| Internet-Draft | CBOR media types | July 2021 |
| Bormann | Expires 22 January 2022 | [Page] |
This short draft explains how to create Internet media types (content types, content formats) using CBOR, with a focus on selecting certain alternatives and providing the right information to the relevant IANA registration processes.¶
This note is to be removed before publishing as an RFC.¶
Discussion of this document takes place on the Concise Binary Object Representation Maintenance and Extensions Working Group mailing list (cbor@ietf.org), which is archived at https://www.ietf.org/mail-archive/web/cbor/current/maillist.html.¶
Source for this draft and an issue tracker can be found at https://github.com/cabo/cbor-media-types.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 January 2022.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
CBOR [RFC8949] is a representation format that can be used as a basis for defining data formats for interchange. Internet Media Types [RFC6838] allow to give names to such formats and register them with IANA, these names are then directly useful in protocols such as HTTP and E-Mail. Content-Formats (Sections 5.10.3, 5.10.4, and 12.3 of [RFC7252]) provide a way to assign small numbers to combinations of media-types, their parameters, and content-codings Section 8.5 of [RFC7230], employing the Content-Formats subregistry of the CoRE Parameters registry [IANA.core-parameters].¶
Although this document is not an IETF Standards Track publication, it adopts the conventions for normative language to provide clarity of instructions to the implementer. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In many cases, the interchange format and thus media type to be defined will be a single CBOR data item: See Section 2.1 for details. In some cases, a CBOR sequence [RFC8742] will be employed instead, which calls for a slightly different kind of registration: See Section 2.2 for details.¶
Section 9.5 of [RFC8949] registers a "structured syntax suffix" of
+cbor for media types based on a single encoded CBOR data item.¶
The idea of a structured syntax suffix is that processors that do not
know the specific semantics of a cbor-based media type can still
process its syntactical structure once they recognize that the media
type name ends in +cbor. While the usefulness of that often does
not extend beyond diagnostics and debugging, this is still a valid
motivation. Also, some generic processing schemes such as [I-D.ietf-cbor-packed]
may be directly applicable to all +cbor-suffixed media types.¶
For example, SenML, in Section 6 of [RFC8428], defines a
media type application/senml+cbor, among its related media types
such as application/senml+json.¶
[...] the "+cbor-seq" structured syntax suffix [...] SHOULD be used by a media type when the result of parsing the bytes of the media type object as a CBOR Sequence is meaningful and is at least sometimes not just a single CBOR data item. (Without the qualification at the end, this sentence this sentence is trivially true for any +cbor media type, which of course should continue to use the "+cbor" structured syntax suffix.)¶
application/missing-blocks+cbor-seq, as registered in Section 12.2 of [I-D.ietf-core-new-block], is an example.¶
The media type registration template defined in [RFC6838] is full of historic arcana that is not often fully explained in that RFC. Appendix A defines a hypothetical media type application/foo+cbor.¶
A few aspects warrant further discussion:¶
As per Section 12.3 of [RFC7252], a content format number registration requires an existing media-type registration, which you therefore need to do first (or at least in parallel). A Content-Format registration needs two additional pieces of information:¶
-), or it can be a
compression scheme such as deflate [RFC1951], br (brotli,
[RFC7932]), etc.
For CBOR data items, traditional data compression does not often
make a lot of sense (but it might, for large data items).
An example for a content-format in the Content-Formats
subregistry of
the CoRE Parameters registry [IANA.core-parameters] that does have a
non-identity content-coding is 11060, which is application/cbor
with deflate content-coding.¶
COSE (RFC in [RFC8152], soon to be supplanted by [I-D.ietf-cose-rfc8152bis-struct], [I-D.ietf-cose-rfc8152bis-algs], with [I-D.ietf-cose-hash-algs]) provides cryptographic building blocks that can be used in CBOR formats. It is generally RECOMMENDED to use these instead of home-brew crypto constructions whenever they are applicable. Support for libraries is one reason, but also the availability of crypto agility [BCP201] through the use of the COSE registries [IANA.cose].¶
...¶
Note that COSE defines media types and content formats already. These are generic formats that do not say anything further about the syntax and the semantics of the CBOR data that may be contained in the COSE constructs.¶
Many text-based protocols used in the IETF use ABNF [RFC5234] to provide formal, machine-readable definitions for their syntax. The Concise Data Definition Language (CDDL, [RFC8610]) fulfills the analogous function for CBOR (as well as for JSON [RFC8259]). A specification that defines a CBOR (or JSON) based media type SHOULD provide a CDDL specification, which is often very short (compare Figure 1 of [RFC8710], as reproduced below).¶
multipart-core = [* multipart-part] multipart-part = (type: uint .size 2, part: bytes / null)
See Appendix F of [RFC8610] for a tool that can be used in validating, as well as checking for the correct meaning, a CDDL snippet like the above.¶
...¶
application/foo+cbor registration
This appendix contains an example registration template for a
hypothetical application/foo+cbor media type (fashioned after that
in [RFC8710]), in a form that can be
pasted into a kramdown-rfc source file.¶
Note that the contact information and the change controller information is not very well defined; this may get some comments during media type registration review and IETF last call. It may seem obvious to include the WG name in the contact information, but that is likely to shut down before the specification becomes irrelevant. Recent RFCs are confused whether the change controller should be simply "IETF" or simply "IESG", or "IESG" plus the iesg mail address iesg@ietf.org. [RFC9000] is an interesting counter-example, as it seems to assume a perpetual WG:¶
All registrations in this document are assigned a permanent status and list a change controller of the IETF and a contact of the QUIC Working Group (quic@ietf.org).¶
[RFC8949] probably has the most useful solution for the contact information, assuming that the area ART (or at least its mail address) will be around for a while:¶
- Contact:
IETF CBOR Working Group (cbor@ietf.org) or IETF Applications and Real-Time Area (art@ietf.org)¶
IANA is requested to register the following media type [RFC6838]:¶
application¶
foo+cbor¶
N/A¶
N/A¶
binary¶
See the Security Considerations section of RFCXXXX.¶
N/A¶
RFCXXXX¶
(short description)¶
The syntax and semantics of fragment identifiers specified for application/multipart-core are as specified for application/cbor. (At publication of this document, there is no fragment identification syntax defined for application/cbor.)¶
Person & email address to contact for further information: iesg@ietf.org¶