IETF Logo Mail Archive

Re: [Json] The names within an object SHOULD be unique.

Stefan Drees <stefan@drees.name> Fri, 07 June 2013 15:38 UTC

Return-Path: <stefan@drees.name>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3834821F9703 for <json@ietfa.amsl.com>; Fri, 7 Jun 2013 08:38:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.181
X-Spam-Level:
X-Spam-Status: No, score=-2.181 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0kAIMzw+0lUo for <json@ietfa.amsl.com>; Fri, 7 Jun 2013 08:38:24 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.17.12]) by ietfa.amsl.com (Postfix) with ESMTP id DBE0321F9642 for <json@ietf.org>; Fri, 7 Jun 2013 08:38:23 -0700 (PDT)
Received: from newyork.local.box ([93.129.186.5]) by smtp.web.de (mrweb102) with ESMTPSA (Nemesis) id 0Ljrq1-1UDYrj2zAv-00bvLV; Fri, 07 Jun 2013 17:38:19 +0200
Message-ID: <51B1FE6A.80409@drees.name>
Date: Fri, 07 Jun 2013 17:38:18 +0200
From: Stefan Drees <stefan@drees.name>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Stephen Dolan <stephen.dolan@cl.cam.ac.uk>
References: <51AF8479.5080002@crockford.com> <CAK3OfOgtYoPRZ-Gj5G8AnNipDyxYs=6_KD=rQTxKbhDPX6FZNA@mail.gmail.com> <51b1168c.e686440a.5339.5fc4SMTPIN_ADDED_BROKEN@mx.google.com> <CAK3OfOhL3zXHfg9EEDWLXhjLQ1aBvvxikKAiR+nUpDHJaVh+Qg@mail.gmail.com> <51B1B47C.9060009@drees.name> <C86A9758-5BEF-415C-BD17-DC5E757FAA7E@yahoo.com> <51B1E909.2010402@drees.name> <CA+mHimN9=VZu4RRWcnk2F_uMi-+E-LDN2stb1MFNDP+o1R0WSg@mail.gmail.com>
In-Reply-To: <CA+mHimN9=VZu4RRWcnk2F_uMi-+E-LDN2stb1MFNDP+o1R0WSg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V02:K0:Dyxx+MMQXxtpk5M+m4g/jnFF7ribP0cFrgqMD8IqjkB gxInJBGDAEa3IvAWDvpTXCR0bEvBPLGd/weTuWWB+7BkAPO3zy 3N5+qBOmdTJFsZHYmW22ZvKBd4yc6SoOWnvogjdUq8armXwAp1 gYWI6y/X1bsFe5TlJnixyO9vfZInP6rjKdg99WL+ZtnJ7exPn1 wzxYtWGKOF0eX5aI/6ITw==
Cc: Vinny A <jsontest@yahoo.com>, Markus Lanthaler <markus.lanthaler@gmx.net>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] The names within an object SHOULD be unique.
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stefan@drees.name
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2013 15:38:41 -0000

On 2013-06-07 17:19, Stephen Dolan wrote:
> On Jun 7, 2013, at 5:22 AM, Stefan Drees ... wrote:
>>
>> Which b.t.w. I would certainly rewrite as:
>>
>> NEW
>> """
>> Generators SHOULD NOT duplicate names in objects. Parsers MUST be
>> prepared to either accept duplicate names in objects or reject the
>> complete JSON text containing these, as a generator might not avoid nor
>> detect such duplication.
>> """

Please note: The above proposal has already been split and updated upon 
request of "Vinny A" as the spec separates Parser and Generator sections.

> Regarding duplicate keys, the issue was raised before that having
> multiple valid interpretations of an input leads to security problems.
> Consider this document:
>
>      {"command": "no-op", "user": "untrustworthy-person", "command":
> "launch-missiles"}
>
> if submitted to a system which separates authorization from execution,
> where both use JSON implementations which differ in their
> interpretation of duplicate keys, this could end badly.
>
> There are some JSON implementations which preserve duplicate keys, and
> many which don't. However, I know of no implementation which
> interprets {"a":2, "a":1} as {"a":2} - the implementations I've seen
> keep either all or just the last entry. Codifying this behaviour in
> the RFC would help to prevent the security issue described above, so
> how about some text along the lines of:
>
>      If an object contains several key-value entries with the same key,
> a JSON parser MAY ignore all but the last of these entries. A JSON
> parser MUST NOT ignore the last such entry. ...

I do think, that forcing the consumer to "keep" the last parsed 
(whatever this means from the perspective of the source of the message) 
name as "the one" is **not** "good", nor "more secure" nor "doesn't 
break anything in the wild".

A "source of the message" shall indicate, that this is not a format 
concern, but one of the sender and receivers rules.
Say e.g. a program running on node A has a list of names and these have 
values attached. The names are not unique (thus a list ;-) if this 
program decides to send this information through a JSON data 
interchange, when selecting the JSON type object, it does so knowingly, 
that the order of members in a JSON object is undefined, so there is IMO 
no principal security dilemma in ordering, but in ambiguity of a message 
that would have better been build with a unique set of names from the start.

As has been noted in many differnt mails already here on this list, we 
have no time-machine and somehow have to deal with that :-)

All the best,
Stefan.

v2.23.0 | Report a Bug | By Email