Network Working Group S. Josefsson Internet-Draft SJD AB Intended status: Informational March 13, 2011 Expires: September 14, 2011 Implementation Report for RFC 4648 Base Encodings draft-josefsson-rfc4648-impl-report-01 Abstract This is an implementation report of RFC4648, for the purpose of advancing the document to Draft Standard. [[See for more information. RFC-EDITOR: remove this paragraph on publication]]. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 14, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Josefsson Expires September 14, 2011 [Page 1] Internet-Draft Implementation Report for RFC 4648 March 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Implementations Tested . . . . . . . . . . . . . . . . . . . . 4 5.1. GNU Coreutils: base64 . . . . . . . . . . . . . . . . . . . 4 5.2. OpenSSL: base64 . . . . . . . . . . . . . . . . . . . . . . 4 5.3. NSD: base32 . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Josefsson Expires September 14, 2011 [Page 2] Internet-Draft Implementation Report for RFC 4648 March 2011 1. Introduction This is an implementation report of The Base16, Base32, and Base64 Data Encodings [RFC4648] document. It follows the outline suggested by [RFC5657]. 2. Summary The author believe that base encoding specification in RFC 4648 meets the requirements for Draft Standard. The "base64" encoding is the base encoding variant with the longest history of being used in Internet protocols. The earliest use in the RFC series appears to be [RFC0989]. Base64 has been widely implemented as part of MIME [RFC2045], which is already a Draft Standard. The "base64url" alphabet is newer and is not as common as "base64" although there are several interoperable implementations. The "base32" encoding is not as widely used as base64, but has applications in case insensitive environments. The "base32" encoding is used by GS2 [RFC5801]. The "base32hex" encoding (without padding) is used by [RFC5155], and a restricted form is used by [RFC2938]. The "base16" encoding is usually referred to as hexadecimal, or hex encoding, and is used in many protocols and technical documents in an informal way. 3. Methodology We identified that we wanted to test at least two distinct implementations of the following encodings: base64, base64url, base32, base32hex, base16. The primary test is of course that encoding and decoding of data works and generate the expected results. Section 3 of RFC 4648 discuss some implementation discrepancies of base encoding. To iron out interoperability problems, we checked these corner-cases separately and documented the result. In particular: how line feeds are handled during encoding and decoding [LF], whether padding is done correctly [PAD], how non-alphabetical characters are handled [NONALPHA], whether pad bits are zero or not Josefsson Expires September 14, 2011 [Page 3] Internet-Draft Implementation Report for RFC 4648 March 2011 [ZEROBITS]. A useful test vector for zero bit padding is correctly implemented is "YR==" which is a non-canonical encoding of "a" (ASCII 0x61), that normally would be encoded as "YQ==". Implementations should normally reject the input. 4. Exceptions Basic encoding and decoding of data interoperate well. Some tools accepted non-canonical encodings, but none appeared to ever generate them. This is consistent with the requirements in section 3.5 of RFC 4648. We acknowledge that many implementations of base64 were written for a general purpose, and thus may not follow some of the guidelines (e.g., related to line feeds) in RFC 4648 strictly. However we believe this should not be a reason against Draft Standard status because the document is clear on the issues and the variations in implementations does not lead to significant practical problems. In fact, some of the variations are used to improve robustness in face of common problems. 5. Implementations Tested 5.1. GNU Coreutils: base64 There is a "base64" command line tool, written in C, included in GNU Coreutils [GNU-Coreutils-Base64]. It supports the "base64" alphabet. [LF]: On encoding, it wraps output after 76 characters (same as MIME). On decoding, it accepts line-wrapped input. [PAD]: It appears to pad data properly. [NONALPHA]: It appears to return a non-zero error code if the input contains non-alphabetical characters. [ZEROBITS]: On encoding, the pad bits are zero. On decoding, accepts non-zero pad bits. 5.2. OpenSSL: base64 There is a "base64" command line tool, written in C, included in OpenSSL [OpenSSL-Base64]. It supports the "base64" alphabet. Josefsson Expires September 14, 2011 [Page 4] Internet-Draft Implementation Report for RFC 4648 March 2011 [LF]: On encoding, it wraps output after 64 characters. On decoding, it accepts line-wrapped input. [PAD]: It appears to pad data properly. [NONALPHA]: If there is non-alphabetic data in the input, nothing appears to be decoded but there is no error message or non-0 exit code. [ZEROBITS]: On encoding, the pad bits are zero. On decoding, it accepts non-zero pad bits. 5.3. NSD: base32 The Name Server Daemon (NSD) version 3.2.7 [NSD] contains a "base32" implementation in the file util.c. [LF]: On encoding, it does not add any line feeds. On decoding, it ignores any line feeds. [PAD]: It does not pad data. [NONALPHA]: It appears to return a non-zero error code if the input contains non-alphabetical characters, except for white space which is ignored. [ZEROBITS]: On encoding, the pad bits are zero. On decoding, it appears to accept non-zero pad bits. 6. Acknowledgements TBA 7. Security Considerations This memo introduces no new security considerations. RFC 4648 discuss security considerations for base encoding. 8. IANA Considerations This document has no actions for IANA. 9. References Josefsson Expires September 14, 2011 [Page 5] Internet-Draft Implementation Report for RFC 4648 March 2011 9.1. Normative References [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. 9.2. Informative References [RFC0989] Linn, J. and IAB Privacy Task Force, "Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures", RFC 989, February 1987. [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC2938] Klyne, G. and L. Masinter, "Identifying Composite Media Features", RFC 2938, September 2000. [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, March 2008. [RFC5657] Dusseault, L. and R. Sparks, "Guidance on Interoperation and Implementation Reports for Advancement to Draft Standard", BCP 9, RFC 5657, September 2009. [RFC5801] Josefsson, S. and N. Williams, "Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family", RFC 5801, July 2010. [GNU-Coreutils-Base64] Josefsson, S., "GNU Coreutils base64 tool version 7.2", WWW http://www.gnu.org/software/coreutils/, May 2009. [OpenSSL-Base64] OpenSSL Team, "OpenSSL base64 tool version 0.9.8o", WWW http://www.openssl.org/, Jun 2010. [NSD] NLnet Labs, "Name Server Daemon version 3.2.7", WWW http://www.nlnetlabs.nl/projects/nsd/, Jan 2011. Josefsson Expires September 14, 2011 [Page 6] Internet-Draft Implementation Report for RFC 4648 March 2011 Author's Address Simon Josefsson SJD AB Email: simon@josefsson.org Josefsson Expires September 14, 2011 [Page 7]