Re: [Json] Proposed minimal change for duplicate names in objects

Nico Williams <> Sun, 07 July 2013 02:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 50ADE21F9DF0 for <>; Sat, 6 Jul 2013 19:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WzMsIPE4b2AB for <>; Sat, 6 Jul 2013 19:57:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5B4D421F9DCC for <>; Sat, 6 Jul 2013 19:57:54 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id E7903678058 for <>; Sat, 6 Jul 2013 19:57:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s=; bh=BHlVcdw5zrJg6d12j3Jnw8Qd6Sw=; b=lI9lH2eiohw CH1onGA9fVVInRx7MeVwd3th1JhebqM2quXXVe32vLtfSJCQ0ujBQ/+5PZnOxC9W JSOC/tPFL3touTq0CG6nXrjhlTxIWul8I3Ix1FWpluNrMsBUa3tkXgpOJ4pG2j09 acbCbz1L7xt3errBG6ty+FUosom1n1rs=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 9E26D678057 for <>; Sat, 6 Jul 2013 19:57:53 -0700 (PDT)
Received: by with SMTP id k10so3046809wiv.11 for <>; Sat, 06 Jul 2013 19:57:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=p+ZZCUFwMuSDeiNRMHtp5rbw11VVH6lxWqIM0nflyAY=; b=I+sC1ock9pPdN934pym8axZM0fmqs/KPpQNsyQSaPdwEiuylyafwTQciqNu5DSdcNQ hlpn9hEx9ZYRZ11Dug5aNCp/6e15CyxBoRLW8XPHeanLVBdo/ahLlqz3V6ELJiz4shEG UxDGqiul9qKHtib/rnwwev/GvMqNRY/EM9alOHrpemmpvJg+MPQFvqBN/kEd4VRBeuyw 55zMXoWgRznbS8RvbjTV5IkykQnzfeCS2vK7q7M21n6bavfRj4iBYppfiJxaXbTn2W0j LhDYSmHHyAFN4PjBniW84OpIJ0zGR7CPNq7T0LFYhGDda7vLr/tZQmvNrhE1HszjMPfW yw8Q==
MIME-Version: 1.0
X-Received: by with SMTP id j9mr9481429wja.11.1373165872139; Sat, 06 Jul 2013 19:57:52 -0700 (PDT)
Received: by with HTTP; Sat, 6 Jul 2013 19:57:52 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <00cd01ce7a9f$19adeaa0$4d09bfe0$> <00d701ce7aa6$cc5fe700$651fb500$> <> <>
Date: Sat, 6 Jul 2013 21:57:52 -0500
Message-ID: <>
From: Nico Williams <>
To: Tim Bray <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Jim Schaad <>, "" <>
Subject: Re: [Json] Proposed minimal change for duplicate names in objects
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Jul 2013 02:57:59 -0000

On Sat, Jul 6, 2013 at 8:44 PM, Tim Bray <> wrote:
> This feels like a no-brainer to me, but that’s probably because (as I’ve
> said before) I’m an API guy, and the only use for JSON objects in my world
> is to transfer a hash table or database record or whatever from here to
> there, and there, and in such a situation dupes can never be useful or
> intended and can only be a symptom of breakage (or, in the JOSE case, a
> symptom of a malicious attack on my crypto).

I agree.  As a security guy I would prefer if one way or another we
end up with no dup names, but as an "API guy" myself I think of the
streaming parsers (they offer an API after all).  Just say the magic
words: "to hell with minimal state streaming parsers" or perhaps
something to the effect that *some* component of a layered application
MUST reject objects with dup names.  It's either or.  Let's choose.

I'm happy with "some component of a layered application MUST reject
objects with duplicate names" -- I prefer this to the "no minimal
state streaming parsers" alternative.

I will assume that in general objects rarely have lots of names, so
that parsers need not keep that much state in order to check for dups.
 Requiring parsers to reject objects with dup names is my second