Re: [Json] [Technical Errata Reported] RFC7493 (6861)
Tim Bray <tbray@textuality.com> Fri, 25 February 2022 15:48 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B3F63A08FD for <json@ietfa.amsl.com>; Fri, 25 Feb 2022 07:48:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4gQulCnE7Q4H for <json@ietfa.amsl.com>; Fri, 25 Feb 2022 07:47:58 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E883A0C41 for <json@ietf.org>; Fri, 25 Feb 2022 07:47:58 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id v28so7930665ljv.9 for <json@ietf.org>; Fri, 25 Feb 2022 07:47:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=H6KJ78iquBMpNS/n36GpvxpHk/FzK1ctnC+zQLOTPZ4=; b=IxmwTUEdEj/WZsvVK4M9rMgbtJeyOS1SgE8rTzfzFQQrBAUuYShxf0X3F3RMWW72rN lLY4NEaCIz01B8ISUKRucgswMgr4H7M1oMM0N+gCLh8ECehCwIhDy8lX1ATYFKwonk+j rNdjUtskuk0CZLtQbgeGFWSq3P/v2nou54bkfH7CnLjBScdip1pD8mD1SJ4pNSd9f2WP ibsmMq5SSnIO+W62aVMP0+/PKAzOAKMMOBZHYS/p2DwKcxpdUUh1T0odYjZwDc5nx9H1 ynrnf4/Ouy65SnYlV2xsgGSzNxb2r/zHWYm1saxeBuZC8rXwWvP5+xuvqWLYWxCxOVWV i6nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=H6KJ78iquBMpNS/n36GpvxpHk/FzK1ctnC+zQLOTPZ4=; b=WyqE202VEghaGhmmI3aKRBT8hMUmxIYn76CyXEX4iP/HvpVgkZXhW0H4JBJ+aQ+Gn4 Ov3fenvHOnAjNmKQEKWJ3cKQhmeDJFUmy90abyMNLsq6pI78nVH3lSivIGNcuGBLZKlj Dk0cCpuWVE9HMg3S+6sTHi2LJQVqPYsnKRL9bcupKT9h6jEgdd/cuh7zrCYwKQ2Blzjq lL3HUFW1yMCo576MUgT3FEh+atABhvehxjOe7gUwGygzx0j/ycTJXLYblOyNRj9NIHXN 3o53dmhKgVbzRG4xBSh2ikC8GjJMqoVcKj81WUnCTL3DB4+P6GR8+cdvLj08zB3Qvp5B u2IQ==
X-Gm-Message-State: AOAM531dpagMIJoss3V11BBpsFaGVSzCtq9L1sY5MDESVcU3WSfY48xM HRRsgwCDf2yYnfryI3WKa6x5ssNGAXdT/bxnz3X0Cw==
X-Google-Smtp-Source: ABdhPJzo3v1n9T9EX7BLnjhonLwGSKcoLbr5Jwdw53nyTUhNssMJXhzWAjQ5t5yfVR49eJyry7DnWDFCzheVI7XyDq4=
X-Received: by 2002:a2e:a4dc:0:b0:246:4205:98e7 with SMTP id p28-20020a2ea4dc000000b00246420598e7mr5502234ljm.55.1645804075756; Fri, 25 Feb 2022 07:47:55 -0800 (PST)
MIME-Version: 1.0
References: <20220225033322.ECC44289E1@rfc-editor.org> <CAHBU6iu7AdA8FQyCSOE5=-5wZJ590b0sYxmazFiTebDQUdUN9A@mail.gmail.com> <F6608CF3-AE49-4A0C-A222-1558A84C53A6@vpnc.org>
In-Reply-To: <F6608CF3-AE49-4A0C-A222-1558A84C53A6@vpnc.org>
From: Tim Bray <tbray@textuality.com>
Date: Fri, 25 Feb 2022 07:47:44 -0800
Message-ID: <CAHBU6itDUPOpUU6z9tqUEj4+S8=pXjXeTYHU73_frEM211=EOw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, "Matt Miller (mamille2)" <mamille2@cisco.com>, rfc7493-errata@chrismorgan.info, JSON WG <json@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004e45b405d8d99fee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/281qzY3rJ9iuo4CBqgCcK9Md6X8>
Subject: Re: [Json] [Technical Errata Reported] RFC7493 (6861)
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2022 15:48:13 -0000
Whereas you are correct in theory, I am nearly 100% sure that if anyone tried to interchange a JSON text consisting of a single string with an I-JSON capable parser, and that string contained broken surrogates, it would be rejected. Because every parser I have seen (and I've seen a lot) has a "readString()" routine that is used to process object members and array elements. It seems very unlikely to me that anyone would have spotted this goof in the spec and written a separate routine for this special case. Because that would be stupid. On Fri, Feb 25, 2022 at 7:36 AM Paul Hoffman <paul.hoffman@vpnc.org> wrote: > I note that accepting this erratum would be a technical change that would > affect interoperability. Without this erratum, a JSON text that is a single > JSON string (that is, it begins with a quotation mark) can include > surrogates and noncharacters. After this erratum is accepted, such texts > would be invalid. > > It would have been nice for us to have thought of this when we created > I-JSON: I would likely have supported the idea. However, errata are not > meant to make breaking technical changes to standards. Thus, I would say we > need to reject the erratum. > > --Paul Hoffman > > On 24 Feb 2022, at 21:13, Tim Bray wrote: > > I'm inclined to accept this one, can't disagree with the argument. > > On Thu, Feb 24, 2022 at 7:33 PM RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > >> The following errata report has been submitted for RFC7493, >> "The I-JSON Message Format". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6861 >> >> -------------------------------------- >> Type: Technical >> Reported by: Chris Morgan <rfc7493-errata@chrismorgan.info> >> >> Section: 2.1 >> >> Original Text >> ------------- >> Object member names, and string values in arrays and object members, >> MUST NOT include code points that identify Surrogates or >> Noncharacters as defined by [UNICODE]. >> >> Corrected Text >> -------------- >> Object member names, and string values, >> MUST NOT include code points that identify Surrogates or >> Noncharacters as defined by [UNICODE]. >> >> Notes >> ----- >> The expression “string values in arrays and object members” is overly >> qualified, excluding cases where the *entire message* is a string value, >> which should clearly be covered also. So the qualification “in arrays and >> object members” should be removed. >> >> Supporting citations: >> >> RFC 7493, section 2: “An I-JSON message is a JSON text, as defined by RFC >> 7159.” >> >> RFC 7159, section 2: “A JSON text is a serialized value. Note that >> certain previous specifications of JSON constrained a JSON text to be an >> object or an array. […]” >> >> RFC 7159, section 2: >> >> JSON-text = ws value ws >> >> RFC 7159, section 3: >> >> value = false / null / true / object / array / number / string >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC7493 (draft-ietf-json-i-json-06) >> -------------------------------------- >> Title : The I-JSON Message Format >> Publication Date : March 2015 >> Author(s) : T. Bray, Ed. >> Category : PROPOSED STANDARD >> Source : JavaScript Object Notation >> Area : Applications >> Stream : IETF >> Verifying Party : IESG >> >
- [Json] [Technical Errata Reported] RFC7493 (6861) RFC Errata System
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Tim Bray
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Paul Hoffman
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Tim Bray
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Paul Hoffman
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Chris Morgan
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Carsten Bormann
- Re: [Json] [Technical Errata Reported] RFC7493 (6… John Levine
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Mark Nottingham
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Rob Sayre
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Rob Sayre
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Carsten Bormann
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Mark Nottingham
- Re: [Json] [Technical Errata Reported] RFC7493 (6… Tim Bray