Re: JSON headers
Kevin Marks <kevinmarks@gmail.com> Sat, 09 July 2016 21:56 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1CF212D1E6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 9 Jul 2016 14:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.408
X-Spam-Level:
X-Spam-Status: No, score=-6.408 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGyqozCvmZca for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 9 Jul 2016 14:56:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B6E812B01E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 9 Jul 2016 14:56:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bM0Ak-0007jK-Kj for ietf-http-wg-dist@listhub.w3.org; Sat, 09 Jul 2016 21:52:26 +0000
Resent-Date: Sat, 09 Jul 2016 21:52:26 +0000
Resent-Message-Id: <E1bM0Ak-0007jK-Kj@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <kevinmarks@gmail.com>) id 1bM0Ah-0007iY-0n for ietf-http-wg@listhub.w3.org; Sat, 09 Jul 2016 21:52:23 +0000
Received: from mail-yw0-f176.google.com ([209.85.161.176]) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <kevinmarks@gmail.com>) id 1bM0Af-0005C2-9S for ietf-http-wg@w3.org; Sat, 09 Jul 2016 21:52:22 +0000
Received: by mail-yw0-f176.google.com with SMTP id l125so64207942ywb.2 for <ietf-http-wg@w3.org>; Sat, 09 Jul 2016 14:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc; bh=bA7KY6+FqCl06+xIyP5MoTRk3TFhW3xbipzTzu9VzPU=; b=qfHcRCQYx5oOisva9ChTMiwCYYJS1GXngASi9Rmaxlko+6sV65MkDR664+n8J0sJtO v8BS3ZfdRPQslTTXoAbic9lBA35BZFguuok11g0NTw/hhB5kHJPT2qjHbBodS0vcL2Fn eI4WBNniYWv7DNQoq1J/0sRf2Pb2UAIB6BNRkDSgc/tX3/lEkkjATpObSzS0HGh3KKic RKJDE7PABYo7rAzTIofIlsBCtKmnra2625rAciWMLkdv9ShXGAOWE1PbyNcqjwVld+D3 8hnHpe0cbpmfxEs8+Iw0COt5rziVBu859sCiG0r2VsFgMZAQNhKTTwtKfg5Tf9eASAaW nJxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc; bh=bA7KY6+FqCl06+xIyP5MoTRk3TFhW3xbipzTzu9VzPU=; b=Yk53mB00C69y55tXdUZWCxi4Ms6gip81WbSrt9rHVCsYnEuDKkVUXQ3nSFx3T90RA7 X3xd7ZpK+Taz9SGKETzDudr1tsGg+RCoLjlQQ1HJrmXJIuVM/Oh5xCCZpvWp1Z6j319e Ly3uWmNhvFlSW8XXcXmNYsOfHA4gbGOzXoENgYPpPmGmIWX3V89feN0ecyOHaJS8Bl4r 6TZNbsZaP0vkQ+Oktt5DEUu5EKwue+pMugjspfVQ3RYRE7xuzOrIXUySFXZ88JygPBGI 9Nm44nJHhCh936HB7mILjn7ANFpGRFWax4t+F2q8GuFUGHr6w2qJfuT05cQd7BhzosvP rqcw==
X-Gm-Message-State: ALyK8tLEs9RXYdjc81RVEd/phIepj/q+dj8jBA2Rl3GhU3epg5uNlBeldEfYVhm9nuqInLEP1vPA4KAQcYvw5g==
X-Received: by 10.13.250.194 with SMTP id k185mr9753992ywf.317.1468101114581; Sat, 09 Jul 2016 14:51:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.99.5 with HTTP; Sat, 9 Jul 2016 14:51:53 -0700 (PDT)
In-Reply-To: <A17D3EFD-A935-4971-BCF6-DC9D38302CAD@oracle.com>
References: <74180.1468000149@critter.freebsd.dk> <A17D3EFD-A935-4971-BCF6-DC9D38302CAD@oracle.com>
From: Kevin Marks <kevinmarks@gmail.com>
Date: Sat, 09 Jul 2016 14:51:53 -0700
Message-ID: <CAD6ztspY=NCA0cCBRtSMhzHr_VKPdsBCTf7TCLK3CNGhNkEsFg@mail.gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.161.176; envelope-from=kevinmarks@gmail.com; helo=mail-yw0-f176.google.com
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=0.652, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bM0Af-0005C2-9S e6094ee662f139247725a2f0f87de0d4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: JSON headers
Archived-At: <http://www.w3.org/mid/CAD6ztspY=NCA0cCBRtSMhzHr_VKPdsBCTf7TCLK3CNGhNkEsFg@mail.gmail.com>
To: ietf-http-wg@w3.org
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31852
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Fri, Jul 8, 2016 at 11:44 AM, Phil Hunt <phil.hunt@oracle.com> wrote: > Not sure if this has been discussed. One of the biggest problems with HTTP > request signing has been repeat headers. It presents problem of detecting > which headers are intended and which header was signed first. > > It would be nice if the JSON encoding handled arrays so that the demand for > duplicate headers is removed. Signing could then be more successful and > could even stipulate that the presence of a repeat header in a signed > request is a failure condition. > JSON doesn't help with this, as key order in objects (as opposed to lists) is not required or defined. Different programming languages behave differently here when iterating. PHP preserves definition order, python orders by hash of the key, and Go randomises the order (to prevent accidental dependencies). Parsing JSON into native form and writing it out again makes key order indeterminate. As http headers have order dependent behaviour, this is a problem with replacing the key: value with JSON.
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Cory Benfield
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Andy Green
- Re: JSON headers Julian Reschke
- Re: JSON headers Mark Nottingham
- Re: JSON headers Andy Green
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Andy Green
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Cory Benfield
- Re: JSON headers Julian Reschke
- Re: JSON headers Yanick Rochon
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Kevin Marks
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- RE: JSON headers Mike Bishop
- Re: JSON headers Phil Hunt
- JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers - No: CBOR headers Poul-Henning Kamp
- Re: JSON headers - No: CBOR headers Martin Thomson
- Re: JSON headers - No: CBOR headers Carsten Bormann
- Re: JSON headers - No: CBOR headers Martin Thomson
- Re: JSON headers Willy Tarreau
- Re: JSON headers nicolas.mailhot
- Re: JSON headers Yanick Rochon
- Re: JSON headers - No: CBOR headers Poul-Henning Kamp
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Amos Jeffries
- Re: JSON headers Martin J. Dürst
- Re: JSON headers Julian Reschke
- Re: JSON headers Carsten Bormann
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Yanick Rochon
- Re: JSON headers Willy Tarreau
- Re: JSON headers Carsten Bormann
- Re: JSON headers Yanick Rochon
- Re: JSON headers Willy Tarreau
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Julian Reschke
- Re: JSON headers Yanick Rochon
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Tim Bray
- Re: JSON headers Phil Hunt (IDM)
- Re: JSON headers Julian Reschke
- Re: JSON headers Willy Tarreau
- Re: JSON headers Cory Benfield
- Re: JSON headers Poul-Henning Kamp
- Re: JSON headers Roy T. Fielding
- Re: JSON headers Roy T. Fielding