Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03

Benjamin Kaduk <kaduk@mit.edu> Thu, 09 March 2017 05:54 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBDF2127ABE; Wed, 8 Mar 2017 21:54:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3jHOIdMARNR; Wed, 8 Mar 2017 21:54:09 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1FBA1297CB; Wed, 8 Mar 2017 21:53:54 -0800 (PST)
X-AuditID: 12074422-1a7ff70000001f4d-f9-58c0edf1de49
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 4C.84.08013.1FDE0C85; Thu, 9 Mar 2017 00:53:53 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v295rqUr019091; Thu, 9 Mar 2017 00:53:53 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v295rmPK016024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 9 Mar 2017 00:53:51 -0500
Date: Wed, 8 Mar 2017 23:53:48 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <20170309055348.GL30306@kduck.kaduk.org>
References: <20170308014823.GF30306@kduck.kaduk.org> <382aa5c8-c977-b24d-4d19-251257833b00@gmx.de> <456b4234-0d94-1033-507c-710878bb5159@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <456b4234-0d94-1033-507c-710878bb5159@gmx.de>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJIsWRmVeSWpSXmKPExsUixG6nrvvx7YEIg593rS1mPfvBaPFs43wW i3tzii02P3zDavFh4UMWB1aPDx/jPJYs+ckUwBTFZZOSmpNZllqkb5fAldH0r4W5oJ234uDV /UwNjPO5uhg5OSQETCR+z77D2sXIxSEk0MYk8e/Cb0YIZwOjxNo1M5ggnCtMErP/bmICaWER UJH49WgyK4jNBmQ3dF9mBrFFBLQkbt/bywhiMwtUSEw+sB3MFhZwleiYexusnhdo3Y7uDVAb pjBKfJ+4ngUiIShxcuYTFohmLYkb/14CLeMAsqUllv/jAAlzClhJTHr9B2yOqICyRMOMB8wT GAVmIemehaR7FkL3AkbmVYyyKblVurmJmTnFqcm6xcmJeXmpRbqmermZJXqpKaWbGMEh7KK0 g3HiP69DjAIcjEo8vALCByKEWBPLiitzDzFKcjApifIaBACF+JLyUyozEosz4otKc1KLDzFK cDArifDuugSU401JrKxKLcqHSUlzsCiJ84prNEYICaQnlqRmp6YWpBbBZGU4OJQkeJe9AWoU LEpNT61Iy8wpQUgzcXCCDOcBGh4DUsNbXJCYW5yZDpE/xagoJc67DiQhAJLIKM2D6wWlGIns /TWvGMWBXhHm/QpSxQNMT3Ddr4AGMwEN1nbdCzK4JBEhJdXA6CK2ffoffsUt9/cHnjPwT2Ox +7s+QjDNt//idxGJz8+FvEV+SzlrMyUp8oUdP/hT2+ays3F754ObKkvvMOd4KSr9NH23/Eax Y552Bf/La/bbfpvd/8Uc9Vevm3tewNcFFvN+/Jghwd3GK1geuyx/qbDBTL2Vi25IaLjfCpgd LDxfWMhVu3SvEktxRqKhFnNRcSIAVklLhwwDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/9CZ6jhIzWKAIbBIGpjUikmhdqxs>
Cc: draft-ietf-jsonbis-rfc7159bis.all@ietf.org, "json@ietf.org" <json@ietf.org>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 05:54:10 -0000

On Wed, Mar 08, 2017 at 08:47:24AM +0100, Julian Reschke wrote:
> On 2017-03-08 08:39, Julian Reschke wrote:
> > On 2017-03-08 02:48, Benjamin Kaduk wrote:
> >> I'm also concerned about the freewheeling use of Unicode.  While
> >> this document does discuss the potential encodings and lists UTF-8
> >> as the default (and most interoperable), I think it would benefit
> >> from a stricter warning that parties using JSON for communication
> >> must have some out-of-band way to agree on what encoding is to be
> >> used.  I would expect that this is usually going to be done by the
> >> protocol using JSON, but could see a place for the actual
> >> communicating peers to have out-of-band knowledge.  (An application
> >> having to guess what encoding is being used based on heuristics is a
> >> recipe for disaster.)
> >> ...
> >
> > AFAIU, there is no need for out-of-band knowledge (which would be very
> > bad). Recipients are supposed to inspect the payload and detect which of
> > the three encoding was used.
> >
> > That said, we probably should make that clearer.

If that's what's supposed to happen, it should probably be more
clear, yes.  (But aren't there texts that have valid interpretations
in multiple encodings?)


> >> ...
> >> I'm also rather curious about the claim that no "charset" parameter
> >> is needed as it "really has no effect on compliant recipients".  Why
> >> is this not a good way to communicate whether UTF-8, UTF-16, or
> >> UTF-32 is in use for a given text?
> >> ...
> >
> > It might have been, but that's now how it is implemented.
> 
> s/now/not/

Alas.

Thanks for the insight.

-Ben