Minutes interim-2022-cbor-15: Wed 16:00
minutes-interim-2022-cbor-15-202210051600-00
| Meeting Minutes | Concise Binary Object Representation Maintenance and Extensions (cbor) WG | |
|---|---|---|
| Date and time | 2022-10-05 14:00 | |
| Title | Minutes interim-2022-cbor-15: Wed 16:00 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2022-10-05 |
CBOR working group conference call, 2022-10-05
Meetecho:
https://meetings.conf.meetecho.com/interim/?short=4070ab5e-a2f5-4573-9df6-5723c39a4e75
WG documents status and issues
CBOR use in IETF and other SDOs
- draft-ietf-cbor-time-tag completion (WGLC), coordination with SEDATE
Presented slides:
https://datatracker.ietf.org/meeting/interim-2022-cbor-15/materials/slides-interim-2022-cbor-15-sessa-time-tag-and-sedate-ixdtf-00.pdf
CB presenting
CB (p1): The topic has been around for years now, but waiting for SEDATE
to define the Internet eXtended Date/Time Format, extending RFC 3339.
SEDATE is converging now.
CB (p2): Now we can get back to some TBDs in our document, including
IANA considerations, durations and ABNF updates from the SEDATE
document.
CB (p3): On IANA considerations, as to the "Timescale" and "Map Key"
registries (e.g., pre-filling, and registration policies).
CB (p4): open issue #4 on Floating Time, want to synch with NTP but it's
not converging right now, so this can be added later.
CB (p5): open issue #8, need to clean up the semantics of
positive/negative map keys, based on what information is actually
critical to understand.
CB (p6): open issue #7, plan to distinguish between "planned" and
"actual" time, addressing not entirely predictable time scales. This is
very fine-grained, so only some specific application classes care. So we
may wait to get some more feedback first and possibly add this later on.
CB: Plan to have version -03 ready for WGLC before IETF 115, and process
WGLC at IETF 115.
IMD: On planned vs. actual time; makes sense, but how do we know that
the originator set the flag correctly? Maybe it's more dangerous than
useful.
CB: It can be an optional flag, only used by producers that actually
care. Then you hope they know what they're doing.
IMD: I'm worried of someone just blithely adding the flag.
CB: The default would be not adding the flag, unless you know what
you're doing, in which case it's useful.
IMD: Yes, let's have a recommendation along those lines.
CB: I'm thinking of base adjustments in the financial community, that
relies on planned time that has to take into account leap seconds.
IMD: Yes, good example. Good to mention practical examples in the
specification.
IMD: Also good to move on with WGLC as per the plan on page 7.
CB: This is also getting urgent for a number of applications and other
SDOs.
IETF 115 agenda
IMD: Will we cover CDDL 2.0?
CB: I think so, no time to prepare for today. I might manage by the next
interim meeting in two weeks. We should discuss this at IETF 115.
IMD: There is certainly a need for CDDL 2.0.
AOB
HPKE in COSE
CB: Ongoing discussion in the COSE WG, about the HPKE key exchange. It's
expected that HPKE sets the representation of data, such as asymmetric
keys.
CB: It has been pointed out on the COSE mailing list to not use the COSE
way to represent keys, but the HPKE way. When defining keys, we came up
with representations easy to process on constrained devices.
RHo: Not clear outcome from the discussion. Some people wants to use the
COSE way, while some wants to use what HPKE libraries provide. It looks
like the side supporting the use of unmodified HPKE libraries won;
that's why I also leave the document autorship.
CB: What does it mean to use the HPKE library? It's not standardized.
RHo: In the HPKE spec, that representation is opaque, and HPKE libraries
think that way and most people like keeping it that way, without the
need to define a proper conversion to COSE. I don't think the outcome is
a good direction.
CB: I wanted to raise this here, but it's something for more discussion
in COSE.
IMD: NSA has come strongly against hybrid public keys. NIST is not
supporting it either.
RHo: I think this definition of "hybrid" and the one used in HPKE are
different.
IMD: It's just that NSA pointed to HPKE. Agree that "hybrid" is used
with many meanings in many contexts and can be confusing.
Note taking: (Marco Tiloca)