Internet-Draft CoAP Content-Format Registrations Update November 2024
Fossati & Dijk Expires 25 May 2025 [Page]
Workgroup:
Constrained RESTful Environments
Internet-Draft:
draft-fossati-core-cf-reg-update-02
Updates:
7252 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
T. Fossati
Linaro
E. Dijk
IoTconsultancy.nl

Update to the IANA CoAP Content-Formats Registration Procedures

Abstract

This document updates the registration procedures for the "CoAP Content-Formats" registry, within the "CoRE Parameters" registry group, defined in Section 12.3 of RFC7252. Specifically, those regarding the First Come First Served (FCFS) portion of the registry.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://thomas-fossati.github.io/draft-cf-reg-update/draft-fossati-core-cf-reg-update.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-fossati-core-cf-reg-update/.

Discussion of this document takes place on the Constrained RESTful Environments Working Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/core/. Subscribe at https://www.ietf.org/mailman/listinfo/core/.

Source for this draft and an issue tracker can be found at https://github.com/thomas-fossati/draft-cf-reg-update.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 25 May 2025.

Table of Contents

1. Introduction

Section 12.3 of [RFC7252] describes the registration procedures for the "CoAP Content-Formats" registry within the "CoRE Parameters" registry group [IANA.core-parameters]. (Note that the columns of this registry have been revised according to [Err4954].) In particular, the text defines the rules for obtaining CoAP Content-Format identifiers from the First Come First Served (FCFS) portion of the registry (10000-64999). These rules do not involve the Designated Expert (DE) and are managed solely by IANA personnel to finalize the registration. Unfortunately, the instructions do not explicitly require checking that the combination of content-type (i.e., media type with optional parameters) and content coding associated with the requested CoAP Content-Format is semantically valid. This task is generally non-trivial, requiring knowledge from multiple documents and technologies, which is unfair to demand solely from the registrar. This lack of guidance may engender confusion in both the registering party and the registrar, and could eventually lead to erroneous registrations.

Section 5 of this memo updates the registration procedures for the "CoAP Content-Formats" registry regarding its FCFS portion to reduce the risk of accidental or malicious errors.

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document uses the terms "media type", "content coding", "content-type" and "content format" as defined in Section 2 of [RFC9193].

3. (Bad) Examples

This section contains a few examples of registration requests for a CoAP Content-Format with identifier in the FCFS space (64999) that should not be allowed to succeed.

3.1. The Media Type is Unknown

The registrant requests an FCFS Content-Format ID for an unknown media type:

Table 1: Attempt at Registering Content-Format for an Unknown Media Type
Content Type Content Coding ID
application/unknown+cbor - 64999

3.2. The Media Type Parameter is Unknown

The registrant requests an FCFS Content-Format ID for an existing media type with an unknown parameter:

Table 2: Attempt at Registering Content-Format for Media Type with Unknown Parameter
Content Type Content Coding ID
application/cose; unknown-parameter=1 - 64999

3.3. The Media Type Parameter Value is Invalid

The registrant requests an FCFS Content-Format ID for an existing media type with an invalid parameter value:

Table 3: Attempt at Registering Content-Format for Media Type with Invalid Parameter Value
Content Type Content Coding ID
application/cose; cose-type=invalid - 64999

3.4. The Content Coding is Unknown

The registrant requests an FCFS Content-Format ID for an existing media type with an unknown content coding, "inflate":

Table 4: Attempt at Registering Content-Format with Unknown Content Coding
Content Type Content Coding ID
application/senml+cbor inflate 64999

4. Security Considerations

This memo hardens the registration procedures of CoAP Content-Formats in ways that reduce the chances of malicious manipulation of the associated registry.

Other than that, it does not change the Security Considerations of [RFC7252].

5. IANA Considerations

5.1. Expert Review with Expert Check "FCFS+"

This document introduces the term "Expert Review (Expert Check: FCFS+)" to describe a registration policy that would typically have been handled as FCFS, except the approval checklist is complex enough to require advice from a DE. Such policy can be viewed as a "lightweight" form of the "full" Expert Review.

A protocol that requires "Expert Check: FCFS+" for registration of its parameters MUST specify what the FCFS+ checks entail.

5.2. CoAP Content-Formats Registration Procedures Update

The CoAP Content-Formats registration procedures defined in Section 12.3 of [RFC7252] are modified to transition the 10000-64999 range from FCFS to "Expert Review (Expert Check: FCFS+)", with the FCFS+ checklist described in Section 5.2.1.

Table 5: Updated CoAP Content-Formats Registration Procedures
Range Registration Procedures
0-255 Expert Review (Full)
256-9999 IETF Review or IESG Approval
10000-64999 Expert Review (Expert Check: FCFS+)
65000-65535 Experimental use (no operational use)

The registration procedure for the 0-255 range has been slightly modified -- from "Expert Review" to "Expert Review (Full)" -- to clearly distinguish it from the policy that applies to the 10000-64999 range. For the 0-255 range, the DE must also evaluate the requested codepoint concerning the limited availability of the 1-byte codepoint space. For the 10000-64999 range, this criterion does not apply.

5.2.1. FCFS+ Checks

The "Expert Check: FCFS+" checklist for the CoAP Content-Formats registry consist of the following steps:

  1. The combination of content-type and content coding for which the registration is requested must not be already present in the "CoAP Content-Formats" registry;

  2. The media type associated with the requested Content-Format must exist in the "Media Types" registry [IANA.media-types], or IANA has approved its registration;

  3. The optional parameter names must exist in association with the media type, and any parameter values associated with such parameter names are as expected;

  4. If a Content Coding is specified, it must exist in the "HTTP Content Coding Registry" of the "Hypertext Transfer Protocol (HTTP) Parameters" [IANA.http-parameters], or IANA has approved its registration.

6. References

6.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC7252]
Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, , <https://www.rfc-editor.org/rfc/rfc7252>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.

6.2. Informative References

[Err4954]
RFC Errata Report 4954, RFC 7252, <https://www.rfc-editor.org/errata/eid4954>.
[IANA.core-parameters]
IANA, "Constrained RESTful Environments (CoRE) Parameters", <https://www.iana.org/assignments/core-parameters>.
[IANA.http-parameters]
IANA, "Hypertext Transfer Protocol (HTTP) Parameters", <https://www.iana.org/assignments/http-parameters>.
[IANA.media-types]
IANA, "Media Types", <https://www.iana.org/assignments/media-types>.
[RFC9193]
Keränen, A. and C. Bormann, "Sensor Measurement Lists (SenML) Fields for Indicating Data Value Content-Format", RFC 9193, DOI 10.17487/RFC9193, , <https://www.rfc-editor.org/rfc/rfc9193>.

Acknowledgments

Thank you Carsten Bormann, Francesca Palombini and Marco Tiloca for your reviews and comments.

Authors' Addresses

Thomas Fossati
Linaro
Esko Dijk
IoTconsultancy.nl