Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03

Julian Reschke <julian.reschke@gmx.de> Wed, 08 March 2017 07:47 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5EBB129613; Tue, 7 Mar 2017 23:47:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D2W-Ixh5_Csb; Tue, 7 Mar 2017 23:47:28 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C0C412896F; Tue, 7 Mar 2017 23:47:28 -0800 (PST)
Received: from [192.168.178.20] ([93.217.100.107]) by mail.gmx.com (mrgmx102 [212.227.17.168]) with ESMTPSA (Nemesis) id 0Ls7MZ-1cGtcJ1JNP-013vHb; Wed, 08 Mar 2017 08:47:24 +0100
To: Benjamin Kaduk <kaduk@mit.edu>, secdir@ietf.org, ietf@ietf.org, draft-ietf-jsonbis-rfc7159bis.all@ietf.org, "json@ietf.org" <json@ietf.org>
References: <20170308014823.GF30306@kduck.kaduk.org> <382aa5c8-c977-b24d-4d19-251257833b00@gmx.de>
From: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <456b4234-0d94-1033-507c-710878bb5159@gmx.de>
Date: Wed, 8 Mar 2017 08:47:24 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <382aa5c8-c977-b24d-4d19-251257833b00@gmx.de>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:8Oqw7wVY0/DD8a7XvzdcgSqIJ8e45LLLt/e4P6dikmvYOmslNGc 3c7YrlpPUwJgB2IdgdzoE0B8Jd6dITvwdbhueX/s/XsJoGSmoUMsb2jFWeW4wGNprm1Wy87 zzUKKIpDEbiPh18UHa+wZeyPZdyORwATSgjjs8UBVRW9DfFcppERh8WaiIweQVXTrn9uwd3 D/lKmFd4VF/WKXG2KS8lg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:l7kQeR809eg=:qNzJhp1XQQ8LmH98LXoIs+ znoQXUT7x2LkuuTduHNxzaWVLkpnp+msMWNtxIp3cJkw2UYTXn7z2P+rLD3zb4XhRGrWFw0YQ IdvEYIa6U7lHcvtvLi/BBeZQdje2CT/UXy1qWGrYa3zDzX+03904UNYjI5ls0c6Y7L7a/k10m BH32EFjtJbgEzQ1iv9Hg7lJOXhQvWhJ7qWgGK8ORl9i0hSCGoz1vqhjyqbcDUpxBTfziQn2Ro 5gGfhrqNNgDKBMUJcdQYDk4oIA2CSsODvhjg/JMa6/MM4Tkqjyf2P7qG66rf9VmrBUssVH9vT 5uESjzMgPiagzbi0z6yEA6rMj+fWmzE7///BpAHFvZVgATbMbJC2BQUTW42nIMpfLGhSgpYyO rrS7LeM3/G/0LvugipxEGqN2NtYN47Rt3oDg2O1n/9BKdkEZTuyOWY8x/jsWDtoN1qCA7Azbp jta20R7UVDUCuke9LQY1aLQtmuKjxgBD+4z72wJdSxTFcvKnp6BmYUYisfuHx2qoDpuXcylUc GqLUzh15GuV1/W5i808Wk2ukNo2mxjDaXfMjXp5n3XtXSH0s0Hk9dSyY0Pk4KJ6Ae6PdFflAj QxEq4tXzu3sOhdkMgzN7PUe850lzx2S3duzDBRIKL3rzcFELPFjoCdKsoYyRdipAjqEGqOoGz Uk8WKQfYpuX9APj45TJ6kQKmPVyXEiBGpvkTHw2djW4DRZ3tgGlKk0d+7ax/C77CfISu/PTAd fMvUn2oNaMtjs6ViAw8HivT370GLkIEttX3XA2WOcvGC8jt48quAZ8rVKCfaTmEY/5KwQMkn5 YJMSaBX
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/nQpUYSXO5wJbx8eiTVEalmHvciI>
Subject: Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 07:47:29 -0000

On 2017-03-08 08:39, Julian Reschke wrote:
> On 2017-03-08 02:48, Benjamin Kaduk wrote:
>> I'm also concerned about the freewheeling use of Unicode.  While
>> this document does discuss the potential encodings and lists UTF-8
>> as the default (and most interoperable), I think it would benefit
>> from a stricter warning that parties using JSON for communication
>> must have some out-of-band way to agree on what encoding is to be
>> used.  I would expect that this is usually going to be done by the
>> protocol using JSON, but could see a place for the actual
>> communicating peers to have out-of-band knowledge.  (An application
>> having to guess what encoding is being used based on heuristics is a
>> recipe for disaster.)
>> ...
>
> AFAIU, there is no need for out-of-band knowledge (which would be very
> bad). Recipients are supposed to inspect the payload and detect which of
> the three encoding was used.
>
> That said, we probably should make that clearer.
>
>> ...
>> I'm also rather curious about the claim that no "charset" parameter
>> is needed as it "really has no effect on compliant recipients".  Why
>> is this not a good way to communicate whether UTF-8, UTF-16, or
>> UTF-32 is in use for a given text?
>> ...
>
> It might have been, but that's now how it is implemented.

s/now/not/