CBOR Working Group M. Jones Internet-Draft Microsoft Intended status: Standards Track A. Nadalin Expires: March 14, 2021 Independent J. Richter pdv Financial Software GmbH September 10, 2020 Concise Binary Object Representation (CBOR) Tags for Date draft-ietf-cbor-date-tag-07 Abstract The Concise Binary Object Representation (CBOR, RFC 7049) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. In CBOR, one point of extensibility is the definition of CBOR tags. RFC 7049 defines two tags for time: CBOR tag 0 (RFC 3339 date/time string) and tag 1 (Posix "seconds since the epoch"). Since then, additional requirements have become known. This specification defines a CBOR tag for an RFC 3339 date text string, for applications needing a textual date representation within the Gregorian calendar without a time. It also defines a CBOR tag for days since the date 1970-01-01 in the Gregorian calendar for applications needing a numeric date representation without a time. This specification is intended as the reference document for IANA registration of the CBOR tags defined. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 14, 2021. Jones, et al. Expires March 14, 2021 [Page 1] Internet-Draft CBOR Tag for Date September 2020 Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Calendar Dates . . . . . . . . . . . . . . . . . . . . . 3 1.1.1. Example Date Representations . . . . . . . . . . . . 3 1.2. Comparing Dates . . . . . . . . . . . . . . . . . . . . . 4 1.3. Comparing Dates and Date/Time Values . . . . . . . . . . 4 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 2.1. Concise Binary Object Representation (CBOR) Tags Registrations . . . . . . . . . . . . . . . . . . . . . . 4 3. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Normative References . . . . . . . . . . . . . . . . . . 5 4.2. Informative References . . . . . . . . . . . . . . . . . 5 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 5 Document History . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction The Concise Binary Object Representation (CBOR) [RFC7049] provides for the interchange of structured data without a requirement for a pre-agreed schema. RFC 7049 defines a basic set of data types, as well as a tagging mechanism that enables extending the set of data types supported via an IANA registry. This specification defines a CBOR tag for a text string representing a date without a time. The tagged text string is represented as specified by the RFC 3339 [RFC3339] "full-date" production. Per RFC 3339, this represents a date within the Gregorian calendar. This specification also defines a CBOR tag for an integer representing a date without a time. The tagged integer is an Jones, et al. Expires March 14, 2021 [Page 2] Internet-Draft CBOR Tag for Date September 2020 unsigned or negative value indicating the number of days since the Gregorian calendar date 1970-01-01. As an implementation note, this value has a constant offset from the Modified Julian Date value (which is defined by the Smithsonian Astrophysical Observatory as the number of days since November 17, 1858); this value is the Modified Julian Date minus 40587. Note that since both tags are for dates without times, times of day, time zones, and leap seconds are not applicable to these values. These tags are both for representations of Gregorian calendar dates. 1.1. Calendar Dates Calendar dates are used for numerous human use cases, such as marking the dates of significant events. For instance, John Lennon was born on October 9, 1940 and died on December 8, 1980. One such use case is driver's licenses, which typically include a date of birth. The dates used in this specification use the Gregorian calendar, as do those in RFC 3339 [RFC3339]. The time zones and actual times of these events are intentionally not represented in the calendar date. The epoch chosen for the second tag, which represents days since the Gregorian calendar date 1970-01-01, is related to the IEEE Std 1003.1, 2013 Edition [POSIX.1] time epoch 1970-01-01T00:00:00Z UTC only insofar as both contain the date 1970-01-01. This should not be construed as indicating that dates using this tag represent either a specific time of day and/or time zone. The day of the week (Sunday, Monday, Tuesday, etc.) is not explicitly represented in either of these date formats. However, deterministic algorithms that are beyond the scope of this specification can be used to derive the day of the week in the Gregorian calendar from dates represented in both of these formats. 1.1.1. Example Date Representations This table contains example representations for dates using both tags. +------------------+--------------+---------+ | Date | Tag 1004 | Tag 100 | +------------------+--------------+---------+ | October 9, 1940 | "1940-10-09" | -10676 | | December 8, 1980 | "1980-12-08" | 3994 | +------------------+--------------+---------+ Jones, et al. Expires March 14, 2021 [Page 3] Internet-Draft CBOR Tag for Date September 2020 1.2. Comparing Dates Comparison of dates in "full-date" format can be accomplished by normal string comparison, since by design, the digits representing the date are in fixed format and ordered from most significant to least significant. Comparison of numeric dates representing days since 1970-01-01 can be performed by normal integer comparison. Comparison of dates in other formats or using other calendars require conversions that are beyond the scope of this specification. Note that different dates may correspond to the same moment in time, depending upon the time zone in which the date was determined. For instance, at many times of the day, a conference call occurring on a particular date in Japan will simultaneously occur on the previous date in Hawaii; at many times of the day, Japan's Friday corresponds with Hawaii's Thursday. 1.3. Comparing Dates and Date/Time Values Comparing dates with date/time values, which represent a particular moment in time, is beyond the scope of this specification. That said, if a date is augmented with a time zone and time of day, a specific date/time value can be determined and comparing that date/ time value to others becomes possible. For instance, if one were to augment John Lennon's birth date of October 9, 1940 with the time of day and time zone of his birth, then it would be possible to derive a date/time at which he was born that could be compared with other date/time values. 2. IANA Considerations 2.1. Concise Binary Object Representation (CBOR) Tags Registrations This section registers the following values in the IANA "Concise Binary Object Representation (CBOR) Tags" registry [IANA.cbor-tags]. o Tag: 1004 o Data Item: UTF-8 text string o Semantics: RFC 3339 full-date string o Reference: [[ this specification ]] o Tag: 100 (ASCII 'd') o Data Item: Unsigned or negative integer o Semantics: Number of days since the epoch date 1970-01-01 o Reference: [[ this specification ]] Jones, et al. Expires March 14, 2021 [Page 4] Internet-Draft CBOR Tag for Date September 2020 3. Security Considerations The security considerations of RFC 7049 apply; the tags introduced here are not expected to raise security considerations beyond those. A date, of course, has significant security considerations. These include the exploitation of ambiguities where the date is security relevant or where the date is used in access control decisions. When using a calendar date for decision making, for example access control, it needs to be noted that since calendar dates do not represent a specific point in time, the results of the evaluation can differ depending upon where the decision is made. For instance, a person may have reached their 21st birthday in Japan while simultaneously being a day short of their 21st birthday in Hawaii. Similarly, it would be inappropriate to use only a date to trigger certificate expiration, since a date corresponds to a range of times worldwide, rather than a specific point in time that is independent of geographic location. 4. References 4.1. Normative References [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, . [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, October 2013, . 4.2. Informative References [IANA.cbor-tags] IANA, "Concise Binary Object Representation (CBOR) Tags", . [POSIX.1] IEEE, "The Open Group Base Specifications Issue 7", IEEE Std 1003.1, 2013 Edition, 2013, . Acknowledgements Thanks to Carsten Bormann for supporting creation of this specification. Parts of the explanatory text in this specification come from draft-bormann-cbor-time-tag-02. Jones, et al. Expires March 14, 2021 [Page 5] Internet-Draft CBOR Tag for Date September 2020 Thanks to these people for reviews of the specification: Henk Birkholz, Carsten Bormann, Samita Chakrabarti, Roman Danyliw, Linda Dunbar, Benjamin Kaduk, Erik Kline, Warren Kumari, Barry Leiba, Thiago Macieira, Francesca Palombini, Michael Richardson, Kyle Rose, Jim Schaad, Juergen Schoenwaelder, Eric Vyncke, Robert Wilton, and Dale Worley. Document History [[ to be removed by the RFC Editor before publication as an RFC ]] -07 o Acknowledged Linda Dunbar for her GenArt review and Samita Chakrabarti for her IOT-Dir review, as well as IESG reviewers. -06 o Addressed SecDir review comments by Kyle Rose. o Updated Tony Nadalin's affiliation and contact information. -05 o Incorporated additional suggestions by Carsten Bormann and Juergen Schoenwaelder. -04 o Addressed shepherd comments by Francesca Palombini. o Addressed additional review comments by Jim Schaad and Michael Richardson. -03 o Added statement that these tags are both for representations of calendar dates. o Described consequences of using calendar dates in access control decisions. -02 o Addressed working group last call comments, including stating that time zones are not applicable to these values. -01 Jones, et al. Expires March 14, 2021 [Page 6] Internet-Draft CBOR Tag for Date September 2020 o Changed "positive or negative" to "unsigned or negative". o Added an implementation note about the relationship to Modified Julian Dates. -00 o Initial working group version based on draft-jones-cbor-date- tag-01 with no normative changes. Authors' Addresses Michael B. Jones Microsoft Email: mbj@microsoft.com URI: https://self-issued.info/ Anthony Nadalin Independent Email: nadalin@prodigy.net Joerg Richter pdv Financial Software GmbH Email: joerg.richter@pdv-fs.de Jones, et al. Expires March 14, 2021 [Page 7]