Re: [Json] The names within an object SHOULD be unique.
"Matt Miller (mamille2)" <mamille2@cisco.com> Fri, 07 June 2013 15:46 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA83E21F9346 for <json@ietfa.amsl.com>; Fri, 7 Jun 2013 08:46:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4v59CM04w20e for <json@ietfa.amsl.com>; Fri, 7 Jun 2013 08:46:44 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 3833C21F9485 for <json@ietf.org>; Fri, 7 Jun 2013 08:46:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8921; q=dns/txt; s=iport; t=1370620001; x=1371829601; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=A65Zox7mof/og9WOv61zzSDAx3lIGwZPpRnj49MwFHs=; b=QjwPvPHYWk7AzerEtFDQWhwDZn2QJL1TY0hAdGxFZz8Cc/zCGrHuQKHz 5mqsq9DDXbcbTtqfSDcRt4A+MMP1fzlCwHirVp/lJ7Vf5kxDOFGHTZK/x EgD29rWQbDrZJck8FcXb9FKOaf3KUSA1JUklLrTF/k0bTtEhesJ9+rxha 8=;
X-Files: smime.p7s : 4136
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhIFANj/sVGtJXG+/2dsb2JhbABZgwkwvnB/FnSCIwEBAQMBAQEBawsFCwIBCBgKJAIlCyUCBA4FCAaHeQYMvHYEjwcxB4J7YQOQAYEsl1WDD4FqJBk
X-IronPort-AV: E=Sophos; i="4.87,822,1363132800"; d="p7s'?scan'208"; a="220095142"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-5.cisco.com with ESMTP; 07 Jun 2013 15:46:40 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id r57FkdtN005694 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 7 Jun 2013 15:46:39 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.24]) by xhc-rcd-x05.cisco.com ([173.37.183.79]) with mapi id 14.02.0318.004; Fri, 7 Jun 2013 10:46:39 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Nico Williams <nico@cryptonector.com>
Thread-Topic: [Json] The names within an object SHOULD be unique.
Thread-Index: AQHOYhtyBSnxVkBEbkeV6bO5MJr11ZkpmAIAgAADZgCAAAG6gIABHt0A
Date: Fri, 07 Jun 2013 15:46:38 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED9411527FA59@xmb-aln-x11.cisco.com>
References: <51AF8479.5080002@crockford.com> <CAK3OfOgtYoPRZ-Gj5G8AnNipDyxYs=6_KD=rQTxKbhDPX6FZNA@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411527EF7B@xmb-aln-x11.cisco.com> <CAK3OfOhFpzWzdzdQ99O--daKUd4nSVRDWVU8EoyQou-S+CYn+A@mail.gmail.com>
In-Reply-To: <CAK3OfOhFpzWzdzdQ99O--daKUd4nSVRDWVU8EoyQou-S+CYn+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.129.24.59]
Content-Type: multipart/signed; boundary="Apple-Mail=_8A82AC51-F74F-4F32-A4DE-AC4A50EAA997"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Cc: Douglas Crockford <douglas@crockford.com>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] The names within an object SHOULD be unique.
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2013 15:46:49 -0000
Nico, would you clarify your proposal to indicate place or places in 4627bis-02 your text replace or append to? With regards to parsers types elsewhere in this, while I also think there might only be two, Paul does raise an interesting point about keeping the extra terms to a minimum. I think we can further refine the language as long as we're clear where and how this proposal fits. - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. On Jun 6, 2013, at 4:39 PM, Nico Williams <nico@cryptonector.com> wrote: > On Thu, Jun 6, 2013 at 5:33 PM, Matt Miller (mamille2) > <mamille2@cisco.com> wrote: >> On Jun 6, 2013, at 4:21 PM, Nico Williams <nico@cryptonector.com> >> wrote: >>> [...] >> >> Note that so far, the document uses the term "name", not "key". I think the following needs to substitute "key" with "name" to be consistent. > > Ah, sure. > >>> Encoders SHOULD NOT send duplicate keys. Some encoders might not >>> be able to prevent duplicate keys. Therefore parsers MUST be prepared >>> to handle duplicate keys. >>> >>> Stateful parsers MUST accept [use?] only the last of any set of >>> duplicate keys. >>> >> >> I think this still needs to allow for stateful parsers that reject duplicate keys (for which there are some). > > That's fair. > >> Maybe: >> >> #### >> >> Stateful parsers MAY reject duplicate names. However, if duplicate names are accepted, it MUST accept only the last value of any set of duplicate names. > > Sure. I think we should define terms like "stateful parser" and > "streaming parser". > >> #### >> >>> Some parsers might not be able to detect duplicate keys, much less >>> pick only the last of them. Here a "stateful parser" is one that >>> keeps on hand all of the values it decodes, as it decodes them. Note >>> that accepting duplicate keys presents potential security risks. Note >>> that sending duplicate keys risks data loss (that is, the loss of all >>> but the last of a duplicated key's values). >>> >> >> Can we describe a couple of specific security risks that are incurred? I think one would be something like overwriting of the original value by an attacker intercepting the exchange. > > I'm not concerned about MITMs and such. I'm concerned about attacks > where we have a validator of some sorts as a filter and then a final > consumer. The sender might send JSON that the validator accepts as > valid, that will be passed on to the final consumer, and where the > consumer will receive a different document (from it's p.o.v.) than the > validator saw. > > Nico > -- > _______________________________________________ > json mailing list > json@ietf.org > https://www.ietf.org/mailman/listinfo/json
- Re: [Json] The names within an object SHOULD be u… Eliot Lear
- Re: [Json] The names within an object SHOULD be u… Tim Bray
- [Json] The names within an object SHOULD be uniqu… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Markus Lanthaler
- Re: [Json] The names within an object SHOULD be u… Stephan Beal
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Markus Lanthaler
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Stephan Beal
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Joe Hildebrand (jhildebr)
- Re: [Json] The names within an object SHOULD be u… Tim Bray
- Re: [Json] The names within an object SHOULD be u… Matthew Morley
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… Joe Hildebrand (jhildebr)
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Joe Hildebrand (jhildebr)
- Re: [Json] The names within an object SHOULD be u… Bjoern Hoehrmann
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Tony Hansen
- Re: [Json] The names within an object SHOULD be u… Stephan Beal
- Re: [Json] The names within an object SHOULD be u… Paul Hoffman
- Re: [Json] The names within an object SHOULD be u… Stephan Beal
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Matthew Morley
- Re: [Json] The names within an object SHOULD be u… Markus Lanthaler
- Re: [Json] The names within an object SHOULD be u… Paul Hoffman
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… Pete Cordell
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Matt Miller (mamille2)
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Paul Hoffman
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Markus Lanthaler
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… R S
- Re: [Json] The names within an object SHOULD be u… Tim Bray
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Markus Lanthaler
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Stephen Dolan
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Paul Hoffman
- Re: [Json] The names within an object SHOULD be u… Matt Miller (mamille2)
- Re: [Json] The names within an object SHOULD be u… Allen Wirfs-Brock
- Re: [Json] The names within an object SHOULD be u… Allen Wirfs-Brock
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Allen Wirfs-Brock
- Re: [Json] The names within an object SHOULD be u… Douglas Crockford
- Re: [Json] The names within an object SHOULD be u… Jacob Davies
- Re: [Json] The names within an object SHOULD be u… Tim Bray
- Re: [Json] The names within an object SHOULD be u… Vinny A
- Re: [Json] The names within an object SHOULD be u… Allen Wirfs-Brock
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… R S
- Re: [Json] The names within an object SHOULD be u… Stephen Dolan
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Dean Landolt
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Marcos Caceres
- Re: [Json] The names within an object SHOULD be u… Stephen Dolan
- Re: [Json] The names within an object SHOULD be u… Paul Hoffman
- Re: [Json] The names within an object SHOULD be u… Stephen Dolan
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Stefan Drees
- Re: [Json] The names within an object SHOULD be u… Nico Williams
- Re: [Json] The names within an object SHOULD be u… Stephan Beal
- Re: [Json] The names within an object SHOULD be u… John Levine
- Re: [Json] The names within an object SHOULD be u… Stephen Dolan
- Re: [Json] The names within an object SHOULD be u… Jorge Chamorro
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Jorge Chamorro
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] The names within an object SHOULD be u… Jorge Chamorro
- Re: [Json] The names within an object SHOULD be u… Joe Hildebrand (jhildebr)
- Re: [Json] The names within an object SHOULD be u… John Cowan
- Re: [Json] fun with streaming, was The names with… John Levine
- Re: [Json] fun with streaming, was The names with… Tim Bray
- Re: [Json] fun with streaming, was The names with… Nico Williams
- Re: [Json] fun with streaming, was The names with… Stephan Beal
- Re: [Json] fun with streaming, was The names with… Tatu Saloranta
- Re: [Json] The names within an object SHOULD be u… Jorge Chamorro
- Re: [Json] The names within an object SHOULD be u… Tatu Saloranta
- Re: [Json] fun with streaming, was The names with… Jorge Chamorro
- Re: [Json] fun with streaming, was The names with… John R Levine
- Re: [Json] fun with streaming, was The names with… Vinny A
- Re: [Json] fun with streaming, was The names with… Joe Hildebrand (jhildebr)
- Re: [Json] fun with streaming, was The names with… Tatu Saloranta