IETF Logo Mail Archive

Re: [Json] The names within an object SHOULD be unique.

Nico Williams <nico@cryptonector.com> Thu, 06 June 2013 22:47 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0359821F8528 for <json@ietfa.amsl.com>; Thu, 6 Jun 2013 15:47:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CiqbAOWifEML for <json@ietfa.amsl.com>; Thu, 6 Jun 2013 15:47:09 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2A221F8618 for <json@ietf.org>; Thu, 6 Jun 2013 15:47:09 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTP id D07FF1F0081 for <json@ietf.org>; Thu, 6 Jun 2013 15:46:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=3lbI8QJgZf3Zz12F1JQA KJI6DAk=; b=KP3AYEGEcQ2YPPGdMlLaZ/th02QViClL/jcAu/52+JdhEy6MqJlI hren8BwIRaRoBS4GABgl5Q/5Ge+la0/QfGJg0v0A+TWC0oGGtH0/ADzs5ID5N8hS v6J2T0GK7njlVqVEu7rhdq4tSNrLGNZBySito4TR2e06s7kfSVbuZOQ=
Received: from mail-wg0-f54.google.com (mail-wg0-f54.google.com [74.125.82.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTPSA id 754E01F0078 for <json@ietf.org>; Thu, 6 Jun 2013 15:46:57 -0700 (PDT)
Received: by mail-wg0-f54.google.com with SMTP id j13so2653976wgh.9 for <json@ietf.org>; Thu, 06 Jun 2013 15:46:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=A3EsmK/iF7AHpc9gA5s6xun57hJuD0AeWj/W/4QAPXc=; b=Ir/iXQrj8IYe+5LrZacMrSgWazTMsUFWDed0hssYSRdKdPErxe/uGgT/i/KI9VOMge HVuW4CqHdoYvENgBMWIE45J74NydytbCOJ21CfqFIIgNc5myQ1O5J9MYd45d5JMu8qai MknRQgXuQ/r9GORBV3slT5lwag9h1Ui4+zXmpzNOsmpbj0zGfaSw1Y5fVoXaB5gbwMC6 NYunqAt1KvlJJ1N2oImcd6UDNY+/clZCbyYXfgEFR61Yoscs0RYBCUijr+yFVvZywDNA C7KAmPrW4eNMrJbrdLyRfl+whJH3Vi7WH/5ZaKNA4Db5cegS/96eg/1YlOmwcRE/Kk+m mwGw==
MIME-Version: 1.0
X-Received: by 10.194.79.74 with SMTP id h10mr2433796wjx.84.1370558395911; Thu, 06 Jun 2013 15:39:55 -0700 (PDT)
Received: by 10.216.63.136 with HTTP; Thu, 6 Jun 2013 15:39:55 -0700 (PDT)
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED9411527EF7B@xmb-aln-x11.cisco.com>
References: <51AF8479.5080002@crockford.com> <CAK3OfOgtYoPRZ-Gj5G8AnNipDyxYs=6_KD=rQTxKbhDPX6FZNA@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411527EF7B@xmb-aln-x11.cisco.com>
Date: Thu, 06 Jun 2013 17:39:55 -0500
Message-ID: <CAK3OfOhFpzWzdzdQ99O--daKUd4nSVRDWVU8EoyQou-S+CYn+A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Cc: Douglas Crockford <douglas@crockford.com>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] The names within an object SHOULD be unique.
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2013 22:47:14 -0000

On Thu, Jun 6, 2013 at 5:33 PM, Matt Miller (mamille2)
<mamille2@cisco.com> wrote:
> On Jun 6, 2013, at 4:21 PM, Nico Williams <nico@cryptonector.com>
>  wrote:
>> [...]
>
> Note that so far, the document uses the term "name", not "key".  I think the following needs to substitute "key" with "name" to be consistent.

Ah, sure.

>>   Encoders SHOULD NOT send duplicate keys.  Some encoders might not
>> be able to prevent duplicate keys.  Therefore parsers MUST be prepared
>> to handle duplicate keys.
>>
>>   Stateful parsers MUST accept [use?] only the last of any set of
>> duplicate keys.
>>
>
> I think this still needs to allow for stateful parsers that reject duplicate keys (for which there are some).

That's fair.

> Maybe:
>
> ####
>
> Stateful parsers MAY reject duplicate names. However, if duplicate names are accepted, it MUST accept only the last value of any set of duplicate names.

Sure.  I think we should define terms like "stateful parser" and
"streaming parser".

> ####
>
>>   Some parsers might not be able to detect duplicate keys, much less
>> pick only the last of them.  Here a "stateful parser" is one that
>> keeps on hand all of the values it decodes, as it decodes them.  Note
>> that accepting duplicate keys presents potential security risks.  Note
>> that sending duplicate keys risks data loss (that is, the loss of all
>> but the last of a duplicated key's values).
>>
>
> Can we describe a couple of specific security risks that are incurred?  I think one would be something like overwriting of the original value by an attacker intercepting the exchange.

I'm not concerned about MITMs and such.  I'm concerned about attacks
where we have a validator of some sorts as a filter and then a final
consumer.  The sender might send JSON that the validator accepts as
valid, that will be passed on to the final consumer, and where the
consumer will receive a different document (from it's p.o.v.) than the
validator saw.

Nico
--

v2.23.0 | Report a Bug | By Email