ietf
[Top] [All Lists]

Re: CBOR and a tag for "critical"

2013-08-15 15:49:15
On Thu, Aug 15, 2013 at 9:19 PM, Yaron Sheffer 
<yaronf(_dot_)ietf(_at_)gmail(_dot_)com>wrote:

Hi Paul,

I am quite sure that I fully understand the semantics of "critical"
(probably erroneously), so I'm not the right person to clarify the various
meanings of the word. I would appreciate a proposal.

Just for the record, my "critical" means: the reader must be able to
process the data item according to its specification, not just
syntactically but also semantically, and must fail otherwise. There may
still be contained non-critical data items that are NOT understood by the
reader.

Sec. 2.4 consistently mentions "tag" in the singular. For example, the
first sentence could be "a data item can optionally be preceded by one or
more tags" - but it isn't


+1

The semantics of critical have never been ambiguous. The problem has been
that some people have been misled into thinking 'critical' means
'important'. So we have certain PKIX extensions where the specification
says that they MUST be marked critical even though marking them critical is
stupid.


Marking an extension critical in a PKIX certificate means 'if you do not
understand this extension you cannot understand the semantics of the
certificate and so you MUST NOT rely on it'.

As such, this is an essential feature to have available if you have a
certificate that depends on some novel revocation mechanism. But it is
something that should only be used if the semantics are so important that
breaking backwards compatibility is desirable.


It is an essential semantic but I don't believe that semantics belong in
the encoding layer. The bit can only be processed at the application layer
so the encoding layer should not be dealing with it. Consider the situation
where you have one application moving bits for another. I might send along
a piece of data that has a critical bit set but it is presented in a
context where the piece of data is optional.

And it need not be a bit. The Critical bit in SAML is actually the
<Conditions/> element. It was necessary to disguise it as I knew that
having a criticality bit would lead to a lot of unproductive arguing and
possibly the same sort of misuse as in PKIX. Calling it Conditions was a
twofer.




-- 
Website: http://hallambaker.com/
<Prev in Thread] Current Thread [Next in Thread>