Constrained RESTful Environments T. Fossati Internet-Draft Linaro Updates: 7252 (if approved) E. Dijk Intended status: Standards Track IoTconsultancy.nl Expires: 22 June 2025 19 December 2024 Update to the IANA CoAP Content-Formats Registration Procedures draft-ietf-core-cf-reg-update-01 Abstract This document updates the registration procedures for the "CoAP Content-Formats" registry, within the "CoRE Parameters" registry group, defined in Section 12.3 of RFC7252, specifically, those regarding the First Come First Served (FCFS) portion of the registry. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://core- wg.github.io/cf-reg-update/draft-ietf-core-cf-reg-update.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-core-cf-reg-update/. Discussion of this document takes place on the Constrained RESTful Environments Working Group mailing list (mailto:core@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/core/. Subscribe at https://www.ietf.org/mailman/listinfo/core/. Source for this draft and an issue tracker can be found at https://github.com/core-wg/cf-reg-update. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Fossati & Dijk Expires 22 June 2025 [Page 1] Internet-Draft CoAP Content-Format Registrations Update December 2024 This Internet-Draft will expire on 22 June 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Examples for Erroneous Registrations . . . . . . . . . . . . 3 3.1. The Media Type is Unknown . . . . . . . . . . . . . . . . 3 3.2. The Media Type Parameter is Unknown . . . . . . . . . . . 4 3.3. The Media Type Parameter Value is Invalid . . . . . . . . 4 3.4. The Content Coding is Unknown . . . . . . . . . . . . . . 4 3.5. Duplicate Entry with Default Media Type Parameters . . . 5 3.6. Duplicate Entry with Default Content Coding . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5.1. "Full" Expert Review Checks . . . . . . . . . . . . . . . 7 5.2. "Lightweight" Expert Review Checks . . . . . . . . . . . 7 5.3. Temporary Note Removal . . . . . . . . . . . . . . . . . 7 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 6.1. Normative References . . . . . . . . . . . . . . . . . . 8 6.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Section 12.3 of [RFC7252] describes the registration procedures for the "CoAP Content-Formats" registry within the "CoRE Parameters" registry group [IANA.core-parameters]. (Note that the columns of this registry have been revised according to [Err4954].) In particular, the text defines the rules for obtaining CoAP Content- Format identifiers from the First Come First Served (FCFS) portion of the registry (10000-64999). These rules do not involve the Designated Expert (DE) and are managed solely by IANA personnel to Fossati & Dijk Expires 22 June 2025 [Page 2] Internet-Draft CoAP Content-Format Registrations Update December 2024 finalize the registration. Unfortunately, the instructions do not explicitly require checking that the combination of content-type (i.e., media type with optional parameters) and content coding associated with the requested CoAP Content-Format is semantically valid. This task is generally non-trivial, requiring knowledge from multiple documents and technologies, which is not a task to demand solely from the registrar. This lack of guidance may engender confusion in both the registering party and the registrar, and has already led to erroneous registrations. Section 5 of this memo updates the registration procedures for the "CoAP Content-Formats" registry regarding its FCFS portion to reduce the risk of accidental or malicious errors. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP14] (RFC2119) (RFC8174) when, and only when, they appear in all capitals, as shown here. This document uses the terms "media type", "content coding", "content-type" and "content format" as defined in Section 2 of [RFC9193]. 3. Examples for Erroneous Registrations This section contains a few examples of registration requests for a CoAP Content-Format with identifier in the FCFS space (64999) that must not be allowed to succeed. 3.1. The Media Type is Unknown The registrant requests an FCFS Content-Format ID for an unknown media type: +==========================+================+=======+ | Content Type | Content Coding | ID | +==========================+================+=======+ | application/unknown+cbor | - | 64999 | +--------------------------+----------------+-------+ Table 1: Attempt at Registering Content-Format for an Unknown Media Type Fossati & Dijk Expires 22 June 2025 [Page 3] Internet-Draft CoAP Content-Format Registrations Update December 2024 3.2. The Media Type Parameter is Unknown The registrant requests an FCFS Content-Format ID for an existing media type with an unknown parameter: +=======================================+================+=======+ | Content Type | Content Coding | ID | +=======================================+================+=======+ | application/cose; unknown-parameter=1 | - | 64999 | +---------------------------------------+----------------+-------+ Table 2: Attempt at Registering Content-Format for Media Type with Unknown Parameter 3.3. The Media Type Parameter Value is Invalid The registrant requests an FCFS Content-Format ID for an existing media type with an invalid parameter value: +=====================================+================+=======+ | Content Type | Content Coding | ID | +=====================================+================+=======+ | application/cose; cose-type=invalid | - | 64999 | +-------------------------------------+----------------+-------+ Table 3: Attempt at Registering Content-Format for Media Type with Invalid Parameter Value 3.4. The Content Coding is Unknown The registrant requests an FCFS Content-Format ID for an existing media type with an unknown content coding: +========================+================+=======+ | Content Type | Content Coding | ID | +========================+================+=======+ | application/senml+cbor | inflate | 64999 | +------------------------+----------------+-------+ Table 4: Attempt at Registering Content-Format with Unknown Content Coding Fossati & Dijk Expires 22 June 2025 [Page 4] Internet-Draft CoAP Content-Format Registrations Update December 2024 3.5. Duplicate Entry with Default Media Type Parameters The registrant requests an FCFS Content-Format ID for a media type that includes a parameter set to its default value, while this media type is already registered without that parameter. As a result, this could lead to the creation of two separate Content-Format IDs for the same "logical" entry. +===================================+================+=======+ | Content Type | Content Coding | ID | +===================================+================+=======+ | application/my | - | 64900 | +-----------------------------------+----------------+-------+ | application/my; parameter=default | - | 64999 | +-----------------------------------+----------------+-------+ Table 5: Attempt at Registering an Equivalent Logical Entry with a Different Content-Format ID (1) 3.6. Duplicate Entry with Default Content Coding The registrant requests an FCFS Content-Format ID for the "identity" Content Coding, which is the default coding. If accepted, this request would duplicate an entry where the "Content Coding" field is left empty. +================+================+=======+ | Content Type | Content Coding | ID | +================+================+=======+ | application/my | - | 64900 | +----------------+----------------+-------+ | application/my | identity | 64999 | +----------------+----------------+-------+ Table 6: Attempt at Registering an Equivalent Logical Entry with a Different Content-Format ID (2) 4. Security Considerations This memo hardens the registration procedures of CoAP Content-Formats in ways that reduce the chances of malicious manipulation of the associated registry. Other than that, it does not change the Security Considerations of [RFC7252]. Fossati & Dijk Expires 22 June 2025 [Page 5] Internet-Draft CoAP Content-Format Registrations Update December 2024 5. IANA Considerations The CoAP Content-Formats registration procedures defined in Section 12.3 of [RFC7252] are modified as shown in Table 7. +============================+==============+======================+ | Range | Registration | Note | | | Procedures | | +============================+==============+======================+ | 0-255 | Expert | Full review | | | Review | described in | | | | RFCthis, Section 5.1 | +----------------------------+--------------+----------------------+ | 256-9999 | IETF Review | | | | or IESG | | | | Approval | | +----------------------------+--------------+----------------------+ | 10000-64999 (No parameters | First Come | Corresponding media | | and empty Content Coding | First Served | type registration | | and media type not yet | | required | | used in this registry) | | | +----------------------------+--------------+----------------------+ | 10000-64999 (Includes | Expert | Lightweight review | | parameters and/or Content | Review | described in | | Coding) | | RFCthis, Section 5.2 | +----------------------------+--------------+----------------------+ | 65000-65535 | Experimental | | | | use (no | | | | operational | | | | use) | | +----------------------------+--------------+----------------------+ Table 7: Updated CoAP Content-Formats Registration Procedures The 10000-64999 range now has two separate registration procedures. If the registration consists solely of a registered media type name in the "Content Type" field, without any parameter names or "Content Coding", and the media type has not yet been used in this registry, then the policy is FCFS, as before. In all other cases, the policy will be Expert Review, following the checklist described in Section 5.2. A new column with the title "Note" has been added to the registry, which contains information about expected checks. Fossati & Dijk Expires 22 June 2025 [Page 6] Internet-Draft CoAP Content-Format Registrations Update December 2024 5.1. "Full" Expert Review Checks For the 0-255 range, the DE is instructed to perform a "Full Review" described in this section, not only the "lightweight" Expert Review that may apply to the 10000-64999 range. For this range, in addition to the checks described in Section 5.2, the DE is instructed to also evaluate the requested codepoint concerning the limited availability of the 1-byte codepoint space. For the 10000-64999 range, this criterion does not apply. 5.2. "Lightweight" Expert Review Checks For the 10000-64999 range, the Designated Expert is instructed to perform the "lightweight" Expert review, as described by the following checklist: 1. The combination of content-type and content coding for which the registration is requested must not be already present in the "CoAP Content-Formats" registry; 2. The media type associated with the requested Content-Format must exist (or must have been approved for registration) in the "Media Types" registry [IANA.media-types]; 3. The optional parameter names must have been defined in association with the media type, and any parameter values associated with such parameter names must be as permitted; 4. If a Content Coding is specified, it must exist (or must have been approved for registration) in the "HTTP Content Coding" registry of the "Hypertext Transfer Protocol (HTTP) Parameters" [IANA.http-parameters]. 5.3. Temporary Note Removal This section is to be removed before publishing as an RFC. The following note has been added to the registry as a temporary fix: "Note: The validity of the combination of Content Coding, Content Type and parameters is checked prior to assignment." IANA is instructed to remove this note from the registry when this document is approved for publication. RFC-Editor: please remove this section once the note has been removed. 6. References Fossati & Dijk Expires 22 June 2025 [Page 7] Internet-Draft CoAP Content-Format Registrations Update December 2024 6.1. Normative References [BCP14] Best Current Practice 14, . At the time of writing, this BCP comprises the following: Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014, . 6.2. Informative References [Err4954] RFC Errata Report 4954, RFC 7252, . [IANA.core-parameters] IANA, "Constrained RESTful Environments (CoRE) Parameters", . [IANA.http-parameters] IANA, "Hypertext Transfer Protocol (HTTP) Parameters", . [IANA.media-types] IANA, "Media Types", . [RFC9193] Keränen, A. and C. Bormann, "Sensor Measurement Lists (SenML) Fields for Indicating Data Value Content-Format", RFC 9193, DOI 10.17487/RFC9193, June 2022, . Acknowledgments Thank you Amanda Baber, Carsten Bormann, Francesca Palombini, and Marco Tiloca for your reviews, comments, suggestions and fixes. Fossati & Dijk Expires 22 June 2025 [Page 8] Internet-Draft CoAP Content-Format Registrations Update December 2024 Authors' Addresses Thomas Fossati Linaro Email: thomas.fossati@linaro.org Esko Dijk IoTconsultancy.nl Email: esko.dijk@iotconsultancy.nl Fossati & Dijk Expires 22 June 2025 [Page 9]