Re: [Json] [apps-discuss] JSON mailing list and BoF

Mike Jones <Michael.Jones@microsoft.com> Wed, 20 February 2013 00:24 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 891AE21F86D3 for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 16:24:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.583
X-Spam-Level:
X-Spam-Status: No, score=-2.583 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJ4bE-3ksgtG for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 16:24:04 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.23]) by ietfa.amsl.com (Postfix) with ESMTP id 56D5521F85F5 for <json@ietf.org>; Tue, 19 Feb 2013 16:24:04 -0800 (PST)
Received: from BY2FFO11FD028.protection.gbl (10.1.15.200) by BY2FFO11HUB022.protection.gbl (10.1.14.109) with Microsoft SMTP Server (TLS) id 15.0.620.12; Wed, 20 Feb 2013 00:24:01 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD028.mail.protection.outlook.com (10.1.15.217) with Microsoft SMTP Server (TLS) id 15.0.620.12 via Frontend Transport; Wed, 20 Feb 2013 00:24:01 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.96]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0318.003; Wed, 20 Feb 2013 00:23:45 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Paul C. Bryan" <pbryan@anode.ca>, "json@ietf.org" <json@ietf.org>
Thread-Topic: [Json] [apps-discuss] JSON mailing list and BoF
Thread-Index: AQHODu/bO++PfZyST0OQOvHOmW3/lZiBw+8AgAACBICAAAEJgIAABzYAgAABUoCAAAg/AIAAAr0AgAACqICAAARygIAAAKTQ
Date: Wed, 20 Feb 2013 00:23:44 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394367477E41@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAHBU6iub4vp2QrcGNmAg+2rz=JhP1x7fW43e5L3gNkuLz442wg@mail.gmail.com> <A723FC6ECC552A4D8C8249D9E07425A70F898351@xmb-rcd-x10.cisco.com> <CAHBU6iuCLnF0L4_S7=44Uy8mY+QWmG-Z9QfYMzMb+QNUgqCs0Q@mail.gmail.com> <1361319479.9790.36.camel@pbryan-wsl.internal.salesforce.com>
In-Reply-To: <1361319479.9790.36.camel@pbryan-wsl.internal.salesforce.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.74]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394367477E41TK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377424002)(377454001)(51704002)(479174001)(189002)(199002)(24454001)(65816001)(47976001)(56776001)(54356001)(55846006)(5343635001)(47736001)(49866001)(33656001)(50986001)(15202345001)(74502001)(63696002)(5343655001)(16297215001)(76482001)(54316002)(47446002)(44976002)(74662001)(20776003)(53806001)(46102001)(16236675001)(4396001)(16601075001)(31966008)(51856001)(59766001)(77982001)(80022001)(512874001)(66066001)(56816002)(16406001)(79102001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB022; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 07630F72AD
Subject: Re: [Json] [apps-discuss] JSON mailing list and BoF
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 00:24:16 -0000

As background, the JOSE specs require that equality comparisons for members be done as a comparison of Unicode code points, with no normalization or case folding performed.  See http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section-8.3.

                                                                -- Mike

From: json-bounces@ietf.org [mailto:json-bounces@ietf.org] On Behalf Of Paul C. Bryan
Sent: Tuesday, February 19, 2013 4:18 PM
To: json@ietf.org
Subject: Re: [Json] [apps-discuss] JSON mailing list and BoF

Should two representations of the same JSON (string) value be c14n'ed differently? I think not*.

If not, then I think comparisons would need to occur by parsing JSON strings into Unicode codepoints.

Paul

* Why not? Mostly because I foresee many operations such as signature verification occurring on already-parsed JSON values, so how it was represented when it was serialized should (ideally) be moot.

On Tue, 2013-02-19 at 16:02 -0800, Tim Bray wrote:
Yes, I guess I did sort of strawman-suggest banning \uxxxx.  Which clearly doesn't fly.  So, two suggestions:

- \uxxxx is only allowed for chars that must be escaped per the JSON spec
- \uxxxx is freely allowed, but the \uxxxx is considered to represent a single codepoint, and all comparison/hashing operations have to be conducted codepoint-by-codepoint

I think I probably support the first, because it does allow comparison using strcmp() or equivalent. That's assuming that c14n is in fact worth doing. -T


On Tue, Feb 19, 2013 at 3:52 PM, Joe Hildebrand (jhildebr) <jhildebr@cisco.com<mailto:jhildebr@cisco.com>> wrote:
Nor was I suggesting we do so.

I was suggesting that if you want to get \u0000 - \u001f, excluding
\u0008(\b), \u0009(\t), \u000a(\n), \u000c(\f), and \u000d(\r) into the
canonicalized output, you have to use the \u notation, which means we
can't outlaw \u notation entirely in the canonicalized form, as some of us
thought Tim had suggested in the first place.

Note, I was wrong about \u0000 being the only codepoint we care about.
From section 2.5 of 4627:

"All Unicode characters may be placed within the
   quotation marks except for the characters that must be escaped:
   quotation mark, reverse solidus, and the control characters (U+0000
   through U+001F)."



On 2/19/13 4:42 PM, "Tim Bray" <tbray@textuality.com<mailto:tbray@textuality.com>> wrote:

>I haven¹t heard anyone saying U+0000 should be illegal in JSON.  It¹s too
>late to redesign JSON. -T
>
>
>
>On Tue, Feb 19, 2013 at 3:13 PM, Francis Galiegue
><fgaliegue@gmail.com<mailto:fgaliegue@gmail.com>> wrote:
>
>On Wed, Feb 20, 2013 at 12:08 AM, Joe Hildebrand (jhildebr)
><jhildebr@cisco.com<mailto:jhildebr@cisco.com>> wrote:
>[...]
>>>
>>>
>>>He means "\u0000 is an exception to Tim's proposed 'forbid escaping'
>>>rule".
>>
>> Exactly.  It's the only code point that I know of that MUST be escaped
>> using \uxxxx notation when serialized (either canonically or otherwise).
>> All of the other codepoints that need to be escaped have \x versions.
>>
>
>
>OK, but why should it be considered illegal at all? Any ASCII
>character is representable by such a sequence, it just happens that 0
>can where ASCII can't... I don't see this as a reason to outlaw this
>particular sequence... Or there is something I don't understand in
>your argument.
>
>--
>Francis Galiegue, fgaliegue@gmail.com<mailto:fgaliegue@gmail.com>
>Try out your JSON Schemas:
>http://json-schema-validator.herokuapp.com
><http://json-schema-validator.herokuapp.com>
>
>
>
>
>
>
>
>



--
Joe Hildebrand






_______________________________________________

json mailing list

json@ietf.org<mailto:json@ietf.org>

https://www.ietf.org/mailman/listinfo/json