idnits 2.17.1 draft-ietf-cbor-date-tag-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 26, 2020) is 1337 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 7049 (Obsoleted by RFC 8949) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 CBOR Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track A. Nadalin 5 Expires: February 27, 2021 Independent 6 J. Richter 7 pdv Financial Software GmbH 8 August 26, 2020 10 Concise Binary Object Representation (CBOR) Tags for Date 11 draft-ietf-cbor-date-tag-06 13 Abstract 15 The Concise Binary Object Representation (CBOR, RFC 7049) is a data 16 format whose design goals include the possibility of extremely small 17 code size, fairly small message size, and extensibility without the 18 need for version negotiation. 20 In CBOR, one point of extensibility is the definition of CBOR tags. 21 RFC 7049 defines two tags for time: CBOR tag 0 (RFC 3339 date/time 22 string) and tag 1 (Posix "seconds since the epoch"). Since then, 23 additional requirements have become known. This specification 24 defines a CBOR tag for an RFC 3339 date text string, for applications 25 needing a textual date representation within the Gregorian calendar 26 without a time. It also defines a CBOR tag for days since the date 27 1970-01-01 in the Gregorian calendar for applications needing a 28 numeric date representation without a time. This specification is 29 intended as the reference document for IANA registration of the CBOR 30 tags defined. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at https://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on February 27, 2021. 49 Copyright Notice 51 Copyright (c) 2020 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (https://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 1.1. Calendar Dates . . . . . . . . . . . . . . . . . . . . . 3 68 1.1.1. Example Date Representations . . . . . . . . . . . . 3 69 1.2. Comparing Dates . . . . . . . . . . . . . . . . . . . . . 4 70 1.3. Comparing Dates and Date/Time Values . . . . . . . . . . 4 71 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 72 2.1. Concise Binary Object Representation (CBOR) Tags 73 Registrations . . . . . . . . . . . . . . . . . . . . . . 4 74 3. Security Considerations . . . . . . . . . . . . . . . . . . . 5 75 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 76 4.1. Normative References . . . . . . . . . . . . . . . . . . 5 77 4.2. Informative References . . . . . . . . . . . . . . . . . 5 78 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 5 79 Document History . . . . . . . . . . . . . . . . . . . . . . . . 6 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 82 1. Introduction 84 The Concise Binary Object Representation (CBOR) [RFC7049] provides 85 for the interchange of structured data without a requirement for a 86 pre-agreed schema. RFC 7049 defines a basic set of data types, as 87 well as a tagging mechanism that enables extending the set of data 88 types supported via an IANA registry. 90 This specification defines a CBOR tag for a text string representing 91 a date without a time. The tagged text string is represented as 92 specified by the RFC 3339 [RFC3339] "full-date" production. Per RFC 93 3339, this represents a date within the Gregorian calendar. 95 This specification also defines a CBOR tag for an integer 96 representing a date without a time. The tagged integer is an 97 unsigned or negative value indicating the number of days since the 98 Gregorian calendar date 1970-01-01. As an implementation note, this 99 value has a constant offset from the Modified Julian Date value 100 (which is defined by the Smithsonian Astrophysical Observatory as the 101 number of days since November 17, 1858); this value is the Modified 102 Julian Date minus 40587. 104 Note that since both tags are for dates without times, times of day, 105 time zones, and leap seconds are not applicable to these values. 106 These tags are both for representations of Gregorian calendar dates. 108 1.1. Calendar Dates 110 Calendar dates are used for numerous human use cases, such as marking 111 the dates of significant events. For instance, John Lennon was born 112 on October 9, 1940 and died on December 8, 1980. One such use case 113 is driver's licenses, which typically include a date of birth. The 114 dates used in this specification use the Gregorian calendar, as do 115 those in RFC 3339 [RFC3339]. The time zones and actual times of 116 these events are intentionally not represented in the calendar date. 118 The epoch chosen for the second tag, which represents days since the 119 Gregorian calendar date 1970-01-01, is related to the IEEE Std 120 1003.1, 2013 Edition [POSIX.1] time epoch 1970-01-01T00:00:00Z UTC 121 only insofar as both contain the date 1970-01-01. This should not be 122 construed as indicating that dates using this tag represent either a 123 specific time of day and/or time zone. 125 The day of the week (Sunday, Monday, Tuesday, etc.) is not explicitly 126 represented in either of these date formats. However, deterministic 127 algorithms that are beyond the scope of this specification can be 128 used to derive the day of the week in the Gregorian calendar from 129 dates represented in both of these formats. 131 1.1.1. Example Date Representations 133 This table contains example representations for dates using both 134 tags. 136 +------------------+--------------+---------+ 137 | Date | Tag 1004 | Tag 100 | 138 +------------------+--------------+---------+ 139 | October 9, 1940 | "1940-10-09" | -10676 | 140 | December 8, 1980 | "1980-12-08" | 3994 | 141 +------------------+--------------+---------+ 143 1.2. Comparing Dates 145 Comparison of dates in "full-date" format can be accomplished by 146 normal string comparison, since by design, the digits representing 147 the date are in fixed format and ordered from most significant to 148 least significant. Comparison of numeric dates representing days 149 since 1970-01-01 can be performed by normal integer comparison. 150 Comparison of dates in other formats or using other calendars require 151 conversions that are beyond the scope of this specification. 153 Note that different dates may correspond to the same moment in time, 154 depending upon the time zone in which the date was determined. For 155 instance, at many times of the day, a conference call occurring on a 156 particular date in Japan will simultaneously occur on the previous 157 date in Hawaii; at many times of the day, Japan's Friday corresponds 158 with Hawaii's Thursday. 160 1.3. Comparing Dates and Date/Time Values 162 Comparing dates with date/time values, which represent a particular 163 moment in time, is beyond the scope of this specification. That 164 said, if a date is augmented with a time zone and time of day, a 165 specific date/time value can be determined and comparing that date/ 166 time value to others becomes possible. For instance, if one were to 167 augment John Lennon's birth date of October 9, 1940 with the time of 168 day and time zone of his birth, then it would be possible to derive a 169 date/time at which he was born that could be compared with other 170 date/time values. 172 2. IANA Considerations 174 2.1. Concise Binary Object Representation (CBOR) Tags Registrations 176 This section registers the following values in the IANA "Concise 177 Binary Object Representation (CBOR) Tags" registry [IANA.cbor-tags]. 179 o Tag: 1004 180 o Data Item: UTF-8 text string 181 o Semantics: RFC 3339 full-date string 182 o Reference: [[ this specification ]] 184 o Tag: 100 (ASCII 'd') 185 o Data Item: Unsigned or negative integer 186 o Semantics: Number of days since the epoch date 1970-01-01 187 o Reference: [[ this specification ]] 189 3. Security Considerations 191 The security considerations of RFC 7049 apply; the tags introduced 192 here are not expected to raise security considerations beyond those. 194 A date, of course, has significant security considerations. These 195 include the exploitation of ambiguities where the date is security 196 relevant or where the date is used in access control decisions. 198 When using a calendar date for decision making, for example access 199 control, it needs to be noted that since calendar dates do not 200 represent a specific point in time, the results of the evaluation can 201 differ depending upon where the decision is made. For instance, a 202 person may have reached their 21st birthday in Japan while 203 simultaneously being a day short of their 21st birthday in Hawaii. 204 Similarly, it would be inappropriate to use only a date to trigger 205 certificate expiration, since a date corresponds to a range of times 206 worldwide, rather than a specific point in time that is independent 207 of geographic location. 209 4. References 211 4.1. Normative References 213 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 214 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 215 . 217 [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object 218 Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, 219 October 2013, . 221 4.2. Informative References 223 [IANA.cbor-tags] 224 IANA, "Concise Binary Object Representation (CBOR) Tags", 225 . 227 [POSIX.1] IEEE, "The Open Group Base Specifications Issue 7", 228 IEEE Std 1003.1, 2013 Edition, 2013, 229 . 232 Acknowledgements 234 Thanks to Carsten Bormann for supporting creation of this 235 specification. Parts of the explanatory text in this specification 236 come from draft-bormann-cbor-time-tag-02. 238 Thanks to these people for reviews of the specification: Henk 239 Birkholz, Carsten Bormann, Thiago Macieira, Francesca Palombini, 240 Michael Richardson, Kyle Rose, Jim Schaad, Juergen Schoenwaelder, and 241 Dale Worley. 243 Document History 245 [[ to be removed by the RFC Editor before publication as an RFC ]] 247 -06 249 o Addressed SecDir review comments by Kyle Rose. 251 o Updated Tony Nadalin's affiliation and contact information. 253 -05 255 o Incorporated additional suggestions by Carsten Bormann and Juergen 256 Schoenwaelder. 258 -04 260 o Addressed shepherd comments by Francesca Palombini. 262 o Addressed additional review comments by Jim Schaad and Michael 263 Richardson. 265 -03 267 o Added statement that these tags are both for representations of 268 calendar dates. 270 o Described consequences of using calendar dates in access control 271 decisions. 273 -02 275 o Addressed working group last call comments, including stating that 276 time zones are not applicable to these values. 278 -01 280 o Changed "positive or negative" to "unsigned or negative". 282 o Added an implementation note about the relationship to Modified 283 Julian Dates. 285 -00 286 o Initial working group version based on draft-jones-cbor-date- 287 tag-01 with no normative changes. 289 Authors' Addresses 291 Michael B. Jones 292 Microsoft 294 Email: mbj@microsoft.com 295 URI: https://self-issued.info/ 297 Anthony Nadalin 298 Independent 300 Email: nadalin@prodigy.net 302 Joerg Richter 303 pdv Financial Software GmbH 305 Email: joerg.richter@pdv-fs.de