Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence
Nico Williams <nico@cryptonector.com> Fri, 23 May 2014 20:45 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4CCD1A0056 for <json@ietfa.amsl.com>; Fri, 23 May 2014 13:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZg6D5UWhQOF for <json@ietfa.amsl.com>; Fri, 23 May 2014 13:45:07 -0700 (PDT)
Received: from homiemail-a87.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id C0FF51A0052 for <json@ietf.org>; Fri, 23 May 2014 13:45:07 -0700 (PDT)
Received: from homiemail-a87.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTP id 2EC2E26C063 for <json@ietf.org>; Fri, 23 May 2014 13:45:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=l8jwG5osv8upKQrBnotD ne9EFXE=; b=D3hCW7nFfPDJw3zlLoNFc2g3Xj4hzY1Lk1viK/pVtACfiq4IP9eV BNR1MKmQ+VlJe9EjwzDc6m7WU6I+qsd8STBRugJNOIgytzbs6p5HkKKnhK172M2p xb/PNihALHQ01kMJTP09hQFZl6lbZjA6+szzFfT78xIFMFyDFZ6UlUo=
Received: from mail-we0-f175.google.com (mail-we0-f175.google.com [74.125.82.175]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTPSA id D3F0B26C05E for <json@ietf.org>; Fri, 23 May 2014 13:45:05 -0700 (PDT)
Received: by mail-we0-f175.google.com with SMTP id t61so5403354wes.34 for <json@ietf.org>; Fri, 23 May 2014 13:45:04 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.77.225 with SMTP id v1mr5366014wiw.5.1400877904474; Fri, 23 May 2014 13:45:04 -0700 (PDT)
Received: by 10.216.29.200 with HTTP; Fri, 23 May 2014 13:45:04 -0700 (PDT)
In-Reply-To: <CAHBU6it6agso2L8iFcsxCUWK36ccy8BYcXE+40DQhgXS5LuaKQ@mail.gmail.com>
References: <F6B74FE0-AEBE-43CC-BDE6-BA443BC04F2D@vpnc.org> <CAHBU6itW=UQq=w_wFwYJkZLT2GotUg_J1LGs-Fhcqg_vBd4+6A@mail.gmail.com> <20140523013240.GF15289@mercury.ccil.org> <CAK3OfOg088r=4VMv6PJxb97oJ6ctoUvwgkmGzi58ZkpisjoaoA@mail.gmail.com> <CAHBU6it6agso2L8iFcsxCUWK36ccy8BYcXE+40DQhgXS5LuaKQ@mail.gmail.com>
Date: Fri, 23 May 2014 15:45:04 -0500
Message-ID: <CAK3OfOj55J1xBGjp6X72zzEUj33k3cm-S+MNCvZ4GwJ_LtBDog@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Tim Bray <tbray@textuality.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/json/7kJ8Xd4DgEFiHAv_5LrHMWUPq6k
Cc: John Cowan <cowan@mercury.ccil.org>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF JSON WG <json@ietf.org>
Subject: Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 20:45:09 -0000
On Fri, May 23, 2014 at 12:02 PM, Tim Bray <tbray@textuality.com> wrote: > Clearly the current language is confusing readers of the spec. So I suggest > that you be careful to define specialized terms that you are going to use in > the spec. An even better solution would be to structure the spec to avoid > having to bring in this level of implementation idiosyncrasy. > > The more I think about the resync-after-error problem, the unhappier I get. > If the JSON texts in sequences were required to be JSON objects, and > required to start on new lines, this would be immensely easier for > implementors. That is not sufficient. Consider this text: { "foo": { "bar":"baz" } } Clearly looking only for LF '{' is insufficient. The text describes how to ensure that resynchronization can be done safely. First, it says that "writers SHOULD validate (parse) any untrusted JSON text inputs". Then it gives two methods that, together with validation, make resynchronization possible. One method is to remove all newlines from JSON texts (a trivial operation, see below) prior to writing them to the log file. Then the only boundary that matters is newlines, and that's very easy to search for reliably. The other method is to prefix every text with another text consisting of something like 'null' (or 'true', or any value which will by convention have no meaning other than as a resynchronization helper). Also a trivial operation. (Note that because newlines in strings must always be escaped, then only newlines interior to any JSON text are... superfluous whitespace that can be safely removed without having to parse and re-encode the JSON text.) Most attacks on loggers are easily thwarted by checking that any JSON text to be logged is valid. This leaves only one attack vector: forcing a write by the logger to fail after starting -- this is a non-trivial attack to mount, and it is trivially defeated by either removing internal newlines from texts prior to writing them, or by prefixing them with a meaningless-by-convention text (e.g., 'null'). Nico --
- [Json] Working Group Last Call on draft-ietf-json… Paul Hoffman
- Re: [Json] Working Group Last Call on draft-ietf-… Nico Williams
- Re: [Json] Working Group Last Call on draft-ietf-… Tim Bray
- Re: [Json] Working Group Last Call on draft-ietf-… John Cowan
- Re: [Json] Working Group Last Call on draft-ietf-… Martin J. Dürst
- Re: [Json] Working Group Last Call on draft-ietf-… Martin J. Dürst
- Re: [Json] Working Group Last Call on draft-ietf-… Nico Williams
- Re: [Json] Working Group Last Call on draft-ietf-… Tim Bray
- Re: [Json] Working Group Last Call on draft-ietf-… Nico Williams
- Re: [Json] Working Group Last Call on draft-ietf-… Paul Hoffman
- Re: [Json] Working Group Last Call on draft-ietf-… Carsten Bormann
- Re: [Json] Working Group Last Call on draft-ietf-… Tim Bray
- Re: [Json] Working Group Last Call on draft-ietf-… R S
- Re: [Json] Working Group Last Call on draft-ietf-… Nico Williams