Internet DRAFT - draft-ietf-cbor-date-tag

draft-ietf-cbor-date-tag







CBOR Working Group                                              M. Jones
Internet-Draft                                                 Microsoft
Intended status: Standards Track                              A. Nadalin
Expires: March 14, 2021                                      Independent
                                                              J. Richter
                                             pdv Financial Software GmbH
                                                      September 10, 2020


       Concise Binary Object Representation (CBOR) Tags for Date
                      draft-ietf-cbor-date-tag-07

Abstract

   The Concise Binary Object Representation (CBOR, RFC 7049) is a data
   format whose design goals include the possibility of extremely small
   code size, fairly small message size, and extensibility without the
   need for version negotiation.

   In CBOR, one point of extensibility is the definition of CBOR tags.
   RFC 7049 defines two tags for time: CBOR tag 0 (RFC 3339 date/time
   string) and tag 1 (Posix "seconds since the epoch").  Since then,
   additional requirements have become known.  This specification
   defines a CBOR tag for an RFC 3339 date text string, for applications
   needing a textual date representation within the Gregorian calendar
   without a time.  It also defines a CBOR tag for days since the date
   1970-01-01 in the Gregorian calendar for applications needing a
   numeric date representation without a time.  This specification is
   intended as the reference document for IANA registration of the CBOR
   tags defined.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 14, 2021.




Jones, et al.            Expires March 14, 2021                 [Page 1]

Internet-Draft              CBOR Tag for Date             September 2020


Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Calendar Dates  . . . . . . . . . . . . . . . . . . . . .   3
       1.1.1.  Example Date Representations  . . . . . . . . . . . .   3
     1.2.  Comparing Dates . . . . . . . . . . . . . . . . . . . . .   4
     1.3.  Comparing Dates and Date/Time Values  . . . . . . . . . .   4
   2.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
     2.1.  Concise Binary Object Representation (CBOR) Tags
           Registrations . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     4.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   5
   Document History  . . . . . . . . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   The Concise Binary Object Representation (CBOR) [RFC7049] provides
   for the interchange of structured data without a requirement for a
   pre-agreed schema.  RFC 7049 defines a basic set of data types, as
   well as a tagging mechanism that enables extending the set of data
   types supported via an IANA registry.

   This specification defines a CBOR tag for a text string representing
   a date without a time.  The tagged text string is represented as
   specified by the RFC 3339 [RFC3339] "full-date" production.  Per RFC
   3339, this represents a date within the Gregorian calendar.

   This specification also defines a CBOR tag for an integer
   representing a date without a time.  The tagged integer is an



Jones, et al.            Expires March 14, 2021                 [Page 2]

Internet-Draft              CBOR Tag for Date             September 2020


   unsigned or negative value indicating the number of days since the
   Gregorian calendar date 1970-01-01.  As an implementation note, this
   value has a constant offset from the Modified Julian Date value
   (which is defined by the Smithsonian Astrophysical Observatory as the
   number of days since November 17, 1858); this value is the Modified
   Julian Date minus 40587.

   Note that since both tags are for dates without times, times of day,
   time zones, and leap seconds are not applicable to these values.
   These tags are both for representations of Gregorian calendar dates.

1.1.  Calendar Dates

   Calendar dates are used for numerous human use cases, such as marking
   the dates of significant events.  For instance, John Lennon was born
   on October 9, 1940 and died on December 8, 1980.  One such use case
   is driver's licenses, which typically include a date of birth.  The
   dates used in this specification use the Gregorian calendar, as do
   those in RFC 3339 [RFC3339].  The time zones and actual times of
   these events are intentionally not represented in the calendar date.

   The epoch chosen for the second tag, which represents days since the
   Gregorian calendar date 1970-01-01, is related to the IEEE Std
   1003.1, 2013 Edition [POSIX.1] time epoch 1970-01-01T00:00:00Z UTC
   only insofar as both contain the date 1970-01-01.  This should not be
   construed as indicating that dates using this tag represent either a
   specific time of day and/or time zone.

   The day of the week (Sunday, Monday, Tuesday, etc.) is not explicitly
   represented in either of these date formats.  However, deterministic
   algorithms that are beyond the scope of this specification can be
   used to derive the day of the week in the Gregorian calendar from
   dates represented in both of these formats.

1.1.1.  Example Date Representations

   This table contains example representations for dates using both
   tags.

               +------------------+--------------+---------+
               | Date             | Tag 1004     | Tag 100 |
               +------------------+--------------+---------+
               | October 9, 1940  | "1940-10-09" | -10676  |
               | December 8, 1980 | "1980-12-08" | 3994    |
               +------------------+--------------+---------+






Jones, et al.            Expires March 14, 2021                 [Page 3]

Internet-Draft              CBOR Tag for Date             September 2020


1.2.  Comparing Dates

   Comparison of dates in "full-date" format can be accomplished by
   normal string comparison, since by design, the digits representing
   the date are in fixed format and ordered from most significant to
   least significant.  Comparison of numeric dates representing days
   since 1970-01-01 can be performed by normal integer comparison.
   Comparison of dates in other formats or using other calendars require
   conversions that are beyond the scope of this specification.

   Note that different dates may correspond to the same moment in time,
   depending upon the time zone in which the date was determined.  For
   instance, at many times of the day, a conference call occurring on a
   particular date in Japan will simultaneously occur on the previous
   date in Hawaii; at many times of the day, Japan's Friday corresponds
   with Hawaii's Thursday.

1.3.  Comparing Dates and Date/Time Values

   Comparing dates with date/time values, which represent a particular
   moment in time, is beyond the scope of this specification.  That
   said, if a date is augmented with a time zone and time of day, a
   specific date/time value can be determined and comparing that date/
   time value to others becomes possible.  For instance, if one were to
   augment John Lennon's birth date of October 9, 1940 with the time of
   day and time zone of his birth, then it would be possible to derive a
   date/time at which he was born that could be compared with other
   date/time values.

2.  IANA Considerations

2.1.  Concise Binary Object Representation (CBOR) Tags Registrations

   This section registers the following values in the IANA "Concise
   Binary Object Representation (CBOR) Tags" registry [IANA.cbor-tags].

   o  Tag: 1004
   o  Data Item: UTF-8 text string
   o  Semantics: RFC 3339 full-date string
   o  Reference: [[ this specification ]]

   o  Tag: 100 (ASCII 'd')
   o  Data Item: Unsigned or negative integer
   o  Semantics: Number of days since the epoch date 1970-01-01
   o  Reference: [[ this specification ]]






Jones, et al.            Expires March 14, 2021                 [Page 4]

Internet-Draft              CBOR Tag for Date             September 2020


3.  Security Considerations

   The security considerations of RFC 7049 apply; the tags introduced
   here are not expected to raise security considerations beyond those.

   A date, of course, has significant security considerations.  These
   include the exploitation of ambiguities where the date is security
   relevant or where the date is used in access control decisions.

   When using a calendar date for decision making, for example access
   control, it needs to be noted that since calendar dates do not
   represent a specific point in time, the results of the evaluation can
   differ depending upon where the decision is made.  For instance, a
   person may have reached their 21st birthday in Japan while
   simultaneously being a day short of their 21st birthday in Hawaii.
   Similarly, it would be inappropriate to use only a date to trigger
   certificate expiration, since a date corresponds to a range of times
   worldwide, rather than a specific point in time that is independent
   of geographic location.

4.  References

4.1.  Normative References

   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
              <https://www.rfc-editor.org/info/rfc3339>.

   [RFC7049]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
              October 2013, <https://www.rfc-editor.org/info/rfc7049>.

4.2.  Informative References

   [IANA.cbor-tags]
              IANA, "Concise Binary Object Representation (CBOR) Tags",
              <http://www.iana.org/assignments/cbor-tags>.

   [POSIX.1]  IEEE, "The Open Group Base Specifications Issue 7",
              IEEE Std 1003.1, 2013 Edition, 2013,
              <http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/
              V1_chap04.html#tag_04_15>.

Acknowledgements

   Thanks to Carsten Bormann for supporting creation of this
   specification.  Parts of the explanatory text in this specification
   come from draft-bormann-cbor-time-tag-02.



Jones, et al.            Expires March 14, 2021                 [Page 5]

Internet-Draft              CBOR Tag for Date             September 2020


   Thanks to these people for reviews of the specification: Henk
   Birkholz, Carsten Bormann, Samita Chakrabarti, Roman Danyliw, Linda
   Dunbar, Benjamin Kaduk, Erik Kline, Warren Kumari, Barry Leiba,
   Thiago Macieira, Francesca Palombini, Michael Richardson, Kyle Rose,
   Jim Schaad, Juergen Schoenwaelder, Eric Vyncke, Robert Wilton, and
   Dale Worley.

Document History

   [[ to be removed by the RFC Editor before publication as an RFC ]]

   -07

   o  Acknowledged Linda Dunbar for her GenArt review and Samita
      Chakrabarti for her IOT-Dir review, as well as IESG reviewers.

   -06

   o  Addressed SecDir review comments by Kyle Rose.

   o  Updated Tony Nadalin's affiliation and contact information.

   -05

   o  Incorporated additional suggestions by Carsten Bormann and Juergen
      Schoenwaelder.

   -04

   o  Addressed shepherd comments by Francesca Palombini.

   o  Addressed additional review comments by Jim Schaad and Michael
      Richardson.

   -03

   o  Added statement that these tags are both for representations of
      calendar dates.

   o  Described consequences of using calendar dates in access control
      decisions.

   -02

   o  Addressed working group last call comments, including stating that
      time zones are not applicable to these values.

   -01



Jones, et al.            Expires March 14, 2021                 [Page 6]

Internet-Draft              CBOR Tag for Date             September 2020


   o  Changed "positive or negative" to "unsigned or negative".

   o  Added an implementation note about the relationship to Modified
      Julian Dates.

   -00

   o  Initial working group version based on draft-jones-cbor-date-
      tag-01 with no normative changes.

Authors' Addresses

   Michael B. Jones
   Microsoft

   Email: mbj@microsoft.com
   URI:   https://self-issued.info/


   Anthony Nadalin
   Independent

   Email: nadalin@prodigy.net


   Joerg Richter
   pdv Financial Software GmbH

   Email: joerg.richter@pdv-fs.de






















Jones, et al.            Expires March 14, 2021                 [Page 7]