CBOR Working Group M. Jones Internet-Draft A. Nadalin Intended status: Standards Track Microsoft Expires: January 2, 2021 J. Richter pdv Financial Software GmbH July 1, 2020 Concise Binary Object Representation (CBOR) Tags for Date draft-ietf-cbor-date-tag-03 Abstract The Concise Binary Object Representation (CBOR, RFC 7049) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. In CBOR, one point of extensibility is the definition of CBOR tags. RFC 7049 defines two tags for time: CBOR tag 0 (RFC 3339 date/time string) and tag 1 (Posix "seconds since the epoch"). Since then, additional requirements have become known. This specification defines a CBOR tag for an RFC 3339 date text string, for applications needing a textual date representation without a time. It also defines a CBOR tag for days since the Posix epoch, for applications needing a numeric date representation without a time. These tags are both for representations of calendar dates. It is intended as the reference document for the IANA registration of the CBOR tags defined. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 2, 2021. Jones, et al. Expires January 2, 2021 [Page 1] Internet-Draft CBOR Tag for Date July 2020 Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Notation and Conventions . . . . . . . . . . 3 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 2.1. Concise Binary Object Representation (CBOR) Tags Registrations . . . . . . . . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Normative References . . . . . . . . . . . . . . . . . . 4 4.2. Informative References . . . . . . . . . . . . . . . . . 4 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 4 Document History . . . . . . . . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction The Concise Binary Object Representation (CBOR) [RFC7049] provides for the interchange of structured data without a requirement for a pre-agreed schema. RFC 7049 defines a basic set of data types, as well as a tagging mechanism that enables extending the set of data types supported via an IANA registry. This specification defines a CBOR tag for a text string representing a date without a time. The tagged text string is represented as specified by the RFC 3339 [RFC3339] "full-date" production. This specification also defines a CBOR tag for an integer representing a date without a time. The tagged integer is an unsigned or negative value indicating the number of days since the IEEE Std 1003.1, 2013 Edition [POSIX.1] epoch date 1970-01-01. As an implementation note, this value has a constant offset from the Modified Julian Date value (which is defined by the Smithsonian Jones, et al. Expires January 2, 2021 [Page 2] Internet-Draft CBOR Tag for Date July 2020 Astrophysical Observatory as the number of days since November 17, 1858); this value is the Modified Julian Date minus 40,587. Note that since both tags are for dates without times, time zones and leap seconds are not applicable to these values. These tags are both for representations of calendar dates. 1.1. Requirements Notation and Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. IANA Considerations 2.1. Concise Binary Object Representation (CBOR) Tags Registrations This section registers the following values in the IANA "Concise Binary Object Representation (CBOR) Tags" registry [IANA.cbor-tags]. o Tag: 1004 (value requested) o Data Item: UTF-8 text string o Semantics: RFC 3339 full-date string o Reference: [[ this specification ]] o Tag: 100 (ASCII 'd') (value requested) o Data Item: Unsigned or negative integer o Semantics: Number of days since the epoch date 1970-01-01 o Reference: [[ this specification ]] 3. Security Considerations The security considerations of RFC 7049 apply; the tags introduced here are not expected to raise security considerations beyond those. A date, of course, has significant security considerations; these include the exploitation of ambiguities where the date is security relevant or where the date is used in access control decisions. When using a calendar date for decision making, for example access control, it needs to be noted that since calendar dates do not represent a specific point in time, the results of the evaluation can differ depending upon where the decision is made. For instance, a person may have reached their 21st birthday in Japan while simultaneously being a day short of their 21st birthday in Hawaii. Jones, et al. Expires January 2, 2021 [Page 3] Internet-Draft CBOR Tag for Date July 2020 4. References 4.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, . [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, October 2013, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 4.2. Informative References [IANA.cbor-tags] IANA, "Concise Binary Object Representation (CBOR) Tags", . [POSIX.1] IEEE, "The Open Group Base Specifications Issue 7", IEEE Std 1003.1, 2013 Edition, 2013, . Acknowledgements Thanks to Carsten Bormann for supporting creation of this specification. Parts of the explanatory text in this specification come from draft-bormann-cbor-time-tag-02. Thanks to these people for reviews of the specification: Henk Birkholz, Carsten Bormann, Thiago Macieira, Michael Richardson, Jim Schaad, Juergen Schoenwaelder, and Dale Worley. Document History [[ to be removed by the RFC Editor before publication as an RFC ]] -03 Jones, et al. Expires January 2, 2021 [Page 4] Internet-Draft CBOR Tag for Date July 2020 o Added statement that these tags are both for representations of calendar dates. o Described consequences of using calendar dates in access control decisions. -02 o Addressed working group last call comments, including stating that time zones are not applicable to these values. -01 o Changed "positive or negative" to "unsigned or negative". o Added an implementation note about the relationship to Modified Julian Dates. -00 o Initial working group version based on draft-jones-cbor-date- tag-01 with no normative changes. Authors' Addresses Michael B. Jones Microsoft Email: mbj@microsoft.com URI: https://self-issued.info/ Anthony Nadalin Microsoft Email: tonynad@microsoft.com Joerg Richter pdv Financial Software GmbH Email: joerg.richter@pdv-fs.de Jones, et al. Expires January 2, 2021 [Page 5]