Re: [Json] Counterproposal on work items

Mike Jones <> Wed, 20 February 2013 18:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7EF9021F88CF for <>; Wed, 20 Feb 2013 10:04:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.585
X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id k+fwPS-MfxDH for <>; Wed, 20 Feb 2013 10:04:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9D4E821F88A0 for <>; Wed, 20 Feb 2013 10:04:34 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.620.12; Wed, 20 Feb 2013 18:04:31 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.620.12 via Frontend Transport; Wed, 20 Feb 2013 18:04:31 +0000
Received: from ([]) by ([]) with mapi id 14.02.0318.003; Wed, 20 Feb 2013 18:03:58 +0000
From: Mike Jones <>
To: "Matt Miller (mamille2)" <>, "" <>
Thread-Topic: [Json] Counterproposal on work items
Thread-Index: AQHOD4+SPseM1SMZE0mkChl5mvoWOpiDAwWAgAABZYCAAASqUA==
Date: Wed, 20 Feb 2013 18:03:58 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(189002)(24454001)(13464002)(377454001)(51704002)(31966008)(5343655001)(54356001)(51856001)(23726001)(16406001)(79102001)(77982001)(56816002)(66066001)(59766001)(80022001)(5343635001)(33656001)(47976001)(561944001)(50986001)(49866001)(47736001)(65816001)(55846006)(50466001)(46406002)(20776003)(74662001)(53806001)(4396001)(46102001)(44976002)(54316002)(74502001)(47776003)(76482001)(56776001)(47446002)(63696002)(15202345001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB028;; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Forefront-PRVS: 07630F72AD
Subject: Re: [Json] Counterproposal on work items
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Feb 2013 18:04:35 -0000

The "SHOULD" versus "MUST" caused the JOSE specs to have to include this language in

   The Header Parameter Names within this object MUST be unique;
   JWSs with duplicate Header Parameter Names MUST be rejected.

Whereas, if we were referencing a RFC4627bis with the MUST, this language could be softened to be a caution about older JSON parsers, and probably moved to the Security Considerations section.

				-- Mike

-----Original Message-----
From: [] On Behalf Of Matt Miller (mamille2)
Sent: Wednesday, February 20, 2013 9:43 AM
Subject: Re: [Json] Counterproposal on work items

On Feb 20, 2013, at 10:38 AM, Paul Hoffman <> wrote:

> On Feb 20, 2013, at 9:27 AM, Tim Bray <> wrote:
>> My proposal is: do nothing.
>> I use JSON for protocol design and work all the time, and have not observed any interop problems in the wild which originate at the JSON parson or construction level.  I give the incoming text to the library and it Just Works or reliably reports a syntax botch.  I give my data structures to the JSON serializer and cheerfully send off whatever comes out. I read specs and build clients and servers and, when things break, it's because I'm stupidly using a bogus name or value in some field, not because of the serialization.
>> I suggest that there is not a problem here that needs the investment of precious IETF time.
> -1.
> There are places where RFC 4627 has SHOULDs where some processors do one thing and others do something different. That should be cleaned up in a standards-track RFC, and it should be done with lots of JSON developers and users having a discussion that comes to rough consensus.

Just to reinforce Paul's point; while things seem to more-or-less work out, there are serious questions occasionally asked about the appropriateness of JSON for use in security protocols given those differences.  It might seem like re-arranging the deck chairs, but that arrangement can be important for acceptance.

- m&m

Matt Miller < >
Cisco Systems, Inc.

json mailing list