Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03 [rfc7159bis scope]

"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Thu, 16 March 2017 20:25 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7D43129A62 for <json@ietfa.amsl.com>; Thu, 16 Mar 2017 13:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6j-bh4FqXAU for <json@ietfa.amsl.com>; Thu, 16 Mar 2017 13:25:27 -0700 (PDT)
Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C67129A57 for <json@ietf.org>; Thu, 16 Mar 2017 13:25:27 -0700 (PDT)
Received: by mail-ot0-x244.google.com with SMTP id a12so9624978ota.2 for <json@ietf.org>; Thu, 16 Mar 2017 13:25:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=wDF3iV2xjqiSJU3I36/YAMSxwcGxY7Cuy0sxa8EvXQA=; b=sKSiJ2CFESxDlEXbSpPAE1awSZW+TBXd7IYG9fGoGjCv6S8Mk0SuwcEvinpCHBJIi9 PaSSv8PAjbeFVAPhRpm4Mw7bPd1kn8rhE+P9fruSaq3yjVDiFG+y8xopaRBrEVMvKbi/ cOXZfx2aIZbtmcS08irtQRvSVi62d+F+w8TKY4fsj88DsJthSRcCh62n2BqpG2BQbz7a Q/m0wmkD9tshfZFsc0kld8yuaVjW1az++nBue+ZYD9uZMB0hOybvvGjOf845FLomDfe5 mNLEx8007FTulNTV1slkosDw3i+UXGkQzMzyvyBBL5MdahwFs/XC3RUWqYG1Czvoh+gC NCFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to; bh=wDF3iV2xjqiSJU3I36/YAMSxwcGxY7Cuy0sxa8EvXQA=; b=fPMLhPJ+dLdTGupwfSMwmdGt9J0jOMIib9M2uiV4f57ERqEoZGwSsbUrZccOCNcfMh T+pToUSW2W6qETfywX97FT4m4llRj/Gc4McAVXY+aRCDUawJEFPprrNuaEGxRdbzHFXF 96peA662rEc8FbGgpxUjzxbhJ3/laSaoFmqorpGEfTKbahKKHzHbWsnAbchZA2I8Ji+4 bv8y1PD2MXcjBwKLWeZbIpqFfTS3OPoAj331nmTy4AycFOrj3FerkMwsOEAaoIXzc7Qu 7gJ5m9VUvQ9LwGTPJZVx0eq/2rBNeLdLDXhezBGODDuT76iKavdtEzoIkB3al19KUijZ UnaA==
X-Gm-Message-State: AFeK/H2rXC0tPldPxhlZxKdK/ZgkADirKe0N6jttp5WiAFqVvR1XVmSaPvtn9h7woUwwLw==
X-Received: by 10.202.90.215 with SMTP id o206mr5836846oib.37.1489695926929; Thu, 16 Mar 2017 13:25:26 -0700 (PDT)
Received: from [10.6.23.170] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id v74sm2560468oie.3.2017.03.16.13.25.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Mar 2017 13:25:26 -0700 (PDT)
Sender: Matthew Miller <linuxwolf@outer-planes.net>
To: John Cowan <cowan@ccil.org>
Cc: Peter Cordell <petejson@codalogic.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, Julian Reschke <julian.reschke@gmx.de>, draft-ietf-jsonbis-rfc7159bis.all@ietf.org, "json@ietf.org" <json@ietf.org>
References: <otwresf20y4vnpmoboqqjnux.1489359742487@email.android.com> <0d3258fa-0f9d-cc5d-06d7-fcba943349ad@gmx.de> <f63c6a4a-dfbb-e03a-ea1e-38002f81ced8@it.aoyama.ac.jp> <0631d12c-f447-8904-6e2d-81e02cc6e8d3@codalogic.com> <1e075450-d958-db9c-ae63-3cbf3733024c@outer-planes.net> <cf6e35ba-6a67-4b35-d4e1-e99fee6e9f19@gmx.de> <1F1D1DCB-767F-490D-A425-AB5E66D51D3E@tzi.org> <CAD2gp_R7raq0mzfhATTYONdowBm0HvVHFAqJqoVcLmYABrgPpA@mail.gmail.com> <c20a17b7-0329-db5b-0983-23ebe11720f2@codalogic.com> <1f87f5d4-cbb0-9350-2d08-31350fa7438d@gmx.de> <24d37dc6-eee2-5e0c-6d33-d3450750e886@codalogic.com> <d520cf1f-bafd-6f62-c46c-482ad3a01f20@gmx.de> <EAF23716-FC94-478C-ACCF-9ED58B8A0ADF@fastmail.fm> <2b6f5439-18d1-9b7b-97e9-c683187ce452@codalogic.com> <7aaceb7a-45e9-b330-beee-fb66f933b3c9@outer-planes.net> <CAD2gp_Q0tg8MBC31x3v7CqkHwxikr=UyU6rL02u8ksh4LaSk+Q@mail.gmail.com>
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Message-ID: <942f4af5-ddb9-ed39-0013-6b75c3a8078c@outer-planes.net>
Date: Thu, 16 Mar 2017 14:25:24 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.0
MIME-Version: 1.0
In-Reply-To: <CAD2gp_Q0tg8MBC31x3v7CqkHwxikr=UyU6rL02u8ksh4LaSk+Q@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UrGKF8OVetQO1QV4LPgsiCx3k3xLE68w5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/mOJLpWqMmdxIJxxZl0M411c4l3U>
Subject: Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03 [rfc7159bis scope]
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 20:25:29 -0000

On 17/03/16 11:33, John Cowan wrote:
> 
> On Thu, Mar 16, 2017 at 11:18 AM, Matthew A. Miller
> <linuxwolf+ietf@outer-planes.net
> <mailto:linuxwolf+ietf@outer-planes.net>> wrote:
> 
>     While I am generally sympathetic to accommodation, I don't think there
>     is support in the working group for expanding the allowed encodings
>     beyond what RFC 7159 already stated.
> 
> 
> Indeed, I will now go further.  I am now in favor of saying "JSON SHALL
> be encoded in UTF-8", without further qualification.  This is what
> everybody actually does, and why shouldn't we say so?
> 

[ /me doffs hat ]

To keep the change from being too drastic, I think it necessary to leave
in the text forbidding a byte order mark.

For completeness, the complete text for 8.1 would be:

"""
   JSON text SHALL be encoded in UTF-8 [UNICODE] (Section 3).

   Implementations MUST NOT add a byte order mark to the beginning of a
   JSON text.  In the interests of interoperability, implementations
   that parse JSON texts MAY ignore the presence of a byte order mark
   rather than treating it as an error.
"""

That said, I'm not quite sure about going that far.  The web certainly
uses UTF-8 and no other, but the scope is greater than that.  I would
suggest keeping much of Peter's original text, with a small change to
include the prohibition of encodings outside of UTF-8/-16/-32[1]:

   JSON text SHOULD be encoded in UTF-8 [UNICODE] (Section 3), and MAY
   be encoded in UTF-16 or UTF-32.  JSON texts that are encoded in UTF-8
   are interoperable in the sense that they will be read successfully by
   the maximum number of implementations.

   There are many implementations that cannot successfully read texts
   in other encodings.  JSON text MAY be encoded in other encodings if
   the generator is sure that the intended parsers can read them.

   Implementations MUST NOT add a byte order mark to the beginning of a
   JSON text.  In the interests of interoperability, implementations
   that parse JSON texts MAY ignore the presence of a byte order mark
   rather than treating it as an error.



- m&m

Matthew A. Miller

[1] RFC 7159 used "SHALL", which RFC 2119 specifies the meaning to be
identical to "MUST".