IETF Logo Mail Archive

Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence

Tim Bray <tbray@textuality.com> Sat, 24 May 2014 18:11 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707F71A01DC for <json@ietfa.amsl.com>; Sat, 24 May 2014 11:11:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LhKi_YykxELF for <json@ietfa.amsl.com>; Sat, 24 May 2014 11:11:07 -0700 (PDT)
Received: from mail-vc0-f171.google.com (mail-vc0-f171.google.com [209.85.220.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44EBB1A0049 for <json@ietf.org>; Sat, 24 May 2014 11:11:07 -0700 (PDT)
Received: by mail-vc0-f171.google.com with SMTP id lc6so7597867vcb.2 for <json@ietf.org>; Sat, 24 May 2014 11:11:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=VX+8oy2OXF6ha2vZa1f01jDqM6ZgY9xEWFesHP3W9Eg=; b=mkSgLB3+BLd5h3qB9fh6Ttr255dOtQP92EKNLY9FO+ruc/et6m1FkHufwiYUFBjr0e axZgk3Iw9o2xYVUkoGI0dnEM+2ebjtq+LL1PMrihQlhV4/FOE/gri/3HU9kMMPNBBjmG CTiaVYmG3gIH6v/f8Atm0ecGuY1ALe4ZiM8TBWvb1gXEw9SAq0YJ7zvPsC9OrZ2GOEg5 xLMAwKdr/rsv6Dsu0c2MekkjOCQoEGDDE5hc1lCQOPNnCJy6WepFiPFC8goqkBu8DLYj KMmsCJLeHx7mByQy6UsqzDdZtN7P1CrKFrdau0D9oeh040pCr/S9zd/KCCJKL/58hZIj h5ag==
X-Gm-Message-State: ALoCoQnP/uXvULVDjJvqMOwTMHj0JHcjIzp3EXun6bAdF5UxaVtw5aGjnrSP8Mr1yTnuQFBM7szZ
X-Received: by 10.53.13.35 with SMTP id ev3mr8884000vdd.1.1400955064405; Sat, 24 May 2014 11:11:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.98.73 with HTTP; Sat, 24 May 2014 11:10:44 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <4E4FB86A-7DD7-462D-83F7-1FAFD947FF46@tzi.org>
References: <F6B74FE0-AEBE-43CC-BDE6-BA443BC04F2D@vpnc.org> <537EF070.6060503@it.aoyama.ac.jp> <4E4FB86A-7DD7-462D-83F7-1FAFD947FF46@tzi.org>
From: Tim Bray <tbray@textuality.com>
Date: Sat, 24 May 2014 13:10:44 -0500
Message-ID: <CAHBU6iuVT0YS1X-3wYnW18YzUj6dDteop6dufsXQc=wfRQaFMg@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Content-Type: multipart/alternative; boundary="001a1135ecdcf5e99104fa294480"
Archived-At: http://mailarchive.ietf.org/arch/msg/json/shUg0ydjNaHpE41Vgi2CyMXT4zg
Cc: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF JSON WG <json@ietf.org>
Subject: Re: [Json] Working Group Last Call on draft-ietf-json-text-sequence
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 May 2014 18:11:11 -0000

On reflection, I support Carsten’s option #1; choose a suitable delimiter
that can’t occur in UTF-8-encoded JSON.  It makes the syncing problem
vanish and removes worrying attack vectors.


On Sat, May 24, 2014 at 12:02 PM, Carsten Bormann <cabo@tzi.org> wrote:

> On 23 May 2014, at 08:53, Martin J. Dürst <duerst@it.aoyama.ac.jp> wrote:
>
> > it's not too difficult to parse the delimiters separately and only have
> the values parsed by a JSON parser
>
> Indeed.  I continue to believe that this is the only reasonable way to
> operate on sequences of JSON instances.
> Either
>
> 1) use a delimiter that cannot occur in JSON (staying in UTF-8 with ASCII
> control characters as in NUL, FF or RS; or breaking out of UTF-8 as in
> using 0xFF bytes);
> 2) use LF as the delimiter, and remove the LFs from the JSON instances.
>
> Using LFs as inter-stream delimiters, while also retaining their
> insignificant whitespace role within JSON instances, strikes me as the most
> complicated way to approach this problem.
> There may be practical reasons to use this most-complicated way, but it
> seems suboptimal to standardize on it.
>
> (I’m not a big fan of wrapping separate JSON instances in outermost JSON
> arrays for the kinds of applications addressed here.
> This can obviously already be used for those cases where it works (no need
> for concatenation, no need for resilience), but except in those cases where
> a combined JSON instance had been the right thing to use in the first
> place, it combines all the same problems of dual-use LFs with the need to
> add wrapping brackets.)
>
> Grüße, Carsten
>
> _______________________________________________
> json mailing list
> json@ietf.org
> https://www.ietf.org/mailman/listinfo/json
>



-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)

v2.23.0 | Report a Bug | By Email