Internet-Draft | CoAP Content-Format Registrations Update | November 2024 |
Fossati & Dijk | Expires 25 May 2025 | [Page] |
This document updates the registration procedures for the "CoAP Content-Formats" registry, within the "CoRE Parameters" registry group, defined in Section 12.3 of RFC7252. Specifically, those regarding the First Come First Served (FCFS) portion of the registry.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://thomas-fossati.github.io/draft-cf-reg-update/draft-fossati-core-cf-reg-update.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-fossati-core-cf-reg-update/.¶
Discussion of this document takes place on the Constrained RESTful Environments Working Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/core/. Subscribe at https://www.ietf.org/mailman/listinfo/core/.¶
Source for this draft and an issue tracker can be found at https://github.com/thomas-fossati/draft-cf-reg-update.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 25 May 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Section 12.3 of [RFC7252] describes the registration procedures for the "CoAP Content-Formats" registry within the "CoRE Parameters" registry group [IANA.core-parameters]. (Note that the columns of this registry have been revised according to [Err4954].) In particular, the text defines the rules for obtaining CoAP Content-Format identifiers from the First Come First Served (FCFS) portion of the registry (10000-64999). These rules do not involve the Designated Expert (DE) and are managed solely by IANA personnel to finalize the registration. Unfortunately, the instructions do not explicitly require checking that the combination of content-type (i.e., media type with optional parameters) and content coding associated with the requested CoAP Content-Format is semantically valid. This task is generally non-trivial, requiring knowledge from multiple documents and technologies, which is unfair to demand solely from the registrar. This lack of guidance may engender confusion in both the registering party and the registrar, and could eventually lead to erroneous registrations.¶
Section 5 of this memo updates the registration procedures for the "CoAP Content-Formats" registry regarding its FCFS portion to reduce the risk of accidental or malicious errors.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the terms "media type", "content coding", "content-type" and "content format" as defined in Section 2 of [RFC9193].¶
This section contains a few examples of registration requests for a CoAP Content-Format with identifier in the FCFS space (64999) that should not be allowed to succeed.¶
The registrant requests an FCFS Content-Format ID for an unknown media type:¶
Content Type | Content Coding | ID |
---|---|---|
application/unknown+cbor | - | 64999 |
The registrant requests an FCFS Content-Format ID for an existing media type with an unknown parameter:¶
Content Type | Content Coding | ID |
---|---|---|
application/cose; unknown-parameter=1 | - | 64999 |
The registrant requests an FCFS Content-Format ID for an existing media type with an invalid parameter value:¶
Content Type | Content Coding | ID |
---|---|---|
application/cose; cose-type=invalid | - | 64999 |
The registrant requests an FCFS Content-Format ID for an existing media type with an unknown content coding, "inflate":¶
Content Type | Content Coding | ID |
---|---|---|
application/senml+cbor | inflate | 64999 |
This memo hardens the registration procedures of CoAP Content-Formats in ways that reduce the chances of malicious manipulation of the associated registry.¶
Other than that, it does not change the Security Considerations of [RFC7252].¶
This document introduces the term "Expert Review (Expert Check: FCFS+)" to describe a registration policy that would typically have been handled as FCFS, except the approval checklist is complex enough to require advice from a DE. Such policy can be viewed as a "lightweight" form of the "full" Expert Review.¶
A protocol that requires "Expert Check: FCFS+" for registration of its parameters MUST specify what the FCFS+ checks entail.¶
The CoAP Content-Formats registration procedures defined in Section 12.3 of [RFC7252] are modified to transition the 10000-64999 range from FCFS to "Expert Review (Expert Check: FCFS+)", with the FCFS+ checklist described in Section 5.2.1.¶
Range | Registration Procedures |
---|---|
0-255 | Expert Review (Full) |
256-9999 | IETF Review or IESG Approval |
10000-64999 | Expert Review (Expert Check: FCFS+) |
65000-65535 | Experimental use (no operational use) |
The registration procedure for the 0-255 range has been slightly modified -- from "Expert Review" to "Expert Review (Full)" -- to clearly distinguish it from the policy that applies to the 10000-64999 range. For the 0-255 range, the DE must also evaluate the requested codepoint concerning the limited availability of the 1-byte codepoint space. For the 10000-64999 range, this criterion does not apply.¶
The "Expert Check: FCFS+" checklist for the CoAP Content-Formats registry consist of the following steps:¶
The combination of content-type and content coding for which the registration is requested must not be already present in the "CoAP Content-Formats" registry;¶
The media type associated with the requested Content-Format must exist in the "Media Types" registry [IANA.media-types], or IANA has approved its registration;¶
The optional parameter names must exist in association with the media type, and any parameter values associated with such parameter names are as expected;¶
If a Content Coding is specified, it must exist in the "HTTP Content Coding Registry" of the "Hypertext Transfer Protocol (HTTP) Parameters" [IANA.http-parameters], or IANA has approved its registration.¶
Thank you Carsten Bormann, Francesca Palombini and Marco Tiloca for your reviews and comments.¶