Re: JSON headers
Carsten Bormann <cabo@tzi.org> Tue, 12 July 2016 06:47 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D2E112D0C8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 11 Jul 2016 23:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.208
X-Spam-Level:
X-Spam-Status: No, score=-8.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1HByCSC2IFt3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 11 Jul 2016 23:47:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E99512B007 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 11 Jul 2016 23:47:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bMrOh-0006uB-Sm for ietf-http-wg-dist@listhub.w3.org; Tue, 12 Jul 2016 06:42:23 +0000
Resent-Date: Tue, 12 Jul 2016 06:42:23 +0000
Resent-Message-Id: <E1bMrOh-0006uB-Sm@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <cabo@tzi.org>) id 1bMrOf-0006tU-14 for ietf-http-wg@listhub.w3.org; Tue, 12 Jul 2016 06:42:21 +0000
Received: from relay5-d.mail.gandi.net ([217.70.183.197]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <cabo@tzi.org>) id 1bMrOd-0006KC-6U for ietf-http-wg@w3.org; Tue, 12 Jul 2016 06:42:20 +0000
Received: from mfilter49-d.gandi.net (mfilter49-d.gandi.net [217.70.178.180]) by relay5-d.mail.gandi.net (Postfix) with ESMTP id C438541C089; Tue, 12 Jul 2016 08:41:56 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter49-d.gandi.net
Received: from relay5-d.mail.gandi.net ([IPv6:::ffff:217.70.183.197]) by mfilter49-d.gandi.net (mfilter49-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id b3DA_cbxgGVR; Tue, 12 Jul 2016 08:41:55 +0200 (CEST)
X-Originating-IP: 93.199.242.26
Received: from nar-3.local (p5DC7F21A.dip0.t-ipconnect.de [93.199.242.26]) (Authenticated sender: cabo@cabo.im) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 78B9A41C08D; Tue, 12 Jul 2016 08:41:53 +0200 (CEST)
Message-ID: <57849130.4060104@tzi.org>
Date: Tue, 12 Jul 2016 08:41:52 +0200
From: Carsten Bormann <cabo@tzi.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
CC: Willy Tarreau <w@1wt.eu>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Yanick Rochon <yanick.rochon@gmail.com>, Phil Hunt <phil.hunt@oracle.com>, HTTP Working Group <ietf-http-wg@w3.org>
References: <8251.1468229350@critter.freebsd.dk> <e9a55629-656c-3b6a-3ac4-5fb7a109b2f0@gmx.de> <8739.1468234635@critter.freebsd.dk> <38b3e7bb-3202-f489-ff15-d4d545e13ca0@gmx.de> <8854.1468236033@critter.freebsd.dk> <326f0b93-dbd5-3dfb-2a35-d1bf084684b4@gmx.de> <9221.1468245597@critter.freebsd.dk> <aa9cee9c-d8e3-17ba-9fcd-e327575cd5a8@gmx.de> <9801.1468259070@critter.freebsd.dk> <15d27f23-6b51-1e8e-3f10-194c80570424@gmx.de> <20160711190107.GB9542@1wt.eu> <0e467573-4f68-80a5-14a4-5a63b41ac4d4@gmx.de> <57841F4A.30901@tzi.org> <57e2c1b6-749f-c697-5c92-15eeb44b303b@gmx.de>
In-Reply-To: <57e2c1b6-749f-c697-5c92-15eeb44b303b@gmx.de>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-W3C-Hub-Spam-Status: No, score=-7.8
X-W3C-Hub-Spam-Report: AWL=0.849, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bMrOd-0006KC-6U 4c276125a2e8f9d7d2b1f24d481e23f4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: JSON headers
Archived-At: <http://www.w3.org/mid/57849130.4060104@tzi.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31916
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> It is allowed by the structure of the *wire format*. The syntax indeed cannot prevent it. It's still not *allowed* in JSON. > The *specification* has a "SHOULD have unique names", but then, that's > only a SHOULD (exactly because we know we can't rely on it, otherwise we > wouldn't have the prose about what recipients can do with it). It is a SHOULD because people were chickening out because of a possible political conflict with ECMA 404. Note well that no reason is given to ever violate that SHOULD. Now, for performance reasons, there is no requirement on a receiver to check for this constraint. Protocol design 101 tells us that a lack of checking will cause implementations to emit invalid JSON just because they can (the "soup" effect). Hence the description in RFC 7159 what goes wrong when you do that. (However, the security considerations fail to mention the check-vs-use vulnerabilities that inevitably come from the variety in implementation strategies; the last paragraph of Section 8 of RFC 7049 does apply.) This discussion may be a bit off-topic for the HTTP WG, but I think it is important to understand JSON when using it in HTTP. Grüße, Carsten
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Cory Benfield
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Andy Green
- Re: JSON headers Julian Reschke
- Re: JSON headers Mark Nottingham
- Re: JSON headers Andy Green
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Andy Green
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Cory Benfield
- Re: JSON headers Julian Reschke
- Re: JSON headers Yanick Rochon
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Kevin Marks
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- RE: JSON headers Mike Bishop
- Re: JSON headers Phil Hunt
- JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers - No: CBOR headers Poul-Henning Kamp
- Re: JSON headers - No: CBOR headers Martin Thomson
- Re: JSON headers - No: CBOR headers Carsten Bormann
- Re: JSON headers - No: CBOR headers Martin Thomson
- Re: JSON headers Willy Tarreau
- Re: JSON headers nicolas.mailhot
- Re: JSON headers Yanick Rochon
- Re: JSON headers - No: CBOR headers Poul-Henning Kamp
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Amos Jeffries
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Julian Reschke
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Yanick Rochon
- Re: JSON headers Willy Tarreau
- Re: JSON headers Carsten Bormann
- Re: JSON headers Yanick Rochon
- Re: JSON headers Willy Tarreau
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Yanick Rochon
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Tim Bray
- Re: JSON headers Phil Hunt (IDM)
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Cory Benfield
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Roy T. Fielding
- Re: JSON headers Roy T. Fielding