Re: [Json] Proposed minimal change for duplicate names in objects

Tim Bray <tbray@textuality.com> Sun, 07 July 2013 01:44 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAA7F21F9D8E for <json@ietfa.amsl.com>; Sat, 6 Jul 2013 18:44:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.867
X-Spam-Level:
X-Spam-Status: No, score=-2.867 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blZZeh5IZnEU for <json@ietfa.amsl.com>; Sat, 6 Jul 2013 18:44:10 -0700 (PDT)
Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [209.85.220.176]) by ietfa.amsl.com (Postfix) with ESMTP id 160BA21F9C4D for <json@ietf.org>; Sat, 6 Jul 2013 18:44:09 -0700 (PDT)
Received: by mail-vc0-f176.google.com with SMTP id ha12so2503585vcb.35 for <json@ietf.org>; Sat, 06 Jul 2013 18:44:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=HpdZ4gDsO3sY9Yd1Q8n0y396xT/1nVEb6fz8A4Wwyk8=; b=mosCwdq0wVi4Ion6Fde3JkoprHB3w9c2zVmKmB9pPK0hxLet6IW7NpnZgBoRKLZa/b qJM8oe6mJr1UskLJnepnMzE9yqjH79+SVowtYInq0a0838BXD6svN3TLhjtDd3AS7bsx BJewtEG6pIJC94LNJbk7QSmE+TVWRUUeiFSEr7LIC1YJs/gwBTU0cbsXu2yNXvvga1zv jmez3+jdLxSrB0Kf6wAc8kz6UcpRJWfSuDZwHrWjZ/739Erietb69/ZlF3pOjOKhyroV bpiyoAVRau9WZDHUtS15wuQ3IQfghWEPHBPmfwdCaFYicpzrOK7zCg1yc26BTNad3T2L 1Tlw==
MIME-Version: 1.0
X-Received: by 10.221.64.18 with SMTP id xg18mr11000911vcb.57.1373161448109; Sat, 06 Jul 2013 18:44:08 -0700 (PDT)
Received: by 10.220.164.7 with HTTP; Sat, 6 Jul 2013 18:44:07 -0700 (PDT)
X-Originating-IP: [209.121.225.191]
In-Reply-To: <CAK3OfOiWrWCvNQneokyycV1Jb98M=UR-U7z0dhxUjzVdf+PwDw@mail.gmail.com>
References: <B86E1D4B-1DC8-4AD6-B8B3-E989599E0537@vpnc.org> <CAK3OfOj3MNNhjwo2bMa5CgoqynzMRVvviBXC8szxt5D17Z7FDg@mail.gmail.com> <51D3C63C.5030703@cisco.com> <51D48023.1020008@qti.qualcomm.com> <20130703201143.GL32044@mercury.ccil.org> <00cd01ce7a9f$19adeaa0$4d09bfe0$@augustcellars.com> <00d701ce7aa6$cc5fe700$651fb500$@augustcellars.com> <CAK3OfOiWrWCvNQneokyycV1Jb98M=UR-U7z0dhxUjzVdf+PwDw@mail.gmail.com>
Date: Sat, 6 Jul 2013 18:44:07 -0700
Message-ID: <CAHBU6itdi3B1rWv2TiOYhL1QuOVxrFKt7OTWRoG+6TgV8Bc_uw@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary=001a11331c08558aab04e0e21021
X-Gm-Message-State: ALoCoQleeLObqECdSewjUR8hx+rojHHafexGKn777dhBjV9mEnLgx+YR/MFQk5hw0tcG8cxMPBHF
Cc: Jim Schaad <ietf@augustcellars.com>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] Proposed minimal change for duplicate names in objects
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jul 2013 01:44:15 -0000

This feels like a no-brainer to me, but that’s probably because (as I’ve
said before) I’m an API guy, and the only use for JSON objects in my world
is to transfer a hash table or database record or whatever from here to
there, and there, and in such a situation dupes can never be useful or
intended and can only be a symptom of breakage (or, in the JOSE case, a
symptom of a malicious attack on my crypto).

-Tim


On Sat, Jul 6, 2013 at 6:20 PM, Nico Williams <nico@cryptonector.com> wrote:

> On Sat, Jul 6, 2013 at 7:13 PM, Jim Schaad <ietf@augustcellars.com> wrote:
> > Tim is not the only person saying this.  The JOSE working group has this
> as
> > a requirement to be enforced in the documents it is producing.
> > Specification that JOSE objects MUST fail validation if there are
> duplicate
> > names in an object.
>
> But does it follow (did you even mean to say) that since JOSE wants
> requirement X (no dup names here) JSON should have it itself?
>
> One might argue that otherwise JOSE implementations would have to use
> JSON parsers that implement JOSE's requirement even though JSON
> doesn't have the same requirement.  But then. JOSE implementations
> also could use streaming JSON parsers and check for dup names
> themselves.  So I don't think JOSE's requirement adds anything new to
> the discussion.
>
> We still need to decide (directly or indirectly) whether to impose dup
> name checking on all JSON parsers, even minimal-state streaming
> parsers, whether we want to impose a requirement on the parser and the
> application (so we need not mention streaming), or on the parser if
> it's not a streaming parser *and* the application if the parser is
> streaming.
>
> My view (for whatever it counts) is that we don't have consensus [yet]
> for imposing a requirement on parsers to reject objects with dup
> names.  We've had at least a number of examples of streaming parsers
> that cannot implement such a requirement -- the whole point of
> streaming being nullified by state-keeping requirements like this one.
>  So we'd have to explicitly decide that we don't want to allow minimal
> state streaming parsers.  Might as well call for consensus on that.
>
> Nico
> --
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json
>