IETF Logo Mail Archive

Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03 [rfc7159bis scope]

"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Thu, 16 March 2017 20:50 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13EDD129A73 for <json@ietfa.amsl.com>; Thu, 16 Mar 2017 13:50:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rbEkYt_TIF4V for <json@ietfa.amsl.com>; Thu, 16 Mar 2017 13:50:08 -0700 (PDT)
Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34A4E129A67 for <json@ietf.org>; Thu, 16 Mar 2017 13:50:08 -0700 (PDT)
Received: by mail-ot0-x241.google.com with SMTP id i1so9681946ota.3 for <json@ietf.org>; Thu, 16 Mar 2017 13:50:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=C3gyD4tjiD0GQZlwNsRmi+FnPWkVebl72LwuyAlPN9Q=; b=jAE1LTxcsL7byl6L+BeGDuDk5P5K9QLP5HzDrh905HcreHT6q8K3DPpnBymRCyvtI9 TANSaWsZEANo+uQjpESECn/p0F1aEyVGtgCF6ZtB+QNbb7s/V6kD5LGFhfu/mBcTMeMM jmRRVqBXDbJSLaabjcphQDSuFr3uZ3DNNkBgcKj0GgyJLaO3Y0MD/OxtIW9FFQs9AldD XwFtDJdrkuhK+94jWP1Hf1E0YBKvNI+aQOHfmZp5Ko4kuXpOKZ3gIdmKdPkO/XO2NanU dCLgMq8Sz80FzTnisOvOxRY3WslDbFacIOp1S/EdVCW+e+oGVR/H5f0ZZKLPp28ztKaL IyBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to; bh=C3gyD4tjiD0GQZlwNsRmi+FnPWkVebl72LwuyAlPN9Q=; b=GeE8cKmR+b0UXsPrjZ2b4gHjQZhgXYhRSm+CroEHt4n3zDBxpxoChrvnKSJW5VQiMW iykkFhgkRtkNKbg3Inf88m20QvUWFh5siu14mgS0+tc213wZ1ujm2Xk2/QKn0KcKKWcj 72aQzP2QGLjf1FGkGHH0cpaIvVHALpcIe36+y6NggjOaSzwuBCC6BI0aRMpL3MpBbut3 1JTGOxRllgI5nuHuc4PI1Yg+sKQ88v/NK+XvJdiJnmWs7KUwqAGQz4I5E8vSlgNU1RgV UgK8o9yRzsZYmQWXYxddLeNRTO15WEKpRtpI9jyxFnTCYmHqusUvDcPw5NYWzOKj9kO/ ua3g==
X-Gm-Message-State: AFeK/H3KoIs4G4Vd1by3QdZcxp23R7wJx2h46p4r0EsBi3F6Xc35zdBFG1U9dIY4PNNL3Q==
X-Received: by 10.157.26.78 with SMTP id u14mr5538061otu.72.1489697407607; Thu, 16 Mar 2017 13:50:07 -0700 (PDT)
Received: from [10.6.23.170] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id v21sm2548015ota.26.2017.03.16.13.50.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Mar 2017 13:50:06 -0700 (PDT)
Sender: Matthew Miller <linuxwolf@outer-planes.net>
To: Julian Reschke <julian.reschke@gmx.de>, John Cowan <cowan@ccil.org>
Cc: Peter Cordell <petejson@codalogic.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, draft-ietf-jsonbis-rfc7159bis.all@ietf.org, "json@ietf.org" <json@ietf.org>
References: <otwresf20y4vnpmoboqqjnux.1489359742487@email.android.com> <0d3258fa-0f9d-cc5d-06d7-fcba943349ad@gmx.de> <f63c6a4a-dfbb-e03a-ea1e-38002f81ced8@it.aoyama.ac.jp> <0631d12c-f447-8904-6e2d-81e02cc6e8d3@codalogic.com> <1e075450-d958-db9c-ae63-3cbf3733024c@outer-planes.net> <cf6e35ba-6a67-4b35-d4e1-e99fee6e9f19@gmx.de> <1F1D1DCB-767F-490D-A425-AB5E66D51D3E@tzi.org> <CAD2gp_R7raq0mzfhATTYONdowBm0HvVHFAqJqoVcLmYABrgPpA@mail.gmail.com> <c20a17b7-0329-db5b-0983-23ebe11720f2@codalogic.com> <1f87f5d4-cbb0-9350-2d08-31350fa7438d@gmx.de> <24d37dc6-eee2-5e0c-6d33-d3450750e886@codalogic.com> <d520cf1f-bafd-6f62-c46c-482ad3a01f20@gmx.de> <EAF23716-FC94-478C-ACCF-9ED58B8A0ADF@fastmail.fm> <2b6f5439-18d1-9b7b-97e9-c683187ce452@codalogic.com> <7aaceb7a-45e9-b330-beee-fb66f933b3c9@outer-planes.net> <CAD2gp_Q0tg8MBC31x3v7CqkHwxikr=UyU6rL02u8ksh4LaSk+Q@mail.gmail.com> <942f4af5-ddb9-ed39-0013-6b75c3a8078c@outer-planes.net> <e0d0fe23-1e24-3d2c-f12d-9389b82e0f2d@gmx.de>
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Message-ID: <f331771c-35eb-39a7-00ec-9277dc0d87a3@outer-planes.net>
Date: Thu, 16 Mar 2017 14:50:05 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.0
MIME-Version: 1.0
In-Reply-To: <e0d0fe23-1e24-3d2c-f12d-9389b82e0f2d@gmx.de>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="027arHhQ3HmGjtwx12RKua96RKjPl2TVT"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/dx3DFzDdwkNeY9HFSG1aV01fVYk>
Subject: Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03 [rfc7159bis scope]
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 20:50:09 -0000

On 17/03/16 14:39, Julian Reschke wrote:
> On 2017-03-16 21:25, Matthew A. Miller wrote:
>> ...
>> That said, I'm not quite sure about going that far.  The web certainly
>> uses UTF-8 and no other, but the scope is greater than that.  I would
>> suggest keeping much of Peter's original text, with a small change to
>> include the prohibition of encodings outside of UTF-8/-16/-32[1]:
>>
>>    JSON text SHOULD be encoded in UTF-8 [UNICODE] (Section 3), and MAY
>>    be encoded in UTF-16 or UTF-32.  JSON texts that are encoded in UTF-8
>>    are interoperable in the sense that they will be read successfully by
>>    the maximum number of implementations.
> 
> That's a normative change from RFC 7159, which, as you clarified below
> (thanks!), has a MUST-level requirement to use UTF-8/16/32.
> 
> So this change actually allows other encodings (SHOULD != SHALL or MUST)
> without actually specifying how to interop with these (lacking an
> encoding declaration).
> 
> So I'd say that's a non-starter.
> 
>>    There are many implementations that cannot successfully read texts
>>    in other encodings.  JSON text MAY be encoded in other encodings if
>>    the generator is sure that the intended parsers can read them.
> 
> We can't prevent people from doing this, but, FWIW, it shouldn't be ok
> to label these payloads "application/json".
> 
> Best regards, Julian
> 

[ /me continues with no hat ]

Then we're still at an impasse as far as multiple encodings go.  As I
personally see it, the only choices are:

1. Section 8.1 stays exactly as it is; or
2. Make the (normative) change to restrict the encoding to UTF-8 only.


- m&m

Matthew A. Miller

v2.23.0 | Report a Bug | By Email