Constrained RESTful Environments T. Fossati Internet-Draft Linaro Updates: 7252 (if approved) E. Dijk Intended status: Standards Track IoTconsultancy.nl Expires: 23 August 2025 19 February 2025 Update to the IANA CoAP Content-Formats Registration Procedures draft-ietf-core-cf-reg-update-04 Abstract This document updates RFC7252 regarding the registration procedures for the "CoAP Content-Formats" IANA registry, within the "Constrained RESTful Environments (CoRE) Parameters" registry group. This document also introduces a new column, "Media Type", to the registry. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://core- wg.github.io/cf-reg-update/draft-ietf-core-cf-reg-update.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-core-cf-reg-update/. Discussion of this document takes place on the Constrained RESTful Environments Working Group mailing list (mailto:core@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/core/. Subscribe at https://www.ietf.org/mailman/listinfo/core/. Source for this draft and an issue tracker can be found at https://github.com/core-wg/cf-reg-update. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Fossati & Dijk Expires 23 August 2025 [Page 1] Internet-Draft CoAP Content-Format Registrations Update February 2025 This Internet-Draft will expire on 23 August 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Examples for Erroneous Registrations . . . . . . . . . . . . 3 3.1. The Media Type is Unknown . . . . . . . . . . . . . . . . 4 3.2. The Media Type Parameter is Unknown . . . . . . . . . . . 4 3.3. The Media Type Parameter Value is Invalid . . . . . . . . 4 3.4. The Content Coding is Unknown . . . . . . . . . . . . . . 4 3.5. Duplicate Entry with Default Media Type Parameters . . . 5 3.6. Duplicate Entry with Default Content Coding . . . . . . . 5 3.7. Duplicate Entry with Equivalent Parameter . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5.1. Temporary Content-Format Registrations . . . . . . . . . 8 5.2. Adding the Media Type Column to the Registry . . . . . . 8 5.3. Expert Review Procedure . . . . . . . . . . . . . . . . . 9 5.4. Preferred Format for the Content Type Field . . . . . . . 10 5.5. Temporary Note Removal . . . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 11 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction Section 12.3 of [RFC7252] describes the registration procedures for the "CoAP Content-Formats" IANA registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group [IANA.core-parameters]. (Note that the columns of this registry have been revised according to [Err4954].) Fossati & Dijk Expires 23 August 2025 [Page 2] Internet-Draft CoAP Content-Format Registrations Update February 2025 In particular, the text defines the rules for obtaining CoAP Content- Format identifiers from the "IETF Review" or "IESG Approval" range of the registry (256-9999) as well as from the First Come First Served (FCFS) range of the registry (10000-64999). For the FCFS range, these rules do not involve the Designated Expert (DE) and are managed solely by IANA personnel to finalize the registration. Unfortunately, the instructions do not explicitly require checking that the combination of content-type (i.e., media type with optional parameters) and content coding associated with the requested CoAP Content-Format is semantically valid. This task is generally non- trivial, requires knowledge from multiple documents and technologies, and should not be solely demanded from the registrar. This lack of guidance may engender confusion in both the registering party and the registrar, and has already led to erroneous registrations. In Section 5, this document updates [RFC7252] by modifying the registration procedures for the "CoAP Content-Formats" registry to mitigate the risk of unintentional or malicious errors. These updates amend the different ranges of the registry, introduce a review procedure to be performed for most ranges of the registry, and allow the registration of temporary Content-Format identifiers for certain ranges of the registry. This document also introduces a new column, "Media Type", to the registry. 2. Conventions and Definitions This document uses the terms "media type", "content coding", "content-type", and "content format" as defined in Section 2 of [RFC9193]. 3. Examples for Erroneous Registrations This section contains examples of registration requests for a CoAP Content-Format with identifier 64999 in the FCFS range of the "CoAP Content-Formats" registry, as defined in Section 12.3 of [RFC7252] and revised according to [Err4954], which must not be allowed to succeed. For each of the following example registration requests, one can create a similar instance where the requested registration is for a CoAP Content-Format identifier within the "IETF Review" or "IESG Approval" range of the registry. Similarly, such registrations must not be allowed to succeed. Fossati & Dijk Expires 23 August 2025 [Page 3] Internet-Draft CoAP Content-Format Registrations Update February 2025 3.1. The Media Type is Unknown The registrant requests an FCFS Content-Format ID for an unknown media type: +==========================+================+=======+ | Content Type | Content Coding | ID | +==========================+================+=======+ | application/unknown+cbor | - | 64999 | +--------------------------+----------------+-------+ Table 1: Attempt at Registering Content-Format for an Unknown Media Type 3.2. The Media Type Parameter is Unknown The registrant requests an FCFS Content-Format ID for an existing media type with an unknown parameter: +======================================+================+=======+ | Content Type | Content Coding | ID | +======================================+================+=======+ | application/cose;unknown-parameter=1 | - | 64999 | +--------------------------------------+----------------+-------+ Table 2: Attempt at Registering Content-Format for Media Type with Unknown Parameter 3.3. The Media Type Parameter Value is Invalid The registrant requests an FCFS Content-Format ID for an existing media type with an invalid parameter value: +====================================+================+=======+ | Content Type | Content Coding | ID | +====================================+================+=======+ | application/cose;cose-type=invalid | - | 64999 | +------------------------------------+----------------+-------+ Table 3: Attempt at Registering Content-Format for Media Type with Invalid Parameter Value 3.4. The Content Coding is Unknown The registrant requests an FCFS Content-Format ID for an existing media type with an unknown content coding: Fossati & Dijk Expires 23 August 2025 [Page 4] Internet-Draft CoAP Content-Format Registrations Update February 2025 +========================+================+=======+ | Content Type | Content Coding | ID | +========================+================+=======+ | application/senml+cbor | inflate | 64999 | +------------------------+----------------+-------+ Table 4: Attempt at Registering Content-Format with Unknown Content Coding 3.5. Duplicate Entry with Default Media Type Parameters The registrant requests an FCFS Content-Format ID for a media type that includes a parameter set to its default value, while a (hypothetical) Content-Format ID 64900 is already registered for this media type without that parameter. As a result, this could lead to the creation of two separate Content-Format IDs for the same "logical" entry. +==================================+================+=======+ | Content Type | Content Coding | ID | +==================================+================+=======+ | application/my | - | 64900 | +----------------------------------+----------------+-------+ | application/my;parameter=default | - | 64999 | +----------------------------------+----------------+-------+ Table 5: Attempt at Registering an Equivalent Logical Entry with a Different Content-Format ID (1) 3.6. Duplicate Entry with Default Content Coding The registrant requests an FCFS Content-Format ID for the "identity" Content Coding, which is the default coding. If accepted, this request would duplicate an entry with (hypothetical) Content-Format ID 64900 where the "Content Coding" field is left empty. +================+================+=======+ | Content Type | Content Coding | ID | +================+================+=======+ | application/my | - | 64900 | +----------------+----------------+-------+ | application/my | identity | 64999 | +----------------+----------------+-------+ Table 6: Attempt at Registering an Equivalent Logical Entry with a Different Content-Format ID (2) Fossati & Dijk Expires 23 August 2025 [Page 5] Internet-Draft CoAP Content-Format Registrations Update February 2025 3.7. Duplicate Entry with Equivalent Parameter The registrant requests an FCFS Content-Format ID for a media type that includes a parameter. The value of this parameter appears distinct from that of a (hypothetical) previously registered Content- Format ID 64900 that also includes this parameter. However, the semantics of the parameter value are identical to the existing registration. In this example, the eat_profile parameter value (which can be any URI) is set as a Uniform Resource Name (URN) [RFC8141]. Since for URNs, the Namespace Identifier (foo in the example) is defined as case insensitive, the two registrations are semantically identical. +=================================+================+=======+ | Content Type | Content Coding | ID | +=================================+================+=======+ | application/ | - | 64900 | | eat+cwt;eat_profile="urn:foo:1" | | | +---------------------------------+----------------+-------+ | application/ | - | 64999 | | eat+cwt;eat_profile="urn:FOO:1" | | | +---------------------------------+----------------+-------+ Table 7: Attempt at Registering an Equivalent Logical Entry with a Different Content-Format ID (3) 4. Security Considerations This document hardens the registration procedures of CoAP Content- Formats in ways that reduce the chances of malicious manipulation of the associated registry. Other than that, it does not change the Security Considerations of [RFC7252]. 5. IANA Considerations // RFC Editor: in this section, please replace RFCthis with the RFC // number assigned to this document and remove this note. The CoAP Content-Formats registration procedures defined in Section 12.3 of [RFC7252] are modified as shown in Table 8. Fossati & Dijk Expires 23 August 2025 [Page 6] Internet-Draft CoAP Content-Format Registrations Update February 2025 +========================+================+=========================+ | Range | Registration | Notes | | | Procedures | | +========================+================+=========================+ | 0-255 | Expert Review | Review procedure | | | | described in RFCthis, | | | | Section 5.3 | +------------------------+----------------+-------------------------+ | 256-9999 | IETF Review | Review procedure | | | with Expert | described in RFCthis, | | | Review or IESG | Section 5.3 | | | Approval with | | | | Expert Review | | +------------------------+----------------+-------------------------+ | 10000-64999 (No | First Come | The corresponding media | | parameters and empty | First Served | type must be registered | | Content Coding and | | (or approved for | | media type not yet | | registration) in the | | used in this | | "Media Types" registry | | registry) | | [IANA.media-types] | +------------------------+----------------+-------------------------+ | 10000-64999 | Expert Review | Review procedure | | (Includes parameters | | described in RFCthis, | | and/or Content | | Section 5.3 | | Coding and/or media | | | | type appears in this | | | | registry) | | | +------------------------+----------------+-------------------------+ | 65000-65535 | Experimental | No operational use | | | Use | | +------------------------+----------------+-------------------------+ Table 8: Updated CoAP Content-Formats Registration Procedures The 256-9999 range now has registration procedures requiring "IETF Review with Expert Review" or "IESG Approval with Expert Review." In particular: * All assignments according to "IETF Review with Expert Review" are made on an "IETF Review" basis per Section 4.8 of [BCP26] with "Expert Review" additionally required per Section 4.5 of [BCP26]. The procedure for early IANA allocation of "standards track code points" defined in [RFC7120] also applies. When such a procedure is used, IANA will ask the Designated Expert(s) to approve the early allocation before registration. In addition, working group chairs are encouraged to consult the Expert(s) early during the process outlined in Section 3.1 of [RFC7120]. Fossati & Dijk Expires 23 August 2025 [Page 7] Internet-Draft CoAP Content-Format Registrations Update February 2025 * All assignments according to "IESG Approval with Expert Review" are made on an "IESG Approval" basis per Section 4.10 of [BCP26] with "Expert Review" additionally required per Section 4.5 of [BCP26]. The 10000-64999 range now has two separate registration procedures. If the registration consists solely of a registered media type name in the "Content Type" field, without any parameter names or "Content Coding", and the media type has not yet been used in this registry, then the policy is FCFS, as before. In all other cases, the policy is "Expert Review," following the procedure described in Section 5.3. A new column with the title "Notes" has been added to the CoAP Content-Formats Registration Procedures shown in Table 8. 5.1. Temporary Content-Format Registrations This section clarifies that the "CoAP Content-Formats" registry allows temporary registrations within the 0-255 and 256-9999 ranges. The range 10000-64999 does not allow temporary registrations. A temporary registration may be created for example by an IANA early allocation action, as requested by the authors of an Internet-Draft in the IETF stream. Alternatively, it may be created because the referenced media type is still provisional (that is, included in the IANA "Provisional Standard Media Type" registry [IANA.provisional-standard-media-types]). A temporary registration is marked by IANA with the label "TEMPORARY" in the corresponding registry entry. Once the required review procedure for the temporary ID has successfully completed, and the referenced media type is included in the IANA Media Types registry [IANA.media-types], IANA must remove the "TEMPORARY" label so that the entry becomes permanent. If the requested temporary entry does not successfully pass its required review procedure, IANA must remove the entry again and set the Content-Format ID value back to "Unassigned". This may happen for example when an Internet-Draft requesting a Content-Format ID is abandoned, or when the referenced provisional media type is abandoned. 5.2. Adding the Media Type Column to the Registry To assist users of the "CoAP Content-Formats" registry in finding detailed information about the media type associated with each CoAP Content-Format, and to ensure that a media type exists before a new entry can be registered, IANA is requested to add a new column "Media Type" to the registry. This new column is placed directly to the right of the existing "Content Type" column. Fossati & Dijk Expires 23 August 2025 [Page 8] Internet-Draft CoAP Content-Format Registrations Update February 2025 The "Media Type" field for each entry lists the (base) media type name and provides a hyperlink to registration information for that media type as recorded by IANA. If the media type is provisional, the hyperlink points to the IANA "Provisional Standard Media Type" registry [IANA.provisional-standard-media-types]. If a provisional media type is later abandoned or becomes a permanent media type, IANA must update the "Media Type" field in the associated entries. In the case of abandonment, this field should be left empty. If the media type becomes permanent, the field should include a hyperlink to the registration information for that media type. Note that the registration request procedure remains unchanged. A requester does not need to fill out the "Media Type" field separately, as the necessary information is already provided in the "Content Type" field of the request. 5.3. Expert Review Procedure The Designated Expert (DE) is instructed to perform the Expert Review, as described by the following checklist: 1. The combination of content-type and content coding for which the registration is requested must not be already present in the "CoAP Content-Formats" registry; 2. The media type associated with the requested Content-Format must either be registered in the "Media Types" registry [IANA.media-types] or approved for registration. Alternatively, it may be listed in the "Provisional Standard Media Type" registry [IANA.provisional-standard-media-types]. The use of provisional standard media types is only permitted for Content- Format identifiers within the ranges of 0-255 and 256-9999; 3. The optional parameter names must have been defined in association with the media type, and any parameter values associated with such parameter names must be as permitted; 4. The Content Type must be in the preferred format defined in Section 5.4; 5. If a Content Coding is specified, it must exist (or must have been approved for registration) in the "HTTP Content Coding" registry of the "Hypertext Transfer Protocol (HTTP) Parameters" [IANA.http-parameters]. For the 0-255 range, in addition to the checks described above, the DE is instructed to also evaluate the requested codepoint concerning the limited availability of the 1-byte codepoint space. For the Fossati & Dijk Expires 23 August 2025 [Page 9] Internet-Draft CoAP Content-Format Registrations Update February 2025 256-9999 range and the 10000-64999 range, a similar criterion may also apply where combinations of media type parameters and content coding choices consume considerable codepoint space. 5.4. Preferred Format for the Content Type Field This section defines the preferred string format for including a requested Content Type into the "CoAP Content-Formats" registry. During the review process, the Designated Expert(s) or IANA may rewrite a requested Content Type into this preferred string format before approval. The preferred string format is as defined in Section 8.3.1 of [RFC9110] and follows these rules: 1. For any case-insensitive elements, lowercase characters are used. 2. Parameter values are only quoted if the value is such that it requires use of quoted-string per Section 5.6.6 of [RFC9110]. Otherwise, a parameter value is included unquoted. 3. A single semicolon character without any adjacent whitespace characters is used as the separator between media type and parameters. 5.5. Temporary Note Removal This section is to be removed before publishing as an RFC. The following note has been added to the registry as a temporary fix: "Note: The validity of the combination of Content Coding, Content Type and parameters is checked prior to assignment." IANA is instructed to remove this note from the registry when this document is approved for publication. RFC-Editor: please remove this section once the note has been removed. 6. References 6.1. Normative References [BCP26] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . Fossati & Dijk Expires 23 August 2025 [Page 10] Internet-Draft CoAP Content-Format Registrations Update February 2025 [IANA.core-parameters] IANA, "Constrained RESTful Environments (CoRE) Parameters", . [IANA.http-parameters] IANA, "Hypertext Transfer Protocol (HTTP) Parameters", . [IANA.media-types] IANA, "Media Types", . [IANA.provisional-standard-media-types] IANA, "Provisional Standard Media Type Registry", . [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January 2014, . [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014, . [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, June 2022, . [RFC9193] Keränen, A. and C. Bormann, "Sensor Measurement Lists (SenML) Fields for Indicating Data Value Content-Format", RFC 9193, DOI 10.17487/RFC9193, June 2022, . 6.2. Informative References [Err4954] RFC Errata Report 4954, RFC 7252, . [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, . Fossati & Dijk Expires 23 August 2025 [Page 11] Internet-Draft CoAP Content-Format Registrations Update February 2025 Acknowledgments Thank you Amanda Baber, Carsten Bormann, Francesca Palombini, and Marco Tiloca for your reviews, comments, suggestions, and fixes. Authors' Addresses Thomas Fossati Linaro Email: thomas.fossati@linaro.org Esko Dijk IoTconsultancy.nl Email: esko.dijk@iotconsultancy.nl Fossati & Dijk Expires 23 August 2025 [Page 12]