<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-mahy-cbor-edn-for-tls-01" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="EDN for TLS Presentation Language">Extended Diagnostic Notation (EDN) Use with Transport Layer Security (TLS) Presentation Language (PL) Objects</title>
    <seriesInfo name="Internet-Draft" value="draft-mahy-cbor-edn-for-tls-01"/>
    <author fullname="Rohan Mahy">
      <organization/>
      <address>
        <email>rohan.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="04"/>
    <keyword>TLS PL</keyword>
    <keyword>TLS Presentation Language</keyword>
    <abstract>
      <?line 36?>

<t>Extended Diagnostic Notation was designed as a superset of JSON to represent CBOR instance documents in human-readable format.
This document describes how it can be used to represent instances encoded using the TLS Presentation Language.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://rohanmahy.github.io/cbor-edn-for-tls/draft-mahy-cbor-edn-for-tls.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-mahy-cbor-edn-for-tls/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/rohanmahy/cbor-edn-for-tls"/>.</t>
    </note>
  </front>
  <middle>
    <?line 42?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Extended Diagnostic Notation (EDN) <xref target="I-D.ietf-cbor-edn-literals"/> is a text format, that was originally described to represent CBOR messages as diagnostic notation in <xref target="RFC7094"/> and then expanded in <xref target="RFC8949"/>.
It is a superset of JSON (all valid JSON is valid EDN) that can natively represent binary content, non-finite floating point values, and additional data types (tags and simple values).
Since then it has been used to represent YAML messages, especially those that contain binary content or tags.</t>
      <t>This document defines a convention to represent instances of binary sequences--encoded using the TLS Presentation Language (TLS PL) defined in <xref section="3" sectionFormat="of" target="RFC8446"/>--using EDN.
TLS encoding is used in several other protocols, for example in the Messaging Layer Security (MLS) protocol <xref target="RFC9420"/> and the MIMI protocol <xref target="I-D.ietf-mimi-protocol"/>.</t>
      <t>TLS PL has a very limited set of patterns.
It deals primarily with structs and enums.
As a result, it is relatively straightforward to represent TLS encoded data if the TLS PL definitions are available.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="representation-of-tls-pl-in-edn">
      <name>Representation of TLS PL in EDN</name>
      <t>EDN Representations of TLS-encoded instance data always start with the following comment line: <tt># ~~~ tls </tt> followed by the struct name, and end with the following comment line: <tt># ~~~</tt>.
This allows a processor that knows TLS to convert an EDN document back into TLS-encoded binary data.</t>
      <t>Instances of TLS-encoded structs are represented in EDN as maps with the keys equal to the names of the members.</t>
      <t>If an enum appears that contains only the values <tt>false (0)</tt> and <tt>true (1)</tt>, its values are represented in EDN as the simple values <tt>false</tt> and <tt>true</tt>.</t>
      <t>Instances of other TLS-encoded enums are represented as their decimal integer values with an EDN end-of-line comment naming the enum name and the item name.</t>
      <t>Instances of the following predefined TLS numeric types: uint16, uint32, uint64, plus any variable-length integers (widely used, for example in MLS <xref section="2.1.2" sectionFormat="of" target="RFC9420"/>) are represented as unsigned decimal integers in EDN.
Likewise a single instance of uint8 is represented as an unsigned decimal integer in EDN.</t>
      <t>Vectors of uint8 (or the <tt>opaque</tt> type) are represented by byte strings in EDN.
Likewise fixed-length arrays of uint8 are represented by byte strings in EDN.
By default, they are presented as hex-encoded single-quoted strings.
If such sequences consist entirely entirely or substantially of printable characters they are represented as (appropriately escaped) unprefixed single-quoted strings.</t>
      <t>Vectors of any other type are represented by an array of that type.</t>
      <t>For example given the FooBar struct defined below:</t>
      <sourcecode type="tls"><![CDATA[
enum {
  false(0),
  true(1),
  (255)
} Bool;

enum {
  red(1),
  yellow(2),
  green(3)
  (255)
} Color;

struct {
  uint16 id;
  uint8[16] nonce;
  Bool active;
  Color traffic_light_color;
  uint32 divisible_by<V>;
  opaque reason;
} FooBar;
]]></sourcecode>
      <t>an instance of that struct could be represented as follows in EDN:</t>
      <sourcecode type="cbor-diag"><![CDATA[
# ~~~ tls FooBar
{
  "id": 16798,
  "nonce": h'f6bafb33a535d1fd05bef225d2ac8f35',
  "active": true,
  "traffic_light_color": 3,   # Color green
  "divisible_by": [3, 5, 11],
  "reason": 'server down'
}
# ~~~
]]></sourcecode>
      <section anchor="representation-of-variants">
        <name>Representation of Variants</name>
        <t>The <tt>optional</tt> keyword (<xref section="2.1.1" sectionFormat="of" target="RFC9420"/>) is represented as a struct.
For example given the following structs:</t>
        <sourcecode type="tls"><![CDATA[
struct {
  uint16 component_id;
  opaque data;
} Component;

struct {
  uint64 epoch;
  optional<Component> component;
} Foo;
]]></sourcecode>
        <t>An instance of Foo which has an optional Component would be represented by the following snippet of EDN:</t>
        <artwork><![CDATA[
{
  "epoch": 42,
  "component": {
    "present": true,
    "value": {
      "component_id": 0xBABA,
      "data": h''
    }
  }
}
]]></artwork>
        <t>When absent it would be represented as:</t>
        <sourcecode type="cbor-diag"><![CDATA[
{
  "epoch": 42,
  "component": {
    "present": false
  }
}
]]></sourcecode>
        <t>In general, the presence of a <tt>select</tt> construction in TLS PL indicates the conditional presence of additional values in the struct.
For example, the struct below:</t>
        <sourcecode type="tls"><![CDATA[
{
  LeafNodeSource leaf_node_source;
  select (LeafNode.leaf_node_source) {
    case key_package:
      Lifetime lifetime;
    case update:
      struct{};
    case commit:
      opaque parent_hash<V>;
    };
  Extension extensions<V>;
} PartialLeafNode;
]]></sourcecode>
        <t>would be represented as follows in EDN:</t>
        <sourcecode type="cbor-diag"><![CDATA[
{
  "leaf_node_source": 1, # enum LeafNodeSource.key_package
  "lifetime": {
    "not_before": 1777979674, # 05-May-2026T13:14:34Z
    "not_after":  1780312474  # 05-Jun-2026T13:14:34Z
  },
  "extensions": []
}
]]></sourcecode>
        <t>The notation <tt>struct {}</tt> in TLS PL refers to the absense of a value.
It is ignored in the representation of an EDN instance.</t>
      </section>
    </section>
    <section anchor="examples">
      <name>Examples</name>
      <section anchor="mls-leafnode">
        <name>MLS LeafNode</name>
        <t>The following detailed example represents the LeafNode struct from <xref section="7.2" sectionFormat="of" target="RFC9420"/> and embedded structs.
It includes additional types from <xref target="I-D.ietf-mls-extensions"/>, <xref target="I-D.ietf-mimi-room-policy"/>, and <xref target="I-D.mahy-mls-sd-cwt-credential"/>.</t>
        <t>Given the following TLS structures:</t>
        <sourcecode type="tls"><![CDATA[
struct {
    HPKEPublicKey encryption_key;
    SignaturePublicKey signature_key;
    Credential credential;
    Capabilities capabilities;
    LeafNodeSource leaf_node_source;
    select (LeafNode.leaf_node_source) {
        case key_package:
            Lifetime lifetime;
        case update:
            struct{};
        case commit:
            opaque parent_hash<V>;
    };
    Extension extensions<V>;
    /* SignWithLabel(., "LeafNodeTBS", LeafNodeTBS) */
    opaque signature<V>;
} LeafNode;

enum {
    reserved(0),
    key_package(1),
    update(2),
    commit(3),
    (255)
} LeafNodeSource;

struct {
    ProtocolVersion versions<V>;
    CipherSuite cipher_suites<V>;
    ExtensionType extensions<V>;
    ProposalType proposals<V>;
    CredentialType credentials<V>;
} Capabilities;

struct {
    uint64 not_before;
    uint64 not_after;
} Lifetime;


struct {
    ExtensionType extension_type;
    opaque extension_data<V>;
} Extension;

struct {
  CredentialType credential_type;
  select (Credential.credential_type) {
...
    case sd_jwt:
      SdJwt sd_jwt;
    };
} Credential;

struct {
    Bool compacted;
    select (compacted) {
        case true:
            opaque protected<V>;
            opaque payload<V>;
            opaque signature<V>;
            SdJwtDisclosure disclosures<V>;
            opaque sd_jwt_key_binding<V>;
        case false:
            opaque sd_jwt_kb<V>;
    };
} SdJwt;

enum {
  false(0),
  true(1)
} Bool;

struct {
    ComponentID component_id;
    opaque data<V>;
} ComponentData;

struct {
    ComponentData component_data<V>;
} AppDataDictionary;
AppDataDictionary app_data_dictionary;

opaque HPKEPublicKey<V>;
opaque SignaturePublicKey<V>;

/* See the "Messaging Layer Security (MLS)" IANA registries for values */
uint16 CipherSuite;
uint16 ExtensionType;
uint16 ProposalType;
uint16 CredentialType;
uint16 ComponentID;
]]></sourcecode>
        <t>below is an example instance represented in EDN:</t>
        <sourcecode type="cbor-diag"><![CDATA[
# ~~~ tls LeafNode
{
  "encryption_key": h'41542cd14e930f0d6db59743e2a27974
                      4d774ddc9d53679e78741787be96e832',
  "signature_key":  h'2d13ead305b4fbae97a9677a7fc04d2a
                      1778ef843121f8ffdb46c7389578768d',
  "credential": {
    "credential_type": 0x0006,  # JWT Credential Type
    "compacted": true,
    "protected": '{
      "alg": "ES256",
      "kid": "https://provider.example/jwk"
    }',
    "payload": '{
      "iss": "https://provider.example",
      "sub": "mimi://provider.example/u/alice",
      "aud": "mimi://hub.example/r/clubhouse",
      "exp": 1780312474,
      "cnf": {"jkt": "kPrK_qmxVWaYVA9wwBF6Iuo3vVzz7TxHCTwXBygrS4k"}
    }',
    "signature": h''
    "disclosures": [],
    "sd_jwt_key_binding": h'cac12ac8b387035dbdbeeed8b085d0f1
                            79f12cb1fa81218432268de12365c86c'
  },
  "capabilities": {
    "versions": [1], # ProtocolVersion mls10
    "cipher_suites": [1, 2, 3, 7],
    "extensions": [
      0x0006,   # app_data_dictionary
      0x0007,   # supported_wire_formats
      0x0008    # required_wire_formats
    ],
    "proposals": [0x0008, 0x0009, 0x000A],
    credentials: [0x0006]
  },
  "leaf_node_source": 1, # enum LeafNodeSource.key_package
  "lifetime": {
    "not_before": 1777979674, # 05-May-2026T13:14:34Z
    "not_after":  1780312474  # 05-Jun-2026T13:14:34Z
  },
  "extensions": [
    {
      "extension_type": 0x0006,  # app_data_dictionary extension
      "extension_data": [
        {
          "component_id": 0x0001, # app_components extension
          "data": [
            0x0022,   # participant_list component
            0x0024,   # mls_operational_policy component
            0x0025,   # roles-list component
            0x0027    # base_room_policy component
          ]
        },
        {
          "component_id": 0x0003, # content_media_types extension
          "data": ["application/mimi-content"]
        }
      ]
    },
    {
      "extension_type": 0xBABA.  # GREASE extension
      "extension_data": h''
    },
    {
      "extension_type": 0xDADA.  # GREASE extension
      "extension_data": h''
    }
  ],
  "signature": h'88ad994cabf15c4e90d0a4af214b1d75
                 7aecef23efffbd9d8e468866cccebac4'
}
]]></sourcecode>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>TODO Security</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-cbor-edn-literals">
          <front>
            <title>Concise Diagnostic Notation (CDN)</title>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <date day="15" month="June" year="2026"/>
            <abstract>
              <t>   This document formalizes and consolidates the definition of the
   Concise Diagnostic Notation (CDN) of the Concise Binary Object
   Representation (CBOR), addressing implementer experience.

   Replacing CDN's previous informal descriptions, it updates RFC 8949,
   obsoleting its Section 8, and RFC 8610, obsoleting its Appendix G.

   It also specifies registry-based extension points and uses them to
   support text representations such as of epoch-based dates/times and
   of IP addresses and prefixes.


   // (This cref will be removed by the RFC editor:) -26 is intended to
   // address the May/June 2026 Working Group Last Call comments on -25
   // and the ensuing WG discussions.  Specifically, this update: • is
   // going further with the idea to entirely replace the non- backwards
   // compatible update considered for the RFC 8610/G.4 concatenation by
   // two new application extensions (temporarily named b1/t1), and to
   // add related application-oriented extensions that deprecate the
   // original streamstring syntax. • includes the float'' application-
   // extension so that the entire CBOR format can be covered. • now
   // uses rules closer to those of markdown for handling data
   // transparency in raw strings, simplifying their implementation. •
   // adds security considerations. • proactively reserves the
   // application-extension identifier "pragma" for potential future
   // standardization. • This update does not address certain comments
   // that propose some editorial restructuring requiring moving text
   // around; this is best done in a next revision after the technical
   // comments are addressed.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cbor-edn-literals-26"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC7094">
          <front>
            <title>Architectural Considerations of IP Anycast</title>
            <author fullname="D. McPherson" initials="D." surname="McPherson"/>
            <author fullname="D. Oran" initials="D." surname="Oran"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="E. Osterweil" initials="E." surname="Osterweil"/>
            <date month="January" year="2014"/>
            <abstract>
              <t>This memo discusses architectural implications of IP anycast and provides some historical analysis of anycast use by various IETF protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7094"/>
          <seriesInfo name="DOI" value="10.17487/RFC7094"/>
        </reference>
        <reference anchor="RFC8949" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8949.xml">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9420" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9420.xml">
          <front>
            <title>The Messaging Layer Security (MLS) Protocol</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="B. Beurdouche" initials="B." surname="Beurdouche"/>
            <author fullname="R. Robert" initials="R." surname="Robert"/>
            <author fullname="J. Millican" initials="J." surname="Millican"/>
            <author fullname="E. Omara" initials="E." surname="Omara"/>
            <author fullname="K. Cohn-Gordon" initials="K." surname="Cohn-Gordon"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9420"/>
          <seriesInfo name="DOI" value="10.17487/RFC9420"/>
        </reference>
        <reference anchor="I-D.ietf-mimi-protocol">
          <front>
            <title>More Instant Messaging Interoperability (MIMI) using HTTPS and MLS</title>
            <author fullname="Richard Barnes" initials="R." surname="Barnes">
              <organization>Cisco</organization>
            </author>
            <author fullname="Matthew Hodgson" initials="M." surname="Hodgson">
              <organization>The Matrix.org Foundation C.I.C.</organization>
            </author>
            <author fullname="Konrad Kohbrok" initials="K." surname="Kohbrok">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <author fullname="Rohan Mahy" initials="R." surname="Mahy">
              <organization>Rohan Mahy Consulting Services</organization>
            </author>
            <author fullname="Travis Ralston" initials="T." surname="Ralston">
              <organization>The Matrix.org Foundation C.I.C.</organization>
            </author>
            <author fullname="Raphael Robert" initials="R." surname="Robert">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <date day="25" month="April" year="2026"/>
            <abstract>
              <t>   This document specifies the More Instant Messaging Interoperability
   (MIMI) transport protocol, which allows users of different messaging
   providers to interoperate in group chats (rooms), including to send
   and receive messages, share room policy, and add participants to and
   remove participants from rooms.  MIMI describes messages between
   providers, leaving most aspects of the provider-internal client-
   server communication up to the provider.  MIMI integrates the
   Messaging Layer Security (MLS) protocol to provide end-to-end
   security assurances, including authentication of protocol
   participants, confidentiality of messages exchanged within a room,
   and agreement on the state of the room.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-mimi-protocol-06"/>
        </reference>
        <reference anchor="I-D.ietf-mls-extensions">
          <front>
            <title>The Messaging Layer Security (MLS) Extensions</title>
            <author fullname="Raphael Robert" initials="R." surname="Robert">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The Messaging Layer Security (MLS) protocol is an asynchronous group
   authenticated key exchange protocol.  MLS provides a number of
   capabilities to applications, as well as several extension points
   internal to the protocol.  This document provides a consolidated
   application API, guidance for how the protocol's extension points
   should be used, and a few concrete examples of both core protocol
   extensions and uses of the application API.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-mls-extensions-09"/>
        </reference>
        <reference anchor="I-D.ietf-mimi-room-policy">
          <front>
            <title>Room Policy for the More Instant Messaging Interoperability (MIMI) Protocol</title>
            <author fullname="Rohan Mahy" initials="R." surname="Mahy">
              <organization>Rohan Mahy Consulting Services</organization>
            </author>
            <date day="18" month="December" year="2025"/>
            <abstract>
              <t>   This document describes a set of concrete room policies for the More
   Instant Messaging Interoperability (MIMI) Working Group.  It
   describes several independent properties and policy attributes which
   can be combined to model a wide range of chat and multimedia
   conference types.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-mimi-room-policy-03"/>
        </reference>
        <reference anchor="I-D.mahy-mls-sd-cwt-credential">
          <front>
            <title>Messaging Layer Security Credentials using Selective Disclosure JSON and CBOR Web Tokens</title>
            <author fullname="Rohan Mahy" initials="R." surname="Mahy">
              <organization>Rohan Mahy Consulting Services</organization>
            </author>
            <date day="6" month="May" year="2026"/>
            <abstract>
              <t>   The Messaging Layer Security (MLS) protocol contains Credentials used
   to authenticate an MLS client with a signature key pair.  Selective
   Disclosure CBOR Web Tokens (SD-CWT) and Selective Disclosure JSON Web
   Tokens (SD-JWT) define token formats where the holder can selectively
   reveal claims about itself with strong integrity protection and
   cryptographic binding to the holder's key.  This document defines MLS
   credentials for both these token types.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-mahy-mls-sd-cwt-credential-02"/>
        </reference>
      </references>
    </references>
    <?line 413?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>TODO acknowledge.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA91a63LbRrL+j6eYpX9YSpEU7xc5myx1caJEsnwsxT7ZlIsa
AAMSEQjQGEAUV8U8yz7LebLz9czgRlKKsz/XVS4Rg56e7p6vv+kestFoWImf
BOKY1c4fExG6wmVnPp+FkUx8h72LEp74UcgOzs/eHbJfpGArP5mz25iHchnF
CbvkaxGzG+GksZ+s2cHt5c0hex8LKUIz9ZKHs5TPBDt4f3nIru3fhZPImsVt
OxYPtO7ZO+ZFMcPM/RNrlsMTMYvi9THzQy+yLDdyQr6A0W7MvaSx4PN1w7Gj
uCHcsAFdjSSQjVbbkqm98KWEsmS9hPjF+e1bxl4xHsgIK/twd0k+h0mtzmrC
9ZMo9nlADxeTE/yBWbWLD7dva1aYLmwRH1suTDm2nCiEnTKVxyyJU2HBj64F
vbHgx2zy4XyCh1UU38/iKF0es08/sE948sMZ+4FGrHuxxmv32GIN7fdl/mlf
BKwHEaZY9hVjuUZ60F5VVWN4wf2ARP4hHvliGYimEy1onMfO/JjNk2Qpj4+O
Si+PoA6qsbOpjbjE0ZyHFNSj7aDWIBYgAjKBWKYoF29qDU0/2pl49MJONefJ
IqhZFk+TeRRTTLAKY14aBHqXP9AC7Apz1Quh/VPLNn2ReP+Y0Yjy0gqjeIHg
PSBaFoGleGo2m5bVaDQYt2UScyexrBchv+KSuUL6sxAC+MyZTJciliJhkcd+
url+x5KIxWKpd4ydnlx/AD5lwkNHMEA0XWBYYojN0wUPGwCHy+1AMG1V07qd
+zIXpLWc2LeFZPNoxfyEOXDaFiyVWL+yUraIZCJ0IrI/lQSAZC6exxCcV94v
fNcNhAU8XIRJHLmpQ2J/Egud/k9Pf7tonKmQF5sY+ImIkVCbDfMpSIl4TIyH
dVjEExVI5NXMD3kQrHM/3T3hWwgpYaukeLuFHWFmB2L59PT9h7enw9a4hxV5
6JLXIROPS66szyVG4954s2laF4m2a2fzDmANe+CB7+pnSOkn5auynHYgVPiB
3YWpNjyJ1wwkgJDByzAClv0QgWBeEEEee7GMfEhCYSpkXdnJXfALnOABA4lw
lbySHSR8JtV76VM6mimHTevGJxwp7wCGOSJiC3zehcOvk6vLPHJ1JuRSOL4K
NfJJCuMKjOUITtV2IjgyAODYBiMcon0gSbCPiv4zIERAjVYpvqSCxhqNv4BM
dWgwOhz0qmYTcaYosS4t8Dfa0V5vsNk0GloldgkZhIlqJRqB/So4mC3FA4GS
RVg4Zss4SiInChAcOmgM8ZEc2XWlIkcKts+yKzrLsskGVuNep1UAj11dXF1U
RPIEWfgLv5G9ISBa2ku1k5zBvjULIJPAYgPLJU+QS6FUoHUFkgqq/QWPfeyl
OndBXMhXjRccCQuITkgbwpoGQKKvwB6LIAMtMZ0/myfwe8XjLeDk0YMJCpK+
V+zUpd4NBVlJJxvjD2BZIjCiklfsNAeGtuesECc0CYZDjg5BV7La1S83t3Sq
0l/27lp9/nD+P79cfDg/o883P04uL/MPlpG4+fH6l8uz4lMx8/T66ur83Zme
jFFWGbJqV5Nfazrratfvby+u300ua3q/yyAnpxAQm6CAwCMsiaJ6q6AozDk5
ff9//273iP2w/512G7RiHkbtIbHQCjmqV4tC2in1iECuLb5cCh6TFiIbhy/9
hBMMAQEJlsfJIGIK5ze/UWQ+H7NvbWfZ7n1nBsjhymAWs8qgitnuyM5kHcQ9
Q3uWyaNZGd+KdNXeya+V5yzupcFvvw+Q3qzRHn3/naUw9CHDomYE5IDBHiKG
BMephOKwKiSNVM4wxZFLEObBiq8R3YSjOFU5Q4j2oiCIVpTjKBLU3pMlx+zu
Ffvjjz8YihB2Z4Sg0V6rSTrZGNUgdZNx7teqvDOnOychylAwAXhREt8SHd+H
NEzOAoCKYmEuV04X+LS5c0/QjCr+Gq4lb4GcizINl8VyqgDI85TXiKZFgMAF
X8rCH2Qr6okvKVgTC9IIOa7U0sNCUP1LB8WFR4YS+zANb1k5YaROApqjjzJ2
5wHzYPnW4Z0K4x2VzOygfXhHhCUzsecNVZtRPh2NypK6u+1QaOYvB0Tx5c4q
Wr0fg+0cUG2gqGCGqWYlFR+zMdj/RuQ1FIizTUeQsgNOhYSClp8OIHc9sm1d
FUCwJjv5CBFQI2JUPapAOGYpLGoP6upvt6P/Dnp1tgxSIt41LEXTAlpuBCKc
wVrjAWqLle/SIUCn4s7Rh8OtdMh2mu1mhywrzrjDfbFKQ1MQb4VLmu1qWpf+
vVj52G+UXHBOLWYSFOrJ+JE+oyp6EeHnVOearY8wNoploedApZNgd9GSo/K4
UyHbtRv5bK8TldCwaI+pnv8o3Cx8PI6JQfJFvlbbCZW2HlfnMJG/mlhxci4e
i/RUsWl8SaNEJyvpalJyydSZF5UUpZX0ZcLoqI1pN/MPcB4NLsU20eUelRDQ
k6gmw5lzanKESk9jzVbQD5C/cYQp6OhIscQBJdxD7ATEVEyeM7O8FQRBnW0U
/X3hwuaqoGrkgypIEErelhA5Q72i67G3UXSCM9Owb5YYtkCyoIszdG2pZHtC
P6iYANxSx2diAvAKfTzo9PuH1oadRFHwxirEkWpGYi0o/w466mEWo7Y+6B6W
Zp5GQRRjqjGEJutUZL77xjyMfmsPPlP97wgaosUYgg5f6FFpgFHc83xnGlAd
NnW0VmbSGV3Ogy99bNjUXn/78Tt6o8EMS7mMwjewREfkDfmOLjmsJJSKpzHR
idKAIrW9z5ppMqSaIKoGjnosqzgD9UIWuVrz3doxaw+G4xHFp6Z8xMj8tTew
uWd3u7zf7bttz231beF1On23w52R1+2/VvI6CjV9P6JG9sQBr7t1RjcyOlRq
F0i2HBUI/Qapfp2125+VJh0ZjL+WIsbJiRNzFb62NtoTHaZX+4qLj8SU6Ml1
fQrW0P3YHTP3MeygyojtbUbcQ1wm+M1n0FywvDmQSxjeRRZOlWUUQvlUY8xA
gc76NwqS5vUuLAc9JpaRM9eztF/f5vLfFZoNoAyaJlU04QXKVx8ENNeknKkq
lkZJvwdlpmQqeRv6KA5UW5NjTgNLmYnN63XUZuaGYehJ3e/UjNoSeDCozuNc
pjxxqqDaejyZnEzq2VsKmYLrazWysej/Rjv9iXpqbus29hmHuNzJk79svaKm
8sIXIZuJkDpTdUSY00GHnrM7KQKA705Rvtpdc+WR18SuTzehuiCCUH6fUNFT
XDOYEsb0uXtwWi/XudsMS+5cCu69w3l1E6Ux1Ad4nIZ4nko1QGDTRrODTLS5
LXRoAuNwqarM6RJlLdr+Y7NVl74nEh9VU2A+vCnE06W+b9WS2tCnTUmAyjA/
yQRMuixxBgEWgPDcUCr2gP6oOy66DkYAzCepJDbsPfoFnKKZFyY9noHGnzGq
Qsp2HIhO66A6dRRVA9sshUVNNZEoQBVGyRQ0G8VKzXA4HA/Hg2GP9LX6jSu+
bnRancFtu3vc7h13e/8sZnEPNQAmYdao1W13esMe07N+SsPdWRsF6yI8xL6f
M/wSa+Z3cXcZA23uSiBF4aBKDt1CqCSTBt8KjtmFHEo9OONm4Ix3uNrU3Bk7
6TuHc41bqfidKtgsjtq2gn5cgV4koKrfMHK+gM6ebF4Gfi+OFqVyeLhdDOv+
Dy2QW+qttC+hE6Qu9S9F4umrPaOzdCUUyEYR2c2mvnthFEfRorGMAt9Z03ta
1cioq3PSIN2Gs0oaDjUNqvJTl0s/7DlxaEu0qSl833/wMPbj+5/P36c2lvxZ
UHXpxGtF+lOAUufODTaLk45CTGZDhdRpbhArbDOv+JLbfoDwUEFbetCvv4Jl
/gLPvMQ1LzLOM6yzj3ue4Z+vY6EXeIheHn2jAv4JjeclBykfNOuslnl9e3JT
q7PS0yH75sgqrZpvjOG1gtCKGpiqYFU5uaZuZuVYmfKYmTCYApkZV1Ej68es
TK5uXrUwYey9uQD9CFIgfx/038LbU3+J1uEmpctzR32eSnooJPJg3VJ7sSdg
WGMZSR6o90vzUFohB6MSKLCZUf9pBZBV+01pVdDvm+1hxa8q0jmYtnQ848CU
WOJNee+KV1S9GOvy2VXTnvUqV5slTCHZ3JKijKFvxXI0S3f6+ypH84370yox
Yzl8N6WVt4Ol2h+qiKjvdKtpmw/vpCnVePsTCNgRNCXfyp0MWwcRf/Z1NRXK
AsqzM186QSTxHk1Y9lE+q0yFgdhualMhFs4qksoTVe/tdSWbbZeZYKPtKGfm
nma26GErsc7r8Yuzna6h0jdkIM9kzlQv8YwyellSV5o/WS7p5ZmvDkgeg/R3
hug+UM2ZuiUxyxhTOWeUVvNi93hRby0iQqG+AWO1l7+kqbGLybsJWG3m0xUF
nb1RfoMHfjTdVYlr3mRjleTMR8uUkg9WU64YLnbCVI2qklbfOoalGzfTZe1e
cb7QkOflje49Kmez6m567X6v47jtnhh3W17LHbh2fzzsdUWHd1Aj9ipgLP71
3OGw57rO2O130eKL4WjYQ304tMV4IEbdju7hK4c8lZDz1x233RXc7aLp73k2
F+MhRx065EPPafXcDn9mPVSsI+GNeqg/297I81y7N3CG3dG4j0UHI1evV9BT
UfhuUZZq9Fqt1qBORexPn27LZQdti5mVsU21h8wZhe4O8kaSB7Ma/Q7lptMf
1PIG8l51lfmPHDD1wXdF3DQbevT76r6mM/l1pl3TUUW3L+VLWorlZGqTIBWB
+1ZLjzhSoyTPU7ckT7+6yETjIxSk9jxKZUlcPC5V45C1APkLJ/Qo2LXf76lj
rd2/j3+eflk8fvzEf/04Ga9WJ28HF2nUffj4r38Nbx9/PL1d/e/Jehbf9O5r
m6r7OVpKbXetxKyqk8hkd9hUTXK406ZbJLs7Gra6fdd2bSGEO7Jbo77b8trP
oEv/G469dsex2x4fAWXAWqcDZIl2pzvoO6OB8zrvbsoVaIG0rDQhO9ufqbPa
Ll5QfbdbBmDlUkXNqLNOnW6zhpmP1R7KmJ6Dl36FtMuWZamhlpLpkn5oJdzp
ykcm6l9WyLLgiCnBWHxJIbFH7nMBf10bkUF6al2rGJu/EyNaKpIy0cHnPH7/
PZ2tUvZUJEm5NKtSzZ7NKuq1XQXm+um3HLFPJezuXl1hGRVBWiV/KXcW0Cm1
rToDQqejEbOkqwwAlEN/QF8d5Bp3p/T0FCB7Gi1FzHUDO9Ud6EsT+3piHKEb
b/zZKkONUBtF0pQ63Jf0f84/b+pfH70uRc/8qGW6EDhGp7oJfzGENcQ7oDs1
vD9S/bdRUStZYZXtMja9BBm6hmySuz98OJ/cnH8FSvJLyj9XfjY5+0+VW4YI
toh6NOLueNxzuO21+w7qiJbb4j3uddo9u+0O+7ucO+TCEV6nKzzPs92xOxK9
wWg0GDiOI2zu9F5n10WvijLtlL7Fcg3A6P79+uw6f6uudlQFtyNW+b0G3UmH
kZbkKgtl9qs2+qqctEwc+mY9EO5M/fjOejrWP9wU7t9rqrjGqaUX57mkaFr/
D02Cgk0IKwAA

-->

</rfc>
