IETF Logo Mail Archive

Re: [Json] JSON Concluded? Well, maybe not

Phillip Hallam-Baker <ietf@hallambaker.com> Sun, 31 December 2017 19:28 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167F9124BFA for <json@ietfa.amsl.com>; Sun, 31 Dec 2017 11:28:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bcsFH2z39T0u for <json@ietfa.amsl.com>; Sun, 31 Dec 2017 11:28:02 -0800 (PST)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5744E1200C5 for <json@ietf.org>; Sun, 31 Dec 2017 11:28:02 -0800 (PST)
Received: by mail-oi0-x230.google.com with SMTP id o64so31356761oia.9 for <json@ietf.org>; Sun, 31 Dec 2017 11:28:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=0nnf0T0s97KQ1IX8VHXiwKfdAnivzIEekK0xWQCUT4s=; b=IqH+k/jV+smf4zMZ96AfsA+050Twvcp7FOc36xd8iDYLtV+sRyIZbP7/uffCsnkMDR 2BrBkP91d3wzKkFg2Ru4BAWl3OZ90LlfbQbRy6ZKaNv3ayEesHNvfKSbabBoY1ZaGs8B z0+cX0RrbNGfzGIjRylnyX7ZsG3ObZP11vOvuxeBn3rqflwM9FiwO4XzGfKa9BVroIVK XaC75uzKjprczfIdNxLUyfap51/2eV4xU1PDximp24YIEDtnIDW36n31wOm7+MyEDUir 7JV/6J+p2kPeK31pXrc7hDZsrOJPJBVGkaAfIu/2SeFOKUWfLqlvqqYAvAI20aTg7nRO rSSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=0nnf0T0s97KQ1IX8VHXiwKfdAnivzIEekK0xWQCUT4s=; b=hxgcuggpuY8vhwYl4tNiHgGB6+Sk1V429B3sr8K9o8RkAyOcXoM9Ujmt+/XzGvEnNk obyclGDpBaDVhZI9LpxVzRd7061tVe7LR9qVUzb3npuxsJWBSD1WJNzRwHhNfORUH5vk E8U5V+DEqsgLm4qdauX4EH2fako5tNlMu2dpL4TvdhTBCAhI8BpqVUZ4Og6ENWFo4m+k oWWtgeRhp3O6NNzTSIbkE8pv94KakL0zeKNM+qhB9u5rcCgIhYncXfEjNjyT1S3tN+3k D0byKjIUSJ9KsvPNdLiy+LjN3mnyg4HWdC/T0+GaVqU/MMYEtldgyedGxBekxbRf8cmR INBw==
X-Gm-Message-State: AKGB3mIoDAo3JNYHztRvaMKyug2iC93q1unK6lNRovRROwsQEWsZ/LKp lW8I0quQDPilpbMS6u+fCz0S57g3UhjD5lAtgqM=
X-Google-Smtp-Source: ACJfBovifl4YUwSV+Z3har0xk9fABPKrimzlxfZbNO1ySXQw7Q7Ji5kgW6UGkdaedjxaxvu6t1YBLgHzUMwAd5n1bqQ=
X-Received: by 10.202.245.216 with SMTP id t207mr26710807oih.265.1514748481501; Sun, 31 Dec 2017 11:28:01 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.49.87 with HTTP; Sun, 31 Dec 2017 11:28:00 -0800 (PST)
In-Reply-To: <CAHBU6itC+XAKhc_m_ywG5O2bpky9DnmzfiNVqP3WrxLaE7uenA@mail.gmail.com>
References: <13860352-ef8e-1d4b-2eff-27e275c25e3a@gmail.com> <CALH+fvqBGu0i=LcciYgOLSwbQJXfqgcXTdd=rxvfHfqiRyBj7g@mail.gmail.com> <CAHBU6itC+XAKhc_m_ywG5O2bpky9DnmzfiNVqP3WrxLaE7uenA@mail.gmail.com>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
Date: Sun, 31 Dec 2017 14:28:00 -0500
X-Google-Sender-Auth: 1iRB9MQ2ejt8hvH70SV1hvTES7g
Message-ID: <CAMm+LwgikbQ3+1kDKORp28h1abXSvqyJFT=Y0JqEB8izO=g8Qw@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: Richard Gibson <richard.gibson@gmail.com>, "json@ietf.org" <json@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Content-Type: multipart/alternative; boundary="001a113df24829feb90561a7dd60"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/3hxIdm-_TirpIkCGItaKZsxzOnM>
Subject: Re: [Json] JSON Concluded? Well, maybe not
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Dec 2017 19:28:05 -0000

+1

As a practical matter, the group would need to recharter and what is
proposed is a completely different application and one that many folk,
myself included are skeptical of having been burned on it with XML
Signature.

While it is possible that XML Signature canonicalization is covfefe because
of the convoluted XML semantics, ASN.1 has reasonably precise semantics but
I have yet to find an actual use case for DER. Seriously, VeriSign signed
every certificate using BER for years until someone noticed.

The idea that you can take a signed object, parse it and then re-emit it
from the parsed object is not inherently flawed but I have yet to hear a
good reason to do this. It is one of those terrible ideas that people keep
insisting is 'essential' and cannot give a non referential reason for doing.

We did not do canonicalization in JOSE and not for lack of people
suggesting it.



On Sun, Dec 31, 2017 at 1:50 PM, Tim Bray <tbray@textuality.com> wrote:

> If I were going to make an argument for keeping the WG alive, it would
> require someone to get energized and submit an I-D for a plausible JSON
> schema system, or maybe even a much-needed formalization of JSONPath. We
> use JSONPath a lot at AWS.
>
> On Sun, Dec 31, 2017 at 10:43 AM, Richard Gibson <richard.gibson@gmail.com
> > wrote:
>
>> On the topic of JSON normalization, I believe that canonicaljson-spec
>> <http://gibson042.github.io/canonicaljson-spec/> covers all cases while
>> respecting prior art like https://tools.ietf.org/html/dr
>> aft-staykov-hu-json-canonical-form-00 and RFC 7638. I'd like to get it
>> published as an RFC to handle scenarios like those mentioned by Anders
>> Rundgren, but am not sure how to go about doing so. Is this a good place to
>> ask for assistance?
>>
>> On Sun, Dec 31, 2017 at 12:24 AM, Anders Rundgren <
>> anders.rundgren.net@gmail.com> wrote:
>>
>>> Congratulations everybody to the revised JSON RFC!
>>>
>>> Does this mean that JSON is "done" for good?
>>>
>>> Probably not because the concept I have mentioned from time to time, the
>>> ability adding a digital signature to a JSON object (in contrast to signing
>>> arbitrary Base64Url-encoded data), is still very much alive.  In fact,
>>> there is an I-D in preparation aiming at reducing the current proliferation
>>> of "DIY-standards" for dealing with this highly requested feature.  The
>>> only real challenge is agreeing on a suitable way "normalizing" JSON data
>>> during parsing and serialization.  Such a scheme will be like an extended
>>> version of I-JSON (RFC7493), potentially having an impact on "ordinary"
>>> uses of JSON as well.
>>>
>>> Happy New [and optionally signed] JSON Year
>>> Anders Rundgren
>>>
>>> _______________________________________________
>>> json mailing list
>>> json@ietf.org
>>> https://www.ietf.org/mailman/listinfo/json
>>>
>>
>>
>> _______________________________________________
>> json mailing list
>> json@ietf.org
>> https://www.ietf.org/mailman/listinfo/json
>>
>>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)
>
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json
>
>

v2.23.0 | Report a Bug | By Email