IETF Logo Mail Archive

Re: JSON headers - No: CBOR headers

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Tue, 12 July 2016 08:27 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00A3612D75B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jul 2016 01:27:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.208
X-Spam-Level:
X-Spam-Status: No, score=-8.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mOjPXn1gOw2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jul 2016 01:27:05 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72B3412D755 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Jul 2016 01:27:05 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bMsxf-0000HD-3d for ietf-http-wg-dist@listhub.w3.org; Tue, 12 Jul 2016 08:22:35 +0000
Resent-Date: Tue, 12 Jul 2016 08:22:35 +0000
Resent-Message-Id: <E1bMsxf-0000HD-3d@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phk@phk.freebsd.dk>) id 1bMsxb-0000GI-Ex for ietf-http-wg@listhub.w3.org; Tue, 12 Jul 2016 08:22:31 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.80) (envelope-from <phk@phk.freebsd.dk>) id 1bMsxZ-00088P-A9 for ietf-http-wg@w3.org; Tue, 12 Jul 2016 08:22:30 +0000
Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id 02BFE273CF; Tue, 12 Jul 2016 08:22:05 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTP id u6C8M3vN012802; Tue, 12 Jul 2016 08:22:04 GMT (envelope-from phk@phk.freebsd.dk)
To: Julian Reschke <julian.reschke@gmx.de>
cc: Carsten Bormann <cabo@tzi.org>, Willy Tarreau <w@1wt.eu>, Yanick Rochon <yanick.rochon@gmail.com>, Phil Hunt <phil.hunt@oracle.com>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <928f8531-6573-caf6-50c1-1672cc020959@gmx.de>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <8251.1468229350@critter.freebsd.dk> <e9a55629-656c-3b6a-3ac4-5fb7a109b2f0@gmx.de> <8739.1468234635@critter.freebsd.dk> <38b3e7bb-3202-f489-ff15-d4d545e13ca0@gmx.de> <8854.1468236033@critter.freebsd.dk> <326f0b93-dbd5-3dfb-2a35-d1bf084684b4@gmx.de> <9221.1468245597@critter.freebsd.dk> <aa9cee9c-d8e3-17ba-9fcd-e327575cd5a8@gmx.de> <9801.1468259070@critter.freebsd.dk> <15d27f23-6b51-1e8e-3f10-194c80570424@gmx.de> <20160711190107.GB9542@1wt.eu> <0e467573-4f68-80a5-14a4-5a63b41ac4d4@gmx.de> <57841F4A.30901@tzi.org> <57e2c1b6-749f-c697-5c92-15eeb44b303b@gmx.de> <57849130.4060104@tzi.org> <928f8531-6573-caf6-50c1-1672cc020959@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <12800.1468311723.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Tue, 12 Jul 2016 08:22:03 +0000
Message-ID: <12801.1468311723@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-6.0
X-W3C-Hub-Spam-Report: AWL=-0.803, BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bMsxZ-00088P-A9 7e0484db2f7fa46a452f4dc528fe4b58
X-Original-To: ietf-http-wg@w3.org
Subject: Re: JSON headers - No: CBOR headers
Archived-At: <http://www.w3.org/mid/12801.1468311723@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31923
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <928f8531-6573-caf6-50c1-1672cc020959@gmx.de>, Julian Reschke writes
:

Tl;DR:  I would prefer CBOR and base{64|85}(CBOR) to JSON


>2) People abusing it to add comments to JSON (by choosing a member name 
>for comments, and repeating it).

That is one of the places where I went "Doh?" when I first saw JSON,
who the heck defines a data-interchange format with no support for
comments ?!

The answer, of course, is that JSON is not a data-interchange format,
it is a subset of the JavaScript source code syntax, and they didn't
include comments in that subset.

JSON being "source compatible", has been correctly critized for
being a wide open invitation for unsafe data-ingestion practices,
with plenty of real world instances to validate the argument.

We can take it as an absolutely certainty, that if we choose JSON
serialization, too many people will just "eval" it into Javascript,
opening them wide for malicius point-edits[1] and hostile actors.

This is of course not our first priority for deciding, but it counts
clearly against JSON.

>> This discussion may be a bit off-topic for the HTTP WG, but I think it
>> is important to understand JSON when using it in HTTP.
>
>Absolutely; and the conclusion might well be that we won't use JSON on 
>the wire.

Carstens CBOR presentation from IETF94 is very good background here,
and as a compentent data-interchange format CBOR (RFC7049) will get
my vote over JSON any time.

The problem with CBOR is that there does not seem to be a "CAOR"
we can use with H1[2], but maybe that is a good thing.

Eyeballing it, the size of base85(CBOR(obj)) or even base64(CBOR(obj))
seems to acceptably close to JSON.

An implementation would use the same CBOR serdes code for both H1
and H2, with a trivial gloss of baseXX serdes on top for H1.

I like that, in particular I like that it makes H1<-->H2 interop
trivial, streamable, reliable and debuggable.

Security-wise it is also preferable, because it forces everybody
to use a proper serdes code[3], and it permantently closes the door
to unsafe hacks such as 's/q=[0-9.]*/q=0/'

CBOR gets my vote.

Poul-Henning

[1] My security friends would point to general principle, that one
    should avoid serializations which can be "point-edited" to change
    semantic content.  (Text-book example:   Computer printed cheques
    filling the amount field with non-space: "****1000$*".).

    Such "point-edited" HTTP headers are in widespread use in H1,
    for instance "nnoCection:" and similar hacks, but they are also
    used on the other side of the colon by smut-filters and "privacy
    controls", typically mangling Location:, (Set-)Cookie: and in some
    cases the URL.

    H2 and HPACK makes that shortcut a lot longer, but I very much
    suspect that these devices may retain their "application logic"
    and just deserialize, mangle and reserialize the headers.

[2] CBOR does have a "Diagnostic Notation" which renders it to text, but
    it is not meant to be a data-interchange format, and as a debugging
    tool includes information that is surplus to (our) requirements.

[3] At least until CBOR becomes valid syntax in INTERCAL.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

v2.23.0 | Report a Bug | By Email