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2025-01-10
08 (System) IANA Action state changed to In Progress from Waiting on Authors
2025-01-10
08 (System) IANA Action state changed to Waiting on Authors from In Progress
2025-01-09
08 (System) RFC Editor state changed to EDIT
2025-01-09
08 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2025-01-09
08 (System) Announcement was received by RFC Editor
2025-01-09
08 (System) IANA Action state changed to In Progress
2025-01-09
08 (System) Removed all action holders (IESG state changed)
2025-01-09
08 Liz Flynn IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup
2025-01-09
08 Liz Flynn IESG has approved the document
2025-01-09
08 Liz Flynn Closed "Approve" ballot
2025-01-09
08 Liz Flynn Ballot approval text was generated
2025-01-09
08 Jenny Bui IESG state changed to Approved-announcement to be sent::AD Followup from IESG Evaluation
2025-01-09
08 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2025-01-09
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2025-01-09
08 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-08.txt
2025-01-09
08 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2025-01-09
08 Carsten Bormann Uploaded new revision
2025-01-08
07 Murray Kucherawy [Ballot comment]
Thanks to Darrel Miller for his ARTART review.
2025-01-08
07 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2025-01-08
07 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2025-01-08
07 Roman Danyliw [Ballot comment]
(updated ballot)

Thank you to Joel Halpern for the GENART review.

** Should this document update RFC8610?
2025-01-08
07 Roman Danyliw Ballot comment text updated for Roman Danyliw
2025-01-07
07 Roman Danyliw
[Ballot comment]
Thank you to Joel Halpern for the GENART review.

** Should this document update RFC8610?

** Section 2.2
  i.e., the decimal …
[Ballot comment]
Thank you to Joel Halpern for the GENART review.

** Should this document update RFC8610?

** Section 2.2
  i.e., the decimal numbers match the
  regular expression 0|-?[1-9][0-9]*

Since this is a formal syntax, be clear with a reference on regex.  Is it RFC9485?
2025-01-07
07 Roman Danyliw [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw
2025-01-07
07 Zaheduzzaman Sarker
[Ballot comment]
Thanks for working on this specification.

One suggestion, in section 2.1 : s/we use representations defined in [RFC4648] with the following …
[Ballot comment]
Thanks for working on this specification.

One suggestion, in section 2.1 : s/we use representations defined in [RFC4648] with the following names/ representations defined in [RFC4648] are used with the followng names
2025-01-07
07 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2025-01-06
07 Warren Kumari [Ballot comment]
No comments, other than to thank Ari Keränenm for, and reinforce the suggestion in, the IOTDIR review: https://datatracker.ietf.org/doc/review-ietf-cbor-cddl-more-control-07-iotdir-telechat-keranen-2025-01-03/
2025-01-06
07 Warren Kumari [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari
2025-01-06
07 Paul Wouters
[Ballot comment]
The table in Section 1 feels redundant. I wouldn't object to its removal.

"opinionated" is a strange word to use. Can it be …
[Ballot comment]
The table in Section 1 feels redundant. I wouldn't object to its removal.

"opinionated" is a strange word to use. Can it be replaced by something else?
Maybe "strict" ? Or just remove the constructs that have the word in it? Standards
are not opinionated, they are specifications :P

        While Section 4 of [RFC7493] probably is not relevant to this specification

Then why mention it here?
2025-01-06
07 Paul Wouters [Ballot Position Update] New position, No Objection, has been recorded for Paul Wouters
2025-01-06
07 Gunter Van de Velde [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde
2025-01-05
07 Mahesh Jethanandani [Ballot Position Update] New position, No Objection, has been recorded for Mahesh Jethanandani
2025-01-03
07 Ari Keränen Request for Telechat review by IOTDIR Completed: Ready. Reviewer: Ari Keränen. Sent review to list.
2025-01-03
07 Ari Keränen Assignment of request for Telechat review by IOTDIR to Henk Birkholz was withdrawn
2025-01-03
07 Ari Keränen Request for Telechat review by IOTDIR is assigned to Ari Keränen
2025-01-02
07 Darrel Miller Request for Last Call review by ARTART Completed: Ready with Issues. Reviewer: Darrel Miller. Sent review to list.
2025-01-02
07 Éric Vyncke
[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-cbor-cddl-more-control-07
CC @evyncke

Thank you for the work put into this document.

Please find below some …
[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-cbor-cddl-more-control-07
CC @evyncke

Thank you for the work put into this document.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education).

Special thanks to A.J. Stein for the shepherd's detailed write-up including the WG consensus *and* the justification of the intended status.

Please note that Henk Birkholz is the IoT directorate reviewer (at my request) and you may want to consider this iot-dir review as well when it will be available (no need to wait for it though):
https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl-more-control/reviewrequest/21141/

I hope that this review helps to improve the document,

Regards,

-éric

## COMMENTS (non-blocking)

### Title

The title is really vague `More control operators`, suggest to use a more specific title, e.g., "Text Conversion and Processing Control Operators for CDDL".

### Section 2.1

Who is `we` in this context? The author? the WG? the whole IETF ? Please avoid using this sentence structure.

Should `QR code` have an informational reference ?

### Section 3.1

I smiled a lot when reading IPv4 = legacy IP ;-)
2025-01-02
07 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2024-12-31
07 Deb Cooley [Ballot Position Update] New position, No Objection, has been recorded for Deb Cooley
2024-12-31
07 Ari Keränen Request for Telechat review by IOTDIR is assigned to Henk Birkholz
2024-12-30
07 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2024-12-29
07 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2024-12-20
07 Éric Vyncke Requested Telechat review by IOTDIR
2024-12-05
07 Cindy Morgan Placed on agenda for telechat - 2025-01-09
2024-12-04
07 Orie Steele Ballot has been issued
2024-12-04
07 Orie Steele [Ballot Position Update] New position, Yes, has been recorded for Orie Steele
2024-12-04
07 Orie Steele Created "Approve" ballot
2024-12-04
07 Orie Steele IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2024-12-04
07 Orie Steele Ballot writeup was changed
2024-11-20
07 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2024-11-19
07 David Dong
IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-cbor-cddl-more-control-07. If any part of this review is inaccurate, please let us know.

IANA understands that, upon …
IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-cbor-cddl-more-control-07. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which we must complete.

In the CDDL Control Operators registry in the Concise Data Definition Language (CDDL) registry group located at:

https://www.iana.org/assignments/cddl/

14 (fourteen) new operators are to be registered as follows:

Name: .b64u
Reference: [ RFC-to-be ]

Name: .b64u-sloppy
Reference: [ RFC-to-be ]

Name: .b64c
Reference: [ RFC-to-be ]

Name: .b64c-sloppy
Reference: [ RFC-to-be ]

Name: .b45
Reference: [ RFC-to-be ]

Name: .b32
Reference: [ RFC-to-be ]

Name: .h32
Reference: [ RFC-to-be ]

Name: .hex
Reference: [ RFC-to-be ]

Name: .hexlc
Reference: [ RFC-to-be ]

Name: .hexuc
Reference: [ RFC-to-be ]

Name: .decimal
Reference: [ RFC-to-be ]

Name: .printf
Reference: [ RFC-to-be ]

Name: .json
Reference: [ RFC-to-be ]

Name: .join
Reference: [ RFC-to-be ]

We understand that this is the only action required to be completed upon approval of this document.

NOTE: The action requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the action that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2024-11-19
07 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2024-11-18
07 Mališa Vučinić Request for Last Call review by SECDIR Completed: Ready. Reviewer: Mališa Vučinić. Sent review to list.
2024-11-15
07 Joel Halpern Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern. Sent review to list. Submission of review completed at an earlier date.
2024-11-15
07 Joel Halpern Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern.
2024-11-07
07 Barry Leiba Request for Last Call review by ARTART is assigned to Darrel Miller
2024-11-07
07 Jean Mahoney Request for Last Call review by GENART is assigned to Joel Halpern
2024-11-07
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Mališa Vučinić
2024-11-07
07 Tero Kivinen Assignment of request for Last Call review by SECDIR to Yaron Sheffer was withdrawn
2024-11-07
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2024-11-06
07 Jenny Bui IANA Review state changed to IANA - Review Needed
2024-11-06
07 Jenny Bui
The following Last Call announcement was sent out (ends 2024-11-20):

From: The IESG
To: IETF-Announce
CC: ajstein.standards@gmail.com, cbor-chairs@ietf.org, cbor@ietf.org, draft-ietf-cbor-cddl-more-control@ietf.org, orie@transmute.industries …
The following Last Call announcement was sent out (ends 2024-11-20):

From: The IESG
To: IETF-Announce
CC: ajstein.standards@gmail.com, cbor-chairs@ietf.org, cbor@ietf.org, draft-ietf-cbor-cddl-more-control@ietf.org, orie@transmute.industries
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (More Control Operators for CDDL) to Proposed Standard


The IESG has received a request from the Concise Binary Object Representation
Maintenance and Extensions WG (cbor) to consider the following document: -
'More Control Operators for CDDL'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-11-20. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  The Concise Data Definition Language (CDDL), standardized in RFC
  8610
, provides "control operators" as its main language extension
  point.  RFCs have added to this extension point both in an
  application-specific and a more general way.

  The present document defines a number of additional generally
  applicable control operators for text conversion (Bytes, Integers,
  JSON, Printf-style formatting) and for an operation on text.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl-more-control/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc9285: The Base45 Data Encoding (Informational - Internet Engineering Task Force (IETF) stream)



2024-11-06
07 Jenny Bui IESG state changed to In Last Call from Last Call Requested
2024-11-06
07 Jenny Bui Last call announcement was generated
2024-11-05
07 Orie Steele Last call was requested
2024-11-05
07 Orie Steele Last call announcement was generated
2024-11-05
07 Orie Steele Ballot approval text was generated
2024-11-05
07 Orie Steele Ballot writeup was generated
2024-11-05
07 Orie Steele AD Evaluation comments were addressed in: https://mailarchive.ietf.org/arch/msg/cbor/2vE_3YxOLyu9hEjUUbYwjFLL-yI/
2024-11-05
07 Orie Steele IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2024-11-03
07 (System) Changed action holders to Orie Steele (IESG state changed)
2024-11-03
07 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-11-03
07 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-07.txt
2024-11-03
07 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-11-03
07 Carsten Bormann Uploaded new revision
2024-10-21
06 Orie Steele
# Orie Steele, ART AD, comments for draft-ietf-cbor-cddl-more-control-06
CC @OR13

* line numbers:
  - https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cbor-cddl-more-control-06.txt&submitcheck=True

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md


Thanks to AJ Stein for the shepherd writeup, and to the CBOR WG for this document.

The DT did not reflect the intended status as Proposed Standard.
I believe it should be marked Proposed Standard, and have updated the DT.

I am setting the substate to revised I-D needed, with the assumption that there will be at least a few changes incorporated as part of this review.

## Comments

### Is sloppy really needed?

```
179     +--------------+-----------------------+------------------------+
180     | .b64u-sloppy | Base64URL, no        | Section 5 of [RFC4648] |
181     |              | padding, sloppy      |                        |
182     +--------------+-----------------------+------------------------+
```

I wonder if all these productions are really necessary, or if by specifying support for them, we are encouraging them.
I do not think it is generally good design to make use of multiple text encodings for binary in a single protocol, or to unnecessarily mix cbor and json encodings in protocols.

Later you have:

```
227   in not specifying a sloppy variant of base32 or base32/hex, as no
228   legacy use of sloppy base32(/hex) was known at the time of writing.
```

Why is `b64u-sloppy` worth specifying / encouraging the use of?

### Thanks for being opinionated

```
208   Note that this specification is somewhat opinionated here: It does
209   not provide base64url, base32 or base32hex encoding with padding, or
210   base64 classic without padding.  Experience indicates that these
```

Related to my comment above, I like this... and I wonder if there is room to be even stronger.

### validate the mandates of their base documents

I am not sure what "validate the mandates of their base documents" means.

```
215   These control operators are "strict" in their matching, i.e., they do
216   validate the mandates of their base documents.  Note that this also
217   means that .b64u and .b64c only accept the alphabets defined for each
218   of them, respectively; this is maybe worth pointing out here
219   explicitly as CDDL's "b64" literal prefix simply accepts either
220   alphabet and this behavior is different from that of these control
221   operators.
```

This block could probably be re-written to use more traditional terminology from theory of computation related to recognizing regular languages.

Perhaps even normative guidance of the form:

The use of "b64" is NOT RECOMMENDED... because its alphabet is not restricted.

Although I suppose this kind of normative text would lead to an update, and not an extension.
Perhaps there is still a way to provide stronger guidance on the use of b64 without crossing this line.


### CBOR Unicode

A reference to https://datatracker.ietf.org/doc/html/rfc8949#section-3.1-2.8 (or perhaps there is a better reference) might be worth adding here, to highlight that the space of UTF-8 is already reduced by encoding in CBOR?

It would be repetition, but perhaps helpful to some readers.

```
284   interpolate a text string in UTF-8 form.  The 'c' conversion
285   specifier (paragraph 8) represents a single Unicode scalar value as a
286   UTF-8 character.  The 'p' and 'n' conversion specifiers (paragraph 8)
287   are not used and MUST NOT be included in the format string.
```

### Which JSON?

```
305   Some applications store complete JSON texts into text strings, the
306   JSON value for which can easily be defined in CDDL.  This is
```

- https://datatracker.ietf.org/doc/html/rfc7159
- https://datatracker.ietf.org/doc/html/rfc7493

### Canonical JSON

```
326   There is no way to constrain the use of blank space in data items to
327   be validated; variants (e.g, not providing for any blank space) could
328   be defined.
```

This basically means there is no way to distinguish JCS JSON from other flavors of JSON correct?

https://datatracker.ietf.org/doc/html/rfc8785#name-whitespace

Perhaps this is yet another opportunity to be opinionated, and recommend that protocols using CDDL to specify JSON...
SHOULD omit whitespace tokens, and that this needs to be described in text, as it cannot be recognized by CDDL?
... or that JCS cannot be expressed in CDDL?

Perhaps frame this "limitation" as a feature, and provide stronger guidance.

### Valid UTF-8

```
366   the strings.  If the result of the concatenation is a text string,
367   the resulting sequence of bytes MUST be valid UTF-8.
```

I believe it is possible to be more precise than this, perhaps a reference to https://datatracker.ietf.org/doc/html/rfc8949#section-3.2.3 could also be useful here?...
I would not want folks to think of this as a way to specify valid UTF-8, that might otherwise not be acceptable in the CBOR ecosystem, but perhaps this would be useful for CDDL?
Is constructing examples of "bad" UTF-8 a use case for these controls, so that these bad examples can be recognized?


### Implementation Status

```
440 5.  Implementation Status

442   This section is to be removed before publishing as an RFC.

444   In the CDDL tool described in Appendix F of [RFC8610], the control
445   operators defined in the present revision of this specification are
446   implemented as of version 0.10.4.
```

As this section will be removed, but the reference to Appendix F of [RFC8610] will remain correct (?).
I wonder if it is worth repeating something like Appendix F in this specification, and to provide new examples using the controls defined in this draft.

### Security Considerations

```
448 6.  Security considerations

450   The security considerations of [RFC8610] apply.
```

Are there no new security considerations introduced by this document?

For example, maximum depth exceeded, nesting .json, .cbor, .b64 to create resource exhaustion attacks?

Is there some CDDL equivalent of the ReDoS attack?

The ability to produce troublesome unicode using these controls, or to produce or consume unicode in the context of JSON that could be harmful?

Do the security considerations for JSON/I-JSON and Base64 also apply here?

- https://datatracker.ietf.org/doc/html/rfc4648#section-12
- https://datatracker.ietf.org/doc/html/rfc7493#section-5

Is there a relationship between these controls and the use of CDDL for sanitizing untrusted user input?

Is there a risk of deserialization of untrusted data (CWE-502) in implementations of these controls?
Note the comment about buffer overflow in security considerations of RFC4648.

## Nits

### Order of CDDL

This is a nit, but when I read CDDL like this, I always feel as if there should be some use before defined error.
All the examples in this draft take the opposite approach, is this a convention which is documented or recommended somewhere?
Encouraging a consistent style for CDDL could help reduce learning curve.

```
167   signature-for-json = text .b64u signature
168   signature = bytes .cbor COSE_Sign1
```
2024-10-21
06 (System) Changed action holders to Carsten Bormann (IESG state changed)
2024-10-21
06 Orie Steele IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation::AD Followup
2024-10-21
06 Orie Steele Changed consensus to Yes from Unknown
2024-10-21
06 Orie Steele Correcting intended status to align with the shepherd writeup as part of AD Evaluation.
2024-10-21
06 Orie Steele Intended Status changed to Proposed Standard from None
2024-10-16
06 Orie Steele IESG state changed to AD Evaluation::AD Followup from Publication Requested
2024-10-16
06 Christian Amsüss
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document has strong concurrence of a few individuals (active in the CBOR Working Group and others with applications of CDDL).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

Having reviewed the mailing list and meeting notes, I have determined no controversy about particular points of the document.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

The author has already completed an initial implementation. Two WG contributors have written on the mailing list they plan to use the operators and/or make an additional implementation to process use of the operators.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

This draft extends control operators in CDDL as a data definition language for CBOR and JSON data. The document's contents are in use by downstream applications. One such application is members of the RATS Working Group, particularly using CDDL to define CBOR and JSON structures for the Entity Attestation Token in [draft-ietf-rats-eat](https://datatracker.ietf.org/doc/draft-ietf-rats-eat/29/). In particular, Laurence Lundblade and Jeremy O'Donoghue reviewed and provided precise feedback. Additionally, Rohan Mahy from the Message Layer Security Working Group has evaluated the operators and a reference implementation, providing feedback on the draft's specification on base64 and base64url decoding, and JSON-only content processing.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

This document does not require such IETF expert reviews, but does require IANA review and is appropriately prepared. See below for details.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

This document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

This draft contains six CDDL definition examples and they have been validated with the `cddl` tool [as documented in RFC 8610 Appendix F](https://datatracker.ietf.org/doc/html/rfc8610#autoid-54).

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, I have reviewed the document and my assessment is that the document is necessary, written clearly, complete, correct and ready for handoff to the Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

The [typical ART area issues](https://wiki.ietf.org/group/art/TypicalARTAreaIssues) are applicable to this work. Specifically, the base64 issues are applicable. The others have already taken care to properly address the different variations of base64 specified in Sections 4 and 5 in RFC4648 already.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

The RFC type of this publication is Proposed Standard. This follows from the other dependent RFCs that this document extends. The state attributes appear to be correct and reflect this intent.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

The author confirmed [in a recent thread on the cbor mailing list](https://mailarchive.ietf.org/arch/msg/cbor/rdy2BWEiFH8aYR-TXndPoMx3K8Q/) that he is not aware of any patent claims.

The author is very familiar with the process, stating in the thread:

> (There was no need during the WG proceedings to remind me of the procedures we use to handle patent claims; I’m rather painfully aware of them.)

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

There is only one author for this I-D and they have demonstrated their willingness and commit to edit the draft and incorporate feedback.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

The [idnits tool report](https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cbor-cddl-more-control-05.txt) has several errors and warnings, but all have been review and are false positives (BCP14 versus RFC2119; downref to published non-RFC standards; date; line length).

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

The placement of all normative and informative references is correct.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All normative references are freely available and therefore the community had sufficient access.

A related issue brought up in discussion of the prior version of this shepherd review:  C (ISO 9899) is definitely not a downref, but it is worth to point out that this document references this ISO standard normatively. There is a hyperlink to a source accessible without paywall. The RFC editor will likely know how to update with a more appropriate, reader-friendly hyperlink during the editor review process.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

There is a normative reference to an informational RFC listed below. It is important for review during last call and for follow-up by the area ADs.

[RFC9285]
    Fältström, P., Ljunggren, F., and D.W. van Gulik, "The Base45 Data Encoding", RFC 9285, DOI 10.17487/RFC9285, August 2022, .

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Publication of this document will not change the status of existing RFCs. Th abstract explains this I-D's relationship to RFC9165, RFC9090, and RFC8160. RFC8610 is a foundational RFC for CDDL that establishes the first set of control operators in Section 3.8. This draft builds upon that set but does not conflict. Similarly, RFC9165 defines a set of new operators extending the original set in RFC8610. RFC9090 defines yet another set of CDDL operators pertaining to CBOR Tags, the primary subject of that standard. In all cases, authors have taken care to avoid conflicts and layer successively on top of one another, so no change in existing RFCs appear to be necessary.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA considerations section of this draft has a table with the proper columns and format. It properly and accurately defines the relevant existing registry (IANA CDDL Control Operators Registry). There is no declaration of a new registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

Below is the list of IANA registries requiring Designated Expert Review.

- [IANA CDDL Control Operators Registry](https://www.iana.org/assignments/cddl/cddl.xhtml#cddl-control-operators)

The instructions are clear given the simple fields of the registry and nature of the request.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
2024-10-16
06 Christian Amsüss IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2024-10-16
06 Christian Amsüss IESG state changed to Publication Requested from I-D Exists
2024-10-16
06 (System) Changed action holders to Orie Steele (IESG state changed)
2024-10-16
06 Christian Amsüss Responsible AD changed to Orie Steele
2024-10-16
06 Christian Amsüss Document is now in IESG state Publication Requested
2024-10-16
06 Christian Amsüss Comments from the WGLC have been addressed, this is a WG consensus document.

The shepherd writeup has already been completed.
2024-10-16
06 Christian Amsüss IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2024-07-26
06 Christian Amsüss Added to session: IETF-120: cbor  Fri-2230
2024-07-25
06 A.J. Stein
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document has strong concurrence of a few individuals (active in the CBOR Working Group and others with applications of CDDL).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

Having reviewed the mailing list and meeting notes, I have determined no controversy about particular points of the document.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

The author has already completed an initial implementation. Two WG contributors have written on the mailing list they plan to use the operators and/or make an additional implementation to process use of the operators.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

This draft extends control operators in CDDL as a data definition language for CBOR and JSON data. The document's contents are in use by downstream applications. One such application is members of the RATS Working Group, particularly using CDDL to define CBOR and JSON structures for the Entity Attestation Token in [draft-ietf-rats-eat](https://datatracker.ietf.org/doc/draft-ietf-rats-eat/29/). In particular, Laurence Lundblade and Jeremy O'Donoghue reviewed and provided precise feedback. Additionally, Rohan Mahy from the Message Layer Security Working Group has evaluated the operators and a reference implementation, providing feedback on the draft's specification on base64 and base64url decoding, and JSON-only content processing.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

This document does not require such IETF expert reviews, but does require IANA review and is appropriately prepared. See below for details.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

This document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

This draft contains six CDDL definition examples and they have been validated with the `cddl` tool [as documented in RFC 8610 Appendix F](https://datatracker.ietf.org/doc/html/rfc8610#autoid-54).

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, I have reviewed the document and my assessment is that the document is necessary, written clearly, complete, correct and ready for handoff to the Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

The [typical ART area issues](https://wiki.ietf.org/group/art/TypicalARTAreaIssues) are applicable to this work. Specifically, the base64 issues are applicable. The others have already taken care to properly address the different variations of base64 specified in Sections 4 and 5 in RFC4648 already.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

The RFC type of this publication is Proposed Standard. This follows from the other dependent RFCs that this document extends. The state attributes appear to be correct and reflect this intent.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

The author confirmed [in a recent thread on the cbor mailing list](https://mailarchive.ietf.org/arch/msg/cbor/rdy2BWEiFH8aYR-TXndPoMx3K8Q/) that he is not aware of any patent claims.

The author is very familiar with the process, stating in the thread:

> (There was no need during the WG proceedings to remind me of the procedures we use to handle patent claims; I’m rather painfully aware of them.)

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

There is only one author for this I-D and they have demonstrated their willingness and commit to edit the draft and incorporate feedback.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

The [idnits tool report](https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cbor-cddl-more-control-05.txt) has several errors and warnings, but all have been review and are false positives (BCP14 versus RFC2119; downref to published non-RFC standards; date; line length).

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

The placement of all normative and informative references is correct.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All normative references are freely available and therefore the community had sufficient access.

A related issue brought up in discussion of the prior version of this shepherd review:  C (ISO 9899) is definitely not a downref, but it is worth to point out that this document references this ISO standard normatively. There is a hyperlink to a source accessible without paywall. The RFC editor will likely know how to update with a more appropriate, reader-friendly hyperlink during the editor review process.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

There is a normative reference to an informational RFC listed below. It is important for review during last call and for follow-up by the area ADs.

[RFC9285]
    Fältström, P., Ljunggren, F., and D.W. van Gulik, "The Base45 Data Encoding", RFC 9285, DOI 10.17487/RFC9285, August 2022, .

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Publication of this document will not change the status of existing RFCs. Th abstract explains this I-D's relationship to RFC9165, RFC9090, and RFC8160. RFC8610 is a foundational RFC for CDDL that establishes the first set of control operators in Section 3.8. This draft builds upon that set but does not conflict. Similarly, RFC9165 defines a set of new operators extending the original set in RFC8610. RFC9090 defines yet another set of CDDL operators pertaining to CBOR Tags, the primary subject of that standard. In all cases, authors have taken care to avoid conflicts and layer successively on top of one another, so no change in existing RFCs appear to be necessary.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA considerations section of this draft has a table with the proper columns and format. It properly and accurately defines the relevant existing registry (IANA CDDL Control Operators Registry). There is no declaration of a new registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

Below is the list of IANA registries requiring Designated Expert Review.

- [IANA CDDL Control Operators Registry](https://www.iana.org/assignments/cddl/cddl.xhtml#cddl-control-operators)

The instructions are clear given the simple fields of the registry and nature of the request.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
2024-07-24
06 A.J. Stein
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document has strong concurrence of a few individuals (active in the CBOR Working Group and others with applications of CDDL).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

Having reviewed the mailing list and meeting notes, I have determined no controversy about particular points of the document.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

The author has already completed an initial implementation. Two WG contributors have written on the mailing list they plan to use the operators and/or make an additional implementation to process use of the operators.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

This draft extends control operators in CDDL as a data definition language for CBOR and JSON data. The document's contents are in use by downstream applications. One such application is members of the RATS Working Group, particularly using CDDL to define CBOR and JSON structures for the Entity Attestation Token in [draft-ietf-rats-eat](https://datatracker.ietf.org/doc/draft-ietf-rats-eat/29/). In particular, Laurence Lundblade and Jeremy O'Donoghue reviewed and provided precise feedback. Additionally, Rohan Mahy from the Message Layer Security Working Group has evaluated the operators and a reference implementation, providing feedback on the draft's specification on base64 and base64url decoding, and JSON-only content processing.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

This document does not require such IETF expert reviews, but does require IANA review and is appropriately prepared. See below for details.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

This document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

This draft contains no formal language (XML; ABNF; BNF; MIB; CDDL; et cetera). There are no relevant automated checks for these formal languages, but other checks for copy content via GitHub Actions.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, I have reviewed the document and my assessment is that the document is necessary, written clearly, complete, correct and ready for handoff to the Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

The [typical ART area issues](https://wiki.ietf.org/group/art/TypicalARTAreaIssues) are applicable to this work. Specifically, the base64 issues are applicable. The others have already taken care to properly address the different variations of base64 specified in Sections 4 and 5 in RFC4648 already.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

The RFC type of this publication is Proposed Standard. This follows from the other dependent RFCs that this document extends. The state attributes appear to be correct and reflect this intent.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Reasonable efforts may have been made in IETF and interim working group meetings. However, I have been unable to find any public discussion (mailing list; GitHub; meeting notes) or relevant disclosures in datatracker.ietf.org.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

There is only one author for this I-D and they have demonstrated their willingness and commit to edit the draft and incorporate feedback.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

The [idnits tool report](https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cbor-cddl-more-control-05.txt) has several errors and warnings, but all have been review and are false positives (BCP14 versus RFC2119; downref to published non-RFC standards; date; line length).

This shepherd review is my first, so I would to confirm that the error below regarding one normative reference is to an informational RFC listed below is not a false positive. Upon review, all other warnings and errors are false positives.

[RFC9285]
    Fältström, P., Ljunggren, F., and D.W. van Gulik, "The Base45 Data Encoding", RFC 9285, DOI 10.17487/RFC9285, August 2022, .

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

The placement of all normative and informative references is correct.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All normative references are freely available and therefore the community had sufficient access.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

[BCP14]
    Best Current Practice 14, .
   
[C]
    International Organization for Standardization, "Information technology — Programming languages — C", Fourth Edition, ISO/IEC 9899:2018, June 2018, .

[STD90]
    Internet Standard 90, .

[STD94]
    Internet Standard 94, .

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Publication of this document will not change the status of existing RFCs. Th abstract explains this I-D's relationship to RFC9165, RFC9090, and RFC8160. RFC8610 is a foundational RFC for CDDL that establishes the first set of control operators in Section 3.8. This draft builds upon that set but does not conflict. Similarly, RFC9165 defines a set of new operators extending the original set in RFC8610. RFC9090 defines yet another set of CDDL operators pertaining to CBOR Tags, the primary subject of that standard. In all cases, authors have taken care to avoid conflicts and layer successively on top of one another, so no change in existing RFCs appear to be necessary.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA considerations section of this draft has a table with the proper columns and format. It properly and accurately defines the relevant existing registry (IANA CDDL Control Operators Registry). There is no declaration of a new registry.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

Below is the list of IANA registries requiring Designated Expert Review.

- [IANA CDDL Control Operators Registry](https://www.iana.org/assignments/cddl/cddl.xhtml#cddl-control-operators)

The instructions are clear given the simple fields of the registry and nature of the request.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
2024-07-21
06 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-06.txt
2024-07-21
06 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-07-21
06 Carsten Bormann Uploaded new revision
2024-06-17
05 Christian Amsüss Notification list changed to ajstein.standards@gmail.com because the document shepherd was set
2024-06-17
05 Christian Amsüss Document shepherd changed to A.J. Stein
2024-06-12
05 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-05.txt
2024-06-12
05 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-06-12
05 Carsten Bormann Uploaded new revision
2024-06-05
04 Christian Amsüss Added to session: interim-2024-cbor-10
2024-04-17
04 Christian Amsüss Added to session: interim-2024-cbor-06
2024-03-28
04 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-04.txt
2024-03-28
04 Carsten Bormann New version approved
2024-03-28
04 (System) Request for posting confirmation emailed to previous authors: Carsten Bormann
2024-03-28
04 Carsten Bormann Uploaded new revision
2024-03-13
03 Christian Amsüss Added to session: IETF-119: cbor  Fri-0500
2024-03-02
03 Christian Amsüss https://mailarchive.ietf.org/arch/msg/cbor/JcrAjY0vC38JvsH2OJC1BhYvys0
2024-03-02
03 Christian Amsüss IETF WG state changed to In WG Last Call from WG Document
2024-02-26
03 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-03.txt
2024-02-26
03 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-02-26
03 Carsten Bormann Uploaded new revision
2024-02-22
02 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-02.txt
2024-02-22
02 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-02-22
02 Carsten Bormann Uploaded new revision
2024-01-10
01 Christian Amsüss Added to session: interim-2024-cbor-01
2023-12-13
01 Christian Amsüss Added to session: interim-2023-cbor-18
2023-12-07
01 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-01.txt
2023-12-07
01 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2023-12-07
01 Carsten Bormann Uploaded new revision
2023-07-06
00 Barry Leiba Added to session: IETF-117: cbor  Tue-0030
2023-06-14
00 Barry Leiba Changed document external resources from: None to:

github_repo https://github.com/cbor-wg/cddl-more-control
2023-06-14
00 Barry Leiba This document now replaces draft-bormann-cbor-cddl-more-control instead of None
2023-06-14
00 Carsten Bormann New version available: draft-ietf-cbor-cddl-more-control-00.txt
2023-06-14
00 Barry Leiba WG -00 approved
2023-06-14
00 Carsten Bormann Set submitter to "Carsten Bormann ", replaces to draft-bormann-cbor-cddl-more-control and sent approval email to group chairs: cbor-chairs@ietf.org
2023-06-14
00 Carsten Bormann Uploaded new revision