IETF Logo Mail Archive

Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence

R S <sayrer@gmail.com> Sat, 24 May 2014 21:38 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF5E1A0056 for <json@ietfa.amsl.com>; Sat, 24 May 2014 14:38:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fy01_cbSIbpA for <json@ietfa.amsl.com>; Sat, 24 May 2014 14:38:05 -0700 (PDT)
Received: from mail-qc0-x235.google.com (mail-qc0-x235.google.com [IPv6:2607:f8b0:400d:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 434BA1A0054 for <json@ietf.org>; Sat, 24 May 2014 14:38:05 -0700 (PDT)
Received: by mail-qc0-f181.google.com with SMTP id m20so10105267qcx.26 for <json@ietf.org>; Sat, 24 May 2014 14:38:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zngnXcYtyVPKV+jCrULobfuBf2m7hL5fE0w05drzxWM=; b=jygtARcnZ2oDAxgkv/AgWMgJyYoVWclYBvF/GYmtYykXR6W0enPEQwH1cj0462DgJv yR06x4i2A+ea4rVnrmEYqcHP+eOakxaRUdjONG/MpnJXhArVUPJNDOXHKQcJGOENeeEF 9EsWPnQwKOPU7qORz9XPZhRZWDBaNqKgc0bB4yjAn42pxuNHoxw2YFzrQxcl8PZK6QfE G4jU0nYY3+LLQILKpXv1ybLTiyCqwbBPkIerAHwZh436Yqx/dbrM00KFP08TjZfJVZ/Q HfDW7gQ/uXoCpzOnKj+YrpiI9yK1LrYQVAbjJye1fBKAqw5JdkYX7HAYwOVC085s+drA IBbg==
MIME-Version: 1.0
X-Received: by 10.140.40.180 with SMTP id x49mr18427419qgx.16.1400967482620; Sat, 24 May 2014 14:38:02 -0700 (PDT)
Received: by 10.140.16.165 with HTTP; Sat, 24 May 2014 14:38:02 -0700 (PDT)
In-Reply-To: <CAHBU6iuVT0YS1X-3wYnW18YzUj6dDteop6dufsXQc=wfRQaFMg@mail.gmail.com>
References: <F6B74FE0-AEBE-43CC-BDE6-BA443BC04F2D@vpnc.org> <537EF070.6060503@it.aoyama.ac.jp> <4E4FB86A-7DD7-462D-83F7-1FAFD947FF46@tzi.org> <CAHBU6iuVT0YS1X-3wYnW18YzUj6dDteop6dufsXQc=wfRQaFMg@mail.gmail.com>
Date: Sat, 24 May 2014 14:38:02 -0700
Message-ID: <CAChr6SwLXvw0g09eSHaF+8XvCxskdgNYHbHPC7Ew1Wb8EOTQKw@mail.gmail.com>
From: R S <sayrer@gmail.com>
To: Tim Bray <tbray@textuality.com>
Content-Type: multipart/alternative; boundary="001a11c1276624c26e04fa2c29ad"
Archived-At: http://mailarchive.ietf.org/arch/msg/json/Hy0Z8YiwhnG0FfQvNxqqJDrKd48
Cc: Carsten Bormann <cabo@tzi.org>, IETF JSON WG <json@ietf.org>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 May 2014 21:38:07 -0000

On Sat, May 24, 2014 at 11:10 AM, Tim Bray <tbray@textuality.com> wrote:

> On reflection, I support Carsten’s option #1; choose a suitable delimiter
> that can’t occur in UTF-8-encoded JSON.  It makes the syncing problem
> vanish and removes worrying attack vectors.
>

Option #1 has two options. I think breaking out of UTF-8 will cause more
problems than it solves, so using an ASCII control character is what I'd
do. It looks to me like this is what Record Separator was designed for. Why
not use it?

- Rob


On Sat, May 24, 2014 at 12:02 PM, Carsten Bormann <cabo@tzi.org> wrote:

> On 23 May 2014, at 08:53, Martin J. Dürst <duerst@it.aoyama.ac.jp> wrote:
>
> > it's not too difficult to parse the delimiters separately and only have
> the values parsed by a JSON parser
>
> Indeed.  I continue to believe that this is the only reasonable way to
> operate on sequences of JSON instances.
> Either
>
> 1) use a delimiter that cannot occur in JSON (staying in UTF-8 with ASCII
> control characters as in NUL, FF or RS; or breaking out of UTF-8 as in
> using 0xFF bytes);
> 2) use LF as the delimiter, and remove the LFs from the JSON instances.
>
> Using LFs as inter-stream delimiters, while also retaining their
> insignificant whitespace role within JSON instances, strikes me as the most
> complicated way to approach this problem.
> There may be practical reasons to use this most-complicated way, but it
> seems suboptimal to standardize on it.
>
> (I’m not a big fan of wrapping separate JSON instances in outermost JSON
> arrays for the kinds of applications addressed here.
> This can obviously already be used for those cases where it works (no need
> for concatenation, no need for resilience), but except in those cases where
> a combined JSON instance had been the right thing to use in the first
> place, it combines all the same problems of dual-use LFs with the need to
> add wrapping brackets.)
>
> Grüße, Carsten
>
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json
>



-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)

>
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json
>
>

v2.23.0 | Report a Bug | By Email