IETF Logo Mail Archive

Re: [Json] JSON Concluded? Well, maybe not

Richard Gibson <richard.gibson@gmail.com> Tue, 02 January 2018 16:33 UTC

Return-Path: <richard.gibson@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6401F12D77A for <json@ietfa.amsl.com>; Tue, 2 Jan 2018 08:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6C_26oBlHZT for <json@ietfa.amsl.com>; Tue, 2 Jan 2018 08:33:56 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71252124319 for <json@ietf.org>; Tue, 2 Jan 2018 08:33:56 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id 9so62032065wme.4 for <json@ietf.org>; Tue, 02 Jan 2018 08:33:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Y1VNWEspGLKUL83HuJ34/QINjTGhAwr1BAgpXW9FHRU=; b=VMMaHNsPFmOqzEDCYcIUccJ71NRj/XJnuA75wWduZOk8mNtxTdkstsjNMYXH4z16nY FjcNpxQTnwoiGkL4rX2PpGSuVhmO9Xb8dB5oTCaR1GPC9kSj+/xnWRnOh1NW0LVbRQgf XFYmBBtA1FobR2/P83uGLe8VtGj9IO0qfiUJZYD6bIgjECmMBU4UMu1bshQd3cw+7ktH tsAMYSaF09HU1Vy2Mu5yhDnwPw0aHLbAJAcaOkyIYTLYFIeRSHc3lPHKYLOTjFwskHTr udYIJYGBrGeOvJS7jo74JVABot5KyT5nUrhbQs4DkpM/ToN+IyepS57F0r+ErPrPgjZM xvLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Y1VNWEspGLKUL83HuJ34/QINjTGhAwr1BAgpXW9FHRU=; b=lXTMrv4xx277ZM/If0wrR/qYaU4BAlR8XrvVrnX8GETT7Z6uFuZEPi23Y2KzD1LGbC BfC9uqXV87DkcauFdPpyH2dJFpO4/CiN4rYFnUefFuvS84uop5vp50TMGULjg3fPGJEY mdObIRVHunGqNXplhY/wIcb0pQ4OiWXFxprXgN9z8+XlCV7B5MBTavFt/qOoNSi57zu5 tObKHugJjqS+i2yFKkX7wH+XQCVEuTGvNR3TeWiQ9a/nY6mi3+ZW+GTBVhmDtaqNe/qt Nlda/7rP5vbYeXAiOC0JdwncXP0yy8VJnKAajkyuvEywvGuZZhpi+Yh6MsWdJER8KRRx cxdA==
X-Gm-Message-State: AKGB3mLnktXMIZhN/cp5Spz/P7V/FORN3CC/jQ2bnVlXb5vHF1iLA6ap TqVDczsHLc6dENFk98JA9+G5/ogj4ckaq76Cxcw=
X-Google-Smtp-Source: ACJfBotRBvNy0x1TiXDwlxizEwP8V1DDuVfG+rPEBHKxigT0JA1vFQrl1uPrx7v9J+xZ83dcjVsMegW2VJduL6R2lBw=
X-Received: by 10.28.178.85 with SMTP id b82mr35728156wmf.47.1514910834994; Tue, 02 Jan 2018 08:33:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.160.189 with HTTP; Tue, 2 Jan 2018 08:33:54 -0800 (PST)
In-Reply-To: <cb1ce20d-67f0-f4f4-8077-57c3d3f232b7@gmail.com>
References: <13860352-ef8e-1d4b-2eff-27e275c25e3a@gmail.com> <CALH+fvqBGu0i=LcciYgOLSwbQJXfqgcXTdd=rxvfHfqiRyBj7g@mail.gmail.com> <CAHBU6itC+XAKhc_m_ywG5O2bpky9DnmzfiNVqP3WrxLaE7uenA@mail.gmail.com> <92077f95-5dd6-3f5b-4765-d14067f698ac@dret.net> <CADEL5zshRaHtVNAtNggwHaPKP9xWeePcBZcQc1EM8SEfUu41Uw@mail.gmail.com> <CALH+fvqkBkQCiXfx1cxXaX092sbW6fgUmUizXP1f=ScMZ3bBqQ@mail.gmail.com> <cb1ce20d-67f0-f4f4-8077-57c3d3f232b7@gmail.com>
From: Richard Gibson <richard.gibson@gmail.com>
Date: Tue, 02 Jan 2018 11:33:54 -0500
Message-ID: <CALH+fvqpaT0b8AfPigk93Fy5hhWFthiFJSfaMmkttpMgqiMvQw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: JSON WG <json@ietf.org>
Content-Type: multipart/alternative; boundary="001a11444aec2fb3de0561cdaaef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/IP46xA_5jqcdvLnVTJjobrQqg3c>
Subject: Re: [Json] JSON Concluded? Well, maybe not
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 16:33:58 -0000

On Mon, Jan 1, 2018 at 1:10 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> On 2018-01-01 00:39, Richard Gibson wrote:
>
>> On Sun, Dec 31, 2017 at 4:34 PM, Anders Rundgren <
>> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>
>> wrote:
>>
>>     For normalization it turns out that JSON.parse() and JSON.stringify()
>> as specified by ECMA and already supported by the most widely available
>> JSON tools is all you need!
>>
>>
>> That is definitely not true. A trivial counterexample:
>> https://jsbin.com/luyoveyuqu/edit?js,console,output
>>
>
> Right, JSON.stringify() doesn't not canonicalize but preserve property
> order [1] + normalize data which for "crypto-safe" JSON applications is
> entirely sufficient.
>

JSON.stringify assumes information that is explicitly not conveyed by JSON
(in which an object is "an unordered collection of zero or more name/value
pairs") [1], and both its number serialization [2] and string serialization
[3] specify aspects that harm compatibility (the former having arbitrary
value-dependent branches, the latter being capable of producing invalid
UTF-8 octet sequences that represent unpaired surrogate code
points—unacceptable for exchange outside of a closed ecosystem [4]). JSON
is a general language-agnostic interchange format, and ECMAScript
JSON.stringify is *not* a JSON canonicalization solution.

[1]: https://tools.ietf.org/html/rfc8259#section-1
[2]:
http://ecma-international.org/ecma-262/7.0/#sec-tostring-applied-to-the-number-type
[3]: http://ecma-international.org/ecma-262/7.0/#sec-quotejsonstring
[4]: https://tools.ietf.org/html/rfc8259#section-8.1

v2.23.0 | Report a Bug | By Email