IETF Logo Mail Archive

Re: [Json] Security Considerations

Peter brooks <peter.h.m.brooks@gmail.com> Sat, 08 June 2013 07:23 UTC

Return-Path: <peter.h.m.brooks@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DA021F995C for <json@ietfa.amsl.com>; Sat, 8 Jun 2013 00:23:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7yihtSSjYSR for <json@ietfa.amsl.com>; Sat, 8 Jun 2013 00:23:16 -0700 (PDT)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id E67F221F9640 for <json@ietf.org>; Sat, 8 Jun 2013 00:23:15 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id n57so3683615wev.28 for <json@ietf.org>; Sat, 08 Jun 2013 00:22:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; bh=gOj6iMY/rdb6eoofy/ymPfwycFjtnAd+ElChvJvRjpo=; b=maJs8S5J4vjaCH7XuPLHn+ZixhL8qLPtHh3lihgEGYnSxwKRo0cE3VhrWHJUDHSzSm uFOqYIuFnI2tucjJ21pvZ2t3klOSiqMxF6TZHsUmY6Jjpa7WTwMM9mwDijmEjYzTJ1BR xSxlwzFGBgBEkmDlS27xQLh3axawYumObT3W7+Uvx8bylpDba3mrEjeIXdUvCuv+xyrq UBBq7SLumsskfJbw30daytHCuMsRU5K3AlCdjLIc97bXYuBZPAwQPXrT2kKir3sACaco yYNy/ZyLS7zTwPwznfUepWJyxypweA1kJHzMPVFnFa8P4wAffqLN2kP2mpn87aj6/fta ka8Q==
X-Received: by 10.180.149.171 with SMTP id ub11mr510512wib.40.1370676170375; Sat, 08 Jun 2013 00:22:50 -0700 (PDT)
Received: from [41.4.127.1] ([41.1.33.4]) by mx.google.com with ESMTPSA id cw8sm996152wib.7.2013.06.08.00.22.29 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 08 Jun 2013 00:22:49 -0700 (PDT)
References: <51B0E02E.4070209@crockford.com> <1BD0044B-D7A6-4C7F-899E-5D3E72C62956@vpnc.org> <51B116FE.9050406@crockford.com> <CAFtB7BSvQi+1p7LYm1WT6Vd1EmLcTN1p8=dpYMOnzu0P4v8K2Q@mail.gmail.com> <20130608034016.GJ2528@mercury.ccil.org>
In-Reply-To: <20130608034016.GJ2528@mercury.ccil.org>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <BFC314C1-F4F1-428D-B2AB-A967BEC9F4F3@gmail.com>
X-Mailer: iPad Mail (10B329)
From: Peter brooks <peter.h.m.brooks@gmail.com>
Date: Sat, 08 Jun 2013 09:00:53 +0200
To: John Cowan <cowan@mercury.ccil.org>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, Douglas Crockford <douglas@crockford.com>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] Security Considerations
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2013 07:23:17 -0000

Sent from my iPad

On 8 Jun 2013, at 05:40, John Cowan <cowan@mercury.ccil.org> wrote:

> Peter Brooks scripsit:
> 
>> If JSON messages are exchanged in cleartext, that, itself, is
>> an indication that they are public and unimportant, so the risk, even
>> if they are intercepted and modified, is low.
> 
> Open text is not necessarily unimportant text.  Consider these email
> messages, which are sent en clair.
> 
I agree. This, though, is bad practice. Any responsible organisation ought to encrypt its sensitive information.

v2.23.0 | Report a Bug | By Email