[Json] [Technical Errata Reported] RFC7158 (3908)

RFC Errata System <rfc-editor@rfc-editor.org> Sun, 02 March 2014 20:46 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 418121A0ADC for <json@ietfa.amsl.com>; Sun, 2 Mar 2014 12:46:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tUdm4DHs-no2 for <json@ietfa.amsl.com>; Sun, 2 Mar 2014 12:46:52 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2607:f170:8000:1500::d3]) by ietfa.amsl.com (Postfix) with ESMTP id A32101A0AD3 for <json@ietf.org>; Sun, 2 Mar 2014 12:46:52 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 11C6D7FC2CB; Sun, 2 Mar 2014 12:46:50 -0800 (PST)
To: tbray@textuality.com, barryleiba@computer.org, presnick@qti.qualcomm.com, mamille2@cisco.com, paul.hoffman@vpnc.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20140302204650.11C6D7FC2CB@rfc-editor.org>
Date: Sun, 02 Mar 2014 12:46:50 -0800
Archived-At: http://mailarchive.ietf.org/arch/msg/json/v9TBotSR_7ocVgW60oOKgbud0do
Cc: rfc-editor@rfc-editor.org, rfc7158@schmorp.de, json@ietf.org
Subject: [Json] [Technical Errata Reported] RFC7158 (3908)
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 20:46:54 -0000

The following errata report has been submitted for RFC7158,
"The JavaScript Object Notation (JSON) Data Interchange Format".

You may review the report below and at:

Type: Technical
Reported by: Marc Lehmann <rfc7158@schmorp.de>

Section: Security con

Original Text

Corrected Text

This is a followup to my previous errata. I just wanted to note that this should also be discusssed in the security considerations.

Consider a protocol that would allow back-to-back json messages. For example, a banking protocol that accepted currency amounts.

A RFC7158 encoder could now encode the two separate amounts "1" and "999" and end up with the single amount "1999", which couldn't happen with the original JSON specification.

Since this affects existing protocols and could potentially result in serious misinterpretations, I think noting this in the security considerations sections would be prudent.

This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

RFC7158 (draft-ietf-json-rfc4627bis-10)
Title               : The JavaScript Object Notation (JSON) Data Interchange Format
Publication Date    : March 2014
Author(s)           : T. Bray, Ed.
Category            : PROPOSED STANDARD
Source              : JavaScript Object Notation
Area                : Applications
Stream              : IETF
Verifying Party     : IESG