Re: [Json] JSON Concluded? Well, maybe not
Richard Gibson <richard.gibson@gmail.com> Tue, 02 January 2018 16:33 UTC
Return-Path: <richard.gibson@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6401F12D77A for <json@ietfa.amsl.com>; Tue, 2 Jan 2018 08:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6C_26oBlHZT for <json@ietfa.amsl.com>; Tue, 2 Jan 2018 08:33:56 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71252124319 for <json@ietf.org>; Tue, 2 Jan 2018 08:33:56 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id 9so62032065wme.4 for <json@ietf.org>; Tue, 02 Jan 2018 08:33:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Y1VNWEspGLKUL83HuJ34/QINjTGhAwr1BAgpXW9FHRU=; b=VMMaHNsPFmOqzEDCYcIUccJ71NRj/XJnuA75wWduZOk8mNtxTdkstsjNMYXH4z16nY FjcNpxQTnwoiGkL4rX2PpGSuVhmO9Xb8dB5oTCaR1GPC9kSj+/xnWRnOh1NW0LVbRQgf XFYmBBtA1FobR2/P83uGLe8VtGj9IO0qfiUJZYD6bIgjECmMBU4UMu1bshQd3cw+7ktH tsAMYSaF09HU1Vy2Mu5yhDnwPw0aHLbAJAcaOkyIYTLYFIeRSHc3lPHKYLOTjFwskHTr udYIJYGBrGeOvJS7jo74JVABot5KyT5nUrhbQs4DkpM/ToN+IyepS57F0r+ErPrPgjZM xvLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Y1VNWEspGLKUL83HuJ34/QINjTGhAwr1BAgpXW9FHRU=; b=lXTMrv4xx277ZM/If0wrR/qYaU4BAlR8XrvVrnX8GETT7Z6uFuZEPi23Y2KzD1LGbC BfC9uqXV87DkcauFdPpyH2dJFpO4/CiN4rYFnUefFuvS84uop5vp50TMGULjg3fPGJEY mdObIRVHunGqNXplhY/wIcb0pQ4OiWXFxprXgN9z8+XlCV7B5MBTavFt/qOoNSi57zu5 tObKHugJjqS+i2yFKkX7wH+XQCVEuTGvNR3TeWiQ9a/nY6mi3+ZW+GTBVhmDtaqNe/qt Nlda/7rP5vbYeXAiOC0JdwncXP0yy8VJnKAajkyuvEywvGuZZhpi+Yh6MsWdJER8KRRx cxdA==
X-Gm-Message-State: AKGB3mLnktXMIZhN/cp5Spz/P7V/FORN3CC/jQ2bnVlXb5vHF1iLA6ap TqVDczsHLc6dENFk98JA9+G5/ogj4ckaq76Cxcw=
X-Google-Smtp-Source: ACJfBotRBvNy0x1TiXDwlxizEwP8V1DDuVfG+rPEBHKxigT0JA1vFQrl1uPrx7v9J+xZ83dcjVsMegW2VJduL6R2lBw=
X-Received: by 10.28.178.85 with SMTP id b82mr35728156wmf.47.1514910834994; Tue, 02 Jan 2018 08:33:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.160.189 with HTTP; Tue, 2 Jan 2018 08:33:54 -0800 (PST)
In-Reply-To: <cb1ce20d-67f0-f4f4-8077-57c3d3f232b7@gmail.com>
References: <13860352-ef8e-1d4b-2eff-27e275c25e3a@gmail.com> <CALH+fvqBGu0i=LcciYgOLSwbQJXfqgcXTdd=rxvfHfqiRyBj7g@mail.gmail.com> <CAHBU6itC+XAKhc_m_ywG5O2bpky9DnmzfiNVqP3WrxLaE7uenA@mail.gmail.com> <92077f95-5dd6-3f5b-4765-d14067f698ac@dret.net> <CADEL5zshRaHtVNAtNggwHaPKP9xWeePcBZcQc1EM8SEfUu41Uw@mail.gmail.com> <CALH+fvqkBkQCiXfx1cxXaX092sbW6fgUmUizXP1f=ScMZ3bBqQ@mail.gmail.com> <cb1ce20d-67f0-f4f4-8077-57c3d3f232b7@gmail.com>
From: Richard Gibson <richard.gibson@gmail.com>
Date: Tue, 02 Jan 2018 11:33:54 -0500
Message-ID: <CALH+fvqpaT0b8AfPigk93Fy5hhWFthiFJSfaMmkttpMgqiMvQw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: JSON WG <json@ietf.org>
Content-Type: multipart/alternative; boundary="001a11444aec2fb3de0561cdaaef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/IP46xA_5jqcdvLnVTJjobrQqg3c>
Subject: Re: [Json] JSON Concluded? Well, maybe not
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 16:33:58 -0000
On Mon, Jan 1, 2018 at 1:10 AM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > On 2018-01-01 00:39, Richard Gibson wrote: > >> On Sun, Dec 31, 2017 at 4:34 PM, Anders Rundgren < >> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> >> wrote: >> >> For normalization it turns out that JSON.parse() and JSON.stringify() >> as specified by ECMA and already supported by the most widely available >> JSON tools is all you need! >> >> >> That is definitely not true. A trivial counterexample: >> https://jsbin.com/luyoveyuqu/edit?js,console,output >> > > Right, JSON.stringify() doesn't not canonicalize but preserve property > order [1] + normalize data which for "crypto-safe" JSON applications is > entirely sufficient. > JSON.stringify assumes information that is explicitly not conveyed by JSON (in which an object is "an unordered collection of zero or more name/value pairs") [1], and both its number serialization [2] and string serialization [3] specify aspects that harm compatibility (the former having arbitrary value-dependent branches, the latter being capable of producing invalid UTF-8 octet sequences that represent unpaired surrogate code points—unacceptable for exchange outside of a closed ecosystem [4]). JSON is a general language-agnostic interchange format, and ECMAScript JSON.stringify is *not* a JSON canonicalization solution. [1]: https://tools.ietf.org/html/rfc8259#section-1 [2]: http://ecma-international.org/ecma-262/7.0/#sec-tostring-applied-to-the-number-type [3]: http://ecma-international.org/ecma-262/7.0/#sec-quotejsonstring [4]: https://tools.ietf.org/html/rfc8259#section-8.1
- [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Concluded? Well, maybe not Richard Gibson
- Re: [Json] JSON Concluded? Well, maybe not Tim Bray
- Re: [Json] JSON Concluded? Well, maybe not Phillip Hallam-Baker
- Re: [Json] JSON Concluded? Well, maybe not Erik Wilde
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Concluded? Well, maybe not Richard Gibson
- Re: [Json] JSON Concluded? Well, maybe not Phillip Hallam-Baker
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Concluded? Well, maybe not Phillip Hallam-Baker
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Schema (Was: JSON Concluded? Well… Pete Cordell
- Re: [Json] JSON Concluded? Well, maybe not Phillip Hallam-Baker
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Concluded? Well, maybe not Richard Gibson
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren
- Re: [Json] JSON Concluded? Well, maybe not Richard Gibson
- Re: [Json] JSON Concluded? Well, maybe not Anders Rundgren