Re: [Cbor] Handling duplicate map keys
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 25 November 2019 23:57 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74E2B120CDB for <cbor@ietfa.amsl.com>; Mon, 25 Nov 2019 15:57:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.484
X-Spam-Level: **
X-Spam-Status: No, score=2.484 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNKl2NbT3ZAa for <cbor@ietfa.amsl.com>; Mon, 25 Nov 2019 15:57:24 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 602C6120FC8 for <cbor@ietf.org>; Mon, 25 Nov 2019 15:57:24 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [194.42.227.53]) by relay.sandelman.ca (Postfix) with ESMTPS id CB60B1F480 for <cbor@ietf.org>; Mon, 25 Nov 2019 23:57:21 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 055311376; Mon, 25 Nov 2019 16:02:30 +0800 (+08)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: cbor@ietf.org
In-reply-to: <F81E1A57-6072-44FA-A148-8F3ED7520791@island-resort.com>
References: <CANh-dX=EVDa4EwrgWKof4kCD3nkfV3BvH0Cg5ZKOivmXJ_Dm8g@mail.gmail.com> <E5C74E1F-A5F4-4AB8-9787-3999C4697C3B@island-resort.com> <CANh-dX=1gkAtfSG-yzCsVAkk=oLM-=dN_JLCr1kQK3d6Jb0fSw@mail.gmail.com> <F81E1A57-6072-44FA-A148-8F3ED7520791@island-resort.com>
Comments: In-reply-to Laurence Lundblade <lgl@island-resort.com> message dated "Sat, 23 Nov 2019 07:21:49 -0800."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 25 Nov 2019 09:02:30 +0100
Message-ID: <32467.1574668950@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/WJODOQCTEjixqcX7RbBIROt6Hng>
Subject: Re: [Cbor] Handling duplicate map keys
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 23:57:25 -0000
Laurence Lundblade <lgl@island-resort.com> wrote: > My intention was that “pass all items up” covers your case. python, ruby, lua, java, etc. dictionaries can not "pass all items up" The reason why JSON is so successful is because it maps into native dictionaries (maps) trivially. In order to pass things up, a different structure will be necessary, at which point many developers and protocol designers will see no value in CBOR over a bespoke binary encoding. It is this refusal to define a specific algorithm for dealing with duplicates that is leading to security issues. It's not the duplicates themselves that is the problem, it is the ambiguity. I am less afraid to declare an answer and make some decoders non-compliant. I think that they will get fixed. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Cbor] Handling duplicate map keys Jeffrey Yasskin
- Re: [Cbor] Handling duplicate map keys Laurence Lundblade
- Re: [Cbor] Handling duplicate map keys Jeffrey Yasskin
- Re: [Cbor] Handling duplicate map keys Laurence Lundblade
- Re: [Cbor] Handling duplicate map keys Laurence Lundblade
- Re: [Cbor] Handling duplicate map keys Jeffrey Yasskin
- Re: [Cbor] Handling duplicate map keys Laurence Lundblade
- Re: [Cbor] [EXTERNAL] Re: Handling duplicate map … Mike Jones
- Re: [Cbor] Handling duplicate map keys Jim Schaad
- Re: [Cbor] Handling duplicate map keys Michael Richardson
- Re: [Cbor] Handling duplicate map keys Laurence Lundblade
- Re: [Cbor] Handling duplicate map keys David Kemp
- Re: [Cbor] Handling duplicate map keys Carsten Bormann