IETF Logo Mail Archive

Re: [Json] [Technical Errata Reported] RFC8259 (7603)

Carsten Bormann <cabo@tzi.org> Tue, 15 August 2023 06:32 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 140E8C15108B for <json@ietfa.amsl.com>; Mon, 14 Aug 2023 23:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKkrmgjJ4qbB for <json@ietfa.amsl.com>; Mon, 14 Aug 2023 23:32:35 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02C5AC14CE2C for <json@ietf.org>; Mon, 14 Aug 2023 23:32:34 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2a00:20:62c1:6931:6cd1:4e6:9e91:2db2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4RQ1f53JdxzDCjn; Tue, 15 Aug 2023 08:32:29 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAHBU6itrQ3B1O=YSLRvZ1iP_nf+JpmdZipqwOhV_+3-VU58v8w@mail.gmail.com>
Date: Tue, 15 Aug 2023 08:32:18 +0200
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, linuxwolf+ietf@outer-planes.net, Guillaume Fortin-Debigaré <guillaume.fortin@debigare.com>, json@ietf.org, RFC Errata System <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC66BD53-C563-42D2-B239-62ADA10EFC4B@tzi.org>
References: <20230813200941.250C13E8A7@rfcpa.amsl.com> <2E0F84CF-809D-4325-B60E-16FC2839E027@tzi.org> <CAHBU6itrQ3B1O=YSLRvZ1iP_nf+JpmdZipqwOhV_+3-VU58v8w@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/0yfzkJgeSQTQMp3CFg54kAm9mR8>
Subject: Re: [Json] [Technical Errata Reported] RFC8259 (7603)
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2023 06:32:38 -0000

On 14. Aug 2023, at 08:33, Tim Bray <tbray@textuality.com> wrote:
> 
> But in the real world JSON strings contain any old combination of Unicode code points, as described in the report.

Yep, and trailing commas, JavaScript comments, map entries with duplicate keys with a specific assumption which entry will win (e.g., as a replacement for the lack of comments in JSON), numbers that need to be interpreted differently (as of a different type) depending on whether they are using NR1 or NR2/3 format, and so on.

One of the good uses for having a specification of JSON, with all its known weaknesses, was that it could be used to discourage at least some of the most horrific misuse cases.  I don’t understand why, after 5.5 years of having a published Internet Standard, we would want to materially change this Internet Standard to the worse.  I also don’t understand why the errata process should be allowed to be used for that.

Grüße, Carsten

v2.23.0 | Report a Bug | By Email