IETF Logo Mail Archive

Re: [Json] [Technical Errata Reported] RFC7493 (6861)

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 25 February 2022 15:56 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2AD3A0B1C for <json@ietfa.amsl.com>; Fri, 25 Feb 2022 07:56:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQtYVHCazema for <json@ietfa.amsl.com>; Fri, 25 Feb 2022 07:56:17 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D43C3A0A6D for <json@ietf.org>; Fri, 25 Feb 2022 07:56:17 -0800 (PST)
Received: from [10.32.60.156] (76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id 21PFt3s9008365 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 25 Feb 2022 08:55:03 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70] claimed to be [10.32.60.156]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Tim Bray <tbray@textuality.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, rfc7493-errata@chrismorgan.info, JSON WG <json@ietf.org>
Date: Fri, 25 Feb 2022 07:56:07 -0800
X-Mailer: MailMate (1.14r5798)
Message-ID: <686AEC59-F051-49A2-A953-B26831E77C3D@vpnc.org>
In-Reply-To: <CAHBU6itDUPOpUU6z9tqUEj4+S8=pXjXeTYHU73_frEM211=EOw@mail.gmail.com>
References: <20220225033322.ECC44289E1@rfc-editor.org> <CAHBU6iu7AdA8FQyCSOE5=-5wZJ590b0sYxmazFiTebDQUdUN9A@mail.gmail.com> <F6608CF3-AE49-4A0C-A222-1558A84C53A6@vpnc.org> <CAHBU6itDUPOpUU6z9tqUEj4+S8=pXjXeTYHU73_frEM211=EOw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/Okd__iHTVXyP_gsWg-P6M99Pr5A>
Subject: Re: [Json] [Technical Errata Reported] RFC7493 (6861)
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2022 15:56:23 -0000

On 25 Feb 2022, at 7:47, Tim Bray wrote:

> Whereas you are correct in theory, I am nearly 100% sure that if 
> anyone
> tried to interchange a JSON text consisting of a single string with an
> I-JSON capable parser, and that string contained broken surrogates, it
> would be rejected. Because every parser I have seen (and I've seen a 
> lot)
> has a "readString()" routine that is used to process object members 
> and
> array elements.  It seems very unlikely to me that anyone would have
> spotted this goof in the spec and written a separate routine for this
> special case. Because that would be stupid.

I agree it would be stupid; it was also kinda stupid for us to have 
missed this in the creation of I-JSON. I am arguing agains the 
acceptance of this erratum from the standpoint of the long-established 
erratum rules, not from whether the proposed change is a good idea.

If you feel strongly enough about this, we could revise RFC 7493 (and 
deal with the other open erratum), and maybe try to get it to be an STD.

--Paul Hoffman

>
> On Fri, Feb 25, 2022 at 7:36 AM Paul Hoffman <paul.hoffman@vpnc.org> 
> wrote:
>
>> I note that accepting this erratum would be a technical change that 
>> would
>> affect interoperability. Without this erratum, a JSON text that is a 
>> single
>> JSON string (that is, it begins with a quotation mark) can include
>> surrogates and noncharacters. After this erratum is accepted, such 
>> texts
>> would be invalid.
>>
>> It would have been nice for us to have thought of this when we 
>> created
>> I-JSON: I would likely have supported the idea. However, errata are 
>> not
>> meant to make breaking technical changes to standards. Thus, I would 
>> say we
>> need to reject the erratum.
>>
>> --Paul Hoffman
>>
>> On 24 Feb 2022, at 21:13, Tim Bray wrote:
>>
>> I'm inclined to accept this one, can't disagree with the argument.
>>
>> On Thu, Feb 24, 2022 at 7:33 PM RFC Errata System <
>> rfc-editor@rfc-editor.org> wrote:
>>
>>> The following errata report has been submitted for RFC7493,
>>> "The I-JSON Message Format".
>>>
>>> --------------------------------------
>>> You may review the report below and at:
>>> https://www.rfc-editor.org/errata/eid6861
>>>
>>> --------------------------------------
>>> Type: Technical
>>> Reported by: Chris Morgan <rfc7493-errata@chrismorgan.info>
>>>
>>> Section: 2.1
>>>
>>> Original Text
>>> -------------
>>>    Object member names, and string values in arrays and object 
>>> members,
>>>    MUST NOT include code points that identify Surrogates or
>>>    Noncharacters as defined by [UNICODE].
>>>
>>> Corrected Text
>>> --------------
>>>    Object member names, and string values,
>>>    MUST NOT include code points that identify Surrogates or
>>>    Noncharacters as defined by [UNICODE].
>>>
>>> Notes
>>> -----
>>> The expression “string values in arrays and object members” is 
>>> overly
>>> qualified, excluding cases where the *entire message* is a string 
>>> value,
>>> which should clearly be covered also. So the qualification “in 
>>> arrays and
>>> object members” should be removed.
>>>
>>> Supporting citations:
>>>
>>> RFC 7493, section 2: “An I-JSON message is a JSON text, as defined 
>>> by RFC
>>> 7159.”
>>>
>>> RFC 7159, section 2: “A JSON text is a serialized value.  Note 
>>> that
>>> certain previous specifications of JSON constrained a JSON text to 
>>> be an
>>> object or an array. […]”
>>>
>>> RFC 7159, section 2:
>>>
>>>       JSON-text = ws value ws
>>>
>>> RFC 7159, section 3:
>>>
>>>       value = false / null / true / object / array / number / string
>>>
>>> Instructions:
>>> -------------
>>> This erratum is currently posted as "Reported". If necessary, please
>>> use "Reply All" to discuss whether it should be verified or
>>> rejected. When a decision is reached, the verifying party
>>> can log in to change the status and edit the report, if necessary.
>>>
>>> --------------------------------------
>>> RFC7493 (draft-ietf-json-i-json-06)
>>> --------------------------------------
>>> Title               : The I-JSON Message Format
>>> Publication Date    : March 2015
>>> Author(s)           : T. Bray, Ed.
>>> Category            : PROPOSED STANDARD
>>> Source              : JavaScript Object Notation
>>> Area                : Applications
>>> Stream              : IETF
>>> Verifying Party     : IESG
>>>
>>

v2.23.0 | Report a Bug | By Email