IETF Logo Mail Archive

Re: [Json] JSON and int64s - any change in current best practice since I-JSON

Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 17 January 2024 05:24 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0B23C15198F for <json@ietfa.amsl.com>; Tue, 16 Jan 2024 21:24:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z1JZfcT6BGq9 for <json@ietfa.amsl.com>; Tue, 16 Jan 2024 21:24:07 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C660EC15198C for <json@ietf.org>; Tue, 16 Jan 2024 21:24:07 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-337c2f263a2so212756f8f.3 for <json@ietf.org>; Tue, 16 Jan 2024 21:24:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705469046; x=1706073846; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=8fYAV1HGf3P7fd8vF83lbABTWvajeAE3nIXAR0Iqw/0=; b=a71VqT0GMZUz7j/8KqHI3LRzMNB3CmRIThhXEZtjpK2qzhn9CEeamD8lXozlUUSZg3 cKTOpqK3NXSIZ6owHSaVOm8DKqij2YCLJ0cvMjjCx7/R5JQoPiCqwgjCBypPGCqJEX5c KC/NUUC6/JY0lGqF+R72QUqKrlDkXmctV6iCR+Vq1ei+NidlueeD7fwPlQZX1RocEuCD muUJ0x45wf7f40PM/UhPzbiAGLX5ggHhJCogbZIcyyhkulPgMJ4LxCKkUA/qJdzMWPCQ dFqbCSDOO8VomQWPlBgceM8R9r9JG5Wl2CPEpIsqhH4pnNQz0cnxillLVzKvjzgH7BQi /nww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705469046; x=1706073846; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8fYAV1HGf3P7fd8vF83lbABTWvajeAE3nIXAR0Iqw/0=; b=hE9kkhANwXo0Rydh8kvZnWTcdtfBO+yaLgEa88mqYQwD0kzOjQ7pioYqgrl0Rwlb8D +k4Y8So1Her7w66uo+/xKPFI5TrrFclshpH1MND+15BX/hiDLZv3bYg1J+Jb/L+Lc7kd jA9cBcTbIIbpMnOb9Uu9eOVER2JxqclwnpoYzvD5/6XDzPZgey5qCPiBCYqVLSqIkZrx XtDkBWYWCZSMFb3zmzSgCtidpVRnFcwSE2cWB5OpeO4UnE9+BaCciagYvVFheZrHuP87 L1xI1Lns7qKomkp2qFUdtU+MFaBWinah1jgZro5RiaCyS0psFtK/ul+DtGPMgyGUUfOF br3Q==
X-Gm-Message-State: AOJu0YwGkTE+Am7T1w1jNsmSqnvZnJ84R4YIaqatX/1MgmIoAOvC35/G 4HtU7PavXJFnk92/9GpXMmc=
X-Google-Smtp-Source: AGHT+IGckxTX3xqnDOy3w17j4JXZsnZ3CaIfEFqTp58+lldOfASIRd4l8bQtaHUJs3I2ncGItdi36Q==
X-Received: by 2002:a5d:5711:0:b0:337:bee6:904e with SMTP id a17-20020a5d5711000000b00337bee6904emr735620wrv.118.1705469045893; Tue, 16 Jan 2024 21:24:05 -0800 (PST)
Received: from ?IPV6:2a02:8429:707a:d601:9454:642d:6dd9:22ad? ([2a02:8429:707a:d601:9454:642d:6dd9:22ad]) by smtp.googlemail.com with ESMTPSA id d12-20020adfe88c000000b00337be3b02aasm700165wrm.100.2024.01.16.21.24.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 16 Jan 2024 21:24:05 -0800 (PST)
Message-ID: <4174b9f1-00c8-4bc8-ad5c-1142753907e3@gmail.com>
Date: Wed, 17 Jan 2024 06:24:02 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Rob Sayre <sayrer@gmail.com>, Tim Bray <tbray@textuality.com>
Cc: Carsten Bormann <cabo@tzi.org>, "json@ietf.org" <json@ietf.org>, Pete Cordell <petejson@codalogic.com>
References: <87527a42-aaac-4f39-b320-05f18a2808c1@codalogic.com> <C31BF4C8-9E6C-48F8-BF7B-D2C379273B3F@tzi.org> <CAHBU6it4SaLawSiBgK9ySkbxjtHE6CX-P3r=hzcVy4ksoQo-Cg@mail.gmail.com> <CAChr6SxHfLW-A1asAndKJz-AiyJv5QP18bi=_bNdKXw7zYHThw@mail.gmail.com> <CAChr6SweYdCWxSABZ7g20Zd-xBFzcK0Ritq53S7WtjSwc-vLmw@mail.gmail.com>
Content-Language: en-US
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <CAChr6SweYdCWxSABZ7g20Zd-xBFzcK0Ritq53S7WtjSwc-vLmw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/G499GYANRbIswut3p5P_HKOlWMM>
Subject: Re: [Json] JSON and int64s - any change in current best practice since I-JSON
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2024 05:24:12 -0000

On 2024-01-16 21:04, Rob Sayre wrote:
> To suggest a positive path forward:
> 
> https://es.discourse.group/t/cbor-js-and-the-cbor-object/1759 <https://es.discourse.group/t/cbor-js-and-the-cbor-object/1759>
> 
> That is the better fix in my opinion, because BigInts are not the only problem.

Indeed. If you want to "sign JSON" you will (using IETF standards) have wrap the JSON data in Base64Url.
By building on the CBOR Deterministic Encoding (CDE) standard in the workings (https://datatracker.ietf.org/doc/draft-ietf-cbor-cde/), you can sign serialized CBOR "as is".
You may try a signature scheme on-line which uses CDE: https://test.webpki.org/csf-lab

With the anticipated arrival of Post-Quantum Cryptography (PQC) requiring massive amounts of binary data, CBOR will prove to be a good choice.

Personally, I find the ability to represent CBOR as text as a complement to binary quite useful: https://cbor.me/.

Anders


> 
> JavaScript has precise number types now (Uint8Array etc etc), and CBOR can represent these well.
> 
> Browsers also have another serialization method called "Structured Clone", which does a lot more than JSON:
> https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm <https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm>
> 
> I mention this one to show that CBOR is totally tractable here.
> 
> People often try to adjust JSON or write schema systems to deal with these issues, but CBOR is a better way forward (imo) because it fixes many issues all at once.
> 
> thanks,
> Rob
> 
> 
> On Tue, Jan 16, 2024 at 9:09 AM Rob Sayre <sayrer@gmail.com <mailto:sayrer@gmail.com>> wrote:
> 
>     Hi,
> 
>     I had the same thought as Pete a while back, but found that JS engines actually bar you from encoding these as JSON:
> 
>      > let two_55th = BigInt(2) ** BigInt(55)
>      > two_55th
>     36028797018963968n
>      > JSON.stringify(two_55th)
>     VM189:1 Uncaught TypeError: Do not know how to serialize a BigInt
>          at JSON.stringify (<anonymous>)
>          at <anonymous>:1:6
> 
>     I can't find the reference for this one, but the reason they gave was that /adding/ support broke too much running code, even though it would be easy to add, since the second command there sure does stringify that number.
> 
>     I think the issue was that too many programs rely on JSON.parse returning a JavaScript Number type (distinct from BigInt), so you'll run into problems like this TypeError:
> 
>      > let my_plain_number = JSON.parse("42")
>      > my_plain_number
>     42
>      > my_plain_number + two_55th
>     VM429:1 Uncaught TypeError: Cannot mix BigInt and other types, use explicit conversions
>          at <anonymous>:1:17
> 
>     So, I-JSON remains correct.
> 
>     thanks,
>     Rob
> 
> 
>     On Tue, Jan 16, 2024 at 7:11 AM Tim Bray <tbray@textuality.com <mailto:tbray@textuality.com>> wrote:
> 
>         Carsten is right. You probably wouldn’t use JSON if you weren’t likely to be interchanging it with other parties over the network, other parties you don’t control.  For quite a while, it has been quite likely that the other parties use JavaScript, and the limits I-JSON places on numbers are a result of this fact. This fact isn’t going away AFAIK.
> 
>         On Jan 16, 2024 at 6:22:31 AM, Carsten Bormann <cabo@tzi.org <mailto:cabo@tzi.org>> wrote:
>>         Hi Pete,
>>
>>>         On 2024-01-16, at 14:46, Pete Cordell <petejson@codalogic.com <mailto:petejson@codalogic.com>> wrote:
>>>
>>>         Hi All,
>>>
>>>         In I-JSON it recommends encoding 64-bit values using a string because many parsers (in particular browsers) always represent numbers using floating point doubles.
>>
>>         (many parsers == JavaScript’s JSON.parse)
>>
>>>         We're over 8 years on from I-JSON and browsers now support things like BigInt.
>>
>>         I’d say the problem wasn’t so much the absence of BigInt, but the fact that JavaScript’s JSON.parse always parses JSON numbers as a JavaScript Number, which is exact only inside (-2**53, 2**53).
>>
>>>         Therefore, I'd be interested to hear if there is any community change of opinion on how 64-bit ints should be handled in JSON.
>>
>>         I think we’d first need wide support for a new equivalent to JSON.parse in JavaScript.
>>
>>         Grüße, Carsten
>>
>>         _______________________________________________
>>         json mailing list
>>         json@ietf.org <mailto:json@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/json <https://www.ietf.org/mailman/listinfo/json>
>         _______________________________________________
>         json mailing list
>         json@ietf.org <mailto:json@ietf.org>
>         https://www.ietf.org/mailman/listinfo/json <https://www.ietf.org/mailman/listinfo/json>
> 
> 
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json

v2.23.0 | Report a Bug | By Email