IETF Logo Mail Archive

Re: [dispatch] draft-goessner-dispatch-jsonpath-00.txt

Brian Rosen <br@brianrosen.net> Wed, 15 July 2020 20:19 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE63D3A0A83 for <dispatch@ietfa.amsl.com>; Wed, 15 Jul 2020 13:19:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v3re-i-XrFBl for <dispatch@ietfa.amsl.com>; Wed, 15 Jul 2020 13:19:14 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D05A3A0832 for <dispatch@ietf.org>; Wed, 15 Jul 2020 13:19:14 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id y2so3661406ioy.3 for <dispatch@ietf.org>; Wed, 15 Jul 2020 13:19:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+woUB781jWGEAPF784/sesTfuRGvIWl6c1k1R4vVJrg=; b=ea7b0JR0y0R5p6uxGIvK3xqadP0JkE6ErfflT85M7G/HsktF8vfJcDqu9595OJny3A o8c1NWFw4Da5Q2i46+HFw3belvS7l/eW42tH3bEBx5Gjo9MhA4sS1RGzZUk34FxIqGRP c8yrLaDCkF0Rtc9eRKctL5dHQcF39iFhkEEXvr/0qYT5uDpv2qNEeNbLGeWXdJa36kqt wO0HTbAfkA+Kgor/leoSx5ixyuFiKVmpksTF9D7Ey86102PAGmzlNMmcJyMTQtyuPxog 4ylquBsOhtklogN8iPHwf+zlqayNEzFHhKvFWfXb0Xx4MUokjZtLD+mpCZb6HTb3f8rm McwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+woUB781jWGEAPF784/sesTfuRGvIWl6c1k1R4vVJrg=; b=lR0pkVM9zhwAh3OctLs5qtTZO1rlBDdBzNOHcAV1gemeKd0NXorqu+JYe3sAGIZGXp tHyWB6ni0R5tOUqZAhj3X7nFLplHodTgz9VnEfRV94dBI58oIgMZ2HeGJez2rLyl8xmz eYBtVTN4JMjuRvJ8KVOQskrfn9IaHGsI/dGzH/toXL7JqRM/apjvXjeSPNbGao9TqnuS gz4vdEOqiLLfOSnIuLgBxmW6SS5+YiOQV77CSpoBKSHQ5n7mxkzVaYkwXSqYveNcF/RF KN24Xv2uhvIcpbk7Vkv6BEe5XE7bm1yK305ogZs6cK00myY27EDP56NovNZnZuulOaIX E2mw==
X-Gm-Message-State: AOAM533G/uWQYQLlyhtkilF/gTKG70ptqqD9QMXmnrtPFe4t3ifHveUU wr0pBTcYKmFSU32ZM4lcDox01A==
X-Google-Smtp-Source: ABdhPJxD8lNocb8WQ0ZGiRDCfvjDTAKjT/NtB0L4k1asSkkpaHgl1sToOAGAW8JiCXHJpCeNLJIsgQ==
X-Received: by 2002:a02:9642:: with SMTP id c60mr1200646jai.71.1594844353472; Wed, 15 Jul 2020 13:19:13 -0700 (PDT)
Received: from brians-mbp-2871.lan (dynamic-acs-24-154-119-158.zoominternet.net. [24.154.119.158]) by smtp.gmail.com with ESMTPSA id s18sm1538069ilj.63.2020.07.15.13.19.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jul 2020 13:19:12 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <8108D98C-7627-4A3E-A7A8-7183F8A1EA71@tzi.org>
Date: Wed, 15 Jul 2020 16:19:10 -0400
Cc: Kévin Dunglas <kevin@dunglas.fr>, Martin Thomson <mt@lowentropy.net>, dispatch@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <77B387C5-1AF1-41A7-B3A7-870D4BC357A1@brianrosen.net>
References: <159467093010.19477.7181341398452455173@ietfa.amsl.com> <77B617C1-2148-4AE6-8428-DAD43D01FBC5@tzi.org> <d2ab505d-bc99-482d-a8e5-694f67ce932b@www.fastmail.com> <1C9B201D-7DB6-4A8D-8750-475981DB5863@brianrosen.net> <CADU7aovozOiayeDV8PVduAZQsoBuZYbPxOSFpxU2S0JvyhcgVg@mail.gmail.com> <8108D98C-7627-4A3E-A7A8-7183F8A1EA71@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/DW3bVz_tXer7O31ni-glL0k5sxs>
Subject: Re: [dispatch] draft-goessner-dispatch-jsonpath-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 20:19:16 -0000

+1

> On Jul 15, 2020, at 2:56 PM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2020-07-15, at 15:35, Kévin Dunglas <kevin@dunglas.fr> wrote:
>> 
>> However we have voluntarily decided to not recommend JSONPath and to not implement it in the reference implementation because of the security considerations already pointed out by Martin and because it would allow (as GraphQL) a bad client to run easily very complex queries (which may be a DOS/DDOS attack vector).
> 
> Security considerations are an important point in the definition of JSONPath.
> Instead of other formats adopting varying subsets of JSONPath that they happen to deem secure, I think it would be better to have a “secure” profile of JSONPath.
> Note that this isn’t XPath (which is Turing equivalent…).
> 
> Grüße, Carsten
>

v2.23.0 | Report a Bug | By Email