[ogpx] Fwd: type-system : eliminate closing tags for collections in binary serialization?
Meadhbh Hamrick <ohmeadhbh@gmail.com> Mon, 29 March 2010 15:54 UTC
Return-Path: <ohmeadhbh@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F6CB3A6A74 for <ogpx@core3.amsl.com>; Mon, 29 Mar 2010 08:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7sQdabx7Fe24 for <ogpx@core3.amsl.com>; Mon, 29 Mar 2010 08:54:12 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by core3.amsl.com (Postfix) with ESMTP id A3A993A6891 for <ogpx@ietf.org>; Mon, 29 Mar 2010 08:54:12 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 9so293727qwb.31 for <ogpx@ietf.org>; Mon, 29 Mar 2010 08:54:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:received:message-id:subject:to:content-type :content-transfer-encoding; bh=7CbOpJWMjDB3ug6UBSjtjabq2TD8OOaTVUpkXT50Aqc=; b=r9F9lUP0UZyRJlk+eGTEj9USUUdUN1C/2qbY0Hq8E+SWOy9Nn3cYi39flKCOhI5uzM CyP43JNKn1F5RODCOu/HWMgUpqVc4V2As/1rF9F+3DFfE7QCT3XvaYbdppufMnLcvN7V Ua8TxeWq5a1oubCKM5PBCMpcM2RI64Kn2+DJA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=t9zF1n75rMlkrNWx//kor+qc1oGyXimgTc+RySBE0mwGWqhW8/CecsCLZvevWm9q60 HhQ7t/As2wwBOkqVE2h3Xj1QpQXibTkjCQ0NEfUe9xlRMzyz0mOrh6d1WEyhvoa54z7S +bTTockUR3cTAEKB0FjiJsT6TgKXSybfEmFEs=
MIME-Version: 1.0
Received: by 10.229.20.209 with HTTP; Mon, 29 Mar 2010 08:54:20 -0700 (PDT)
In-Reply-To: <b325928b1003290853y7d8b232dh164b50ea0e1e2ec0@mail.gmail.com>
References: <b325928b1003281034x68725d0h555d608e4c8a5d36@mail.gmail.com> <f72742de1003290839p1be7574by531112ec180beeed@mail.gmail.com> <b325928b1003290853y7d8b232dh164b50ea0e1e2ec0@mail.gmail.com>
From: Meadhbh Hamrick <ohmeadhbh@gmail.com>
Date: Mon, 29 Mar 2010 08:54:20 -0700
Received: by 10.229.10.132 with SMTP id p4mr1465095qcp.86.1269878080190; Mon, 29 Mar 2010 08:54:40 -0700 (PDT)
Message-ID: <b325928b1003290854x1acc3926jed5e400688e222d6@mail.gmail.com>
To: ogpx <ogpx@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [ogpx] Fwd: type-system : eliminate closing tags for collections in binary serialization?
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2010 15:54:14 -0000
this was supposed to go to the list as well. ---------- Forwarded message ---------- From: Meadhbh Hamrick <ohmeadhbh@gmail.com> Date: Mon, Mar 29, 2010 at 8:53 AM Subject: Re: [ogpx] type-system : eliminate closing tags for collections in binary serialization? To: Joshua Bell <josh@lindenlab.com> thx josh. and thx to peeps commenting on this thread. i had an intuitive sense that such constructions could potentially lead to vulnerabilities. seems like i'm not alone in that concern. i was also thinking that we should be as resilient as possible in the encoding, though there are some good arguments for barfing if you find a poorly formed binary serialization. what i had been thinking was you should try to recover as much information from a poorly formed message. but i'm thinking this is an error. messages _should_ be considered atomic. for instance: <llsd> <map> <key>action</key> <string>launch</string> <key>object</key> <string>high yield thermonuclear devices</string> <key>only-if</key <string>nuclear_launch_detected() == true</string> </map> </llsd> the intent of this highly contrived message is to launch a retaliatory strike should a missile launch be detected. but there's an error in the serialization of the third key; the closing element is incomplete. if we did as i had suggested, and attempted to recover as much data as possible from a message, we might have inadvertently launched the high yield thermonuclear devices. so yeah. let's barf if we get an improperly serialized message. this should probably go for all serializations as robert suggests. -cheers -meadhbh -- meadhbh hamrick * it's pronounced "maeve" @OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com On Mon, Mar 29, 2010 at 8:39 AM, Joshua Bell <josh@lindenlab.com> wrote: > FYI, I've rather experimentally created a ticket in the VWRAP trac for this: > http://trac.tools.ietf.org/wg/vwrap/trac/ticket/1 > A list of active tickets and links to RSS feeds (etc) can be found at: > http://trac.tools.ietf.org/wg/vwrap/trac/report/1 > > On Sun, Mar 28, 2010 at 10:34 AM, Meadhbh Hamrick <ohmeadhbh@gmail.com> > wrote: >> >> so... just an idea... >> >> the current type system draft, draft-hamrick-vwrap-type-system-00, >> requires that maps or arrays that are serialized using the binary >> serialization scheme have a closing tag in addition to an opening tag. >> for example, to serialize the map: >> >> { >> foo : string, >> bar : integer >> } >> >> you would use an opening tag of a left curly brace ('{') followed by a >> 32 bit count of the number of elements in the map, followed by the two >> elements, followed by a closing tag of a right curly brace. >> >> i have a vague concern that the closing tag is unneeded, may confuse >> implementers and could lead to security concerns (at worst) or generic >> errors (at best.) specifically, what happens when you don't have a >> closing tag following the last element in the collection? >> >> i don't think this is a "big deal," and we can certainly provide >> guidance for implementers with properly worded statements about how we >> think such situations should be handled. >> >> and i think that making this change would require both opensim and LL >> to modify their code, so i can totally understand if peeps would >> rather keep the closing tag for collections. >> >> but.. i think it would be a good idea to either a) eliminate the >> closing tags or b) add some guidance to implementers about handling >> encoding errors. i have a separate email coming up for guidance. >> >> so, assuming we wanted to eliminate closing tags, we might want to >> change section 4.3 to read thusly. >> >> 4.3. Binary Serialization >> >> The LLSD Binary Serialization is an encoding syntax appropriate for >> situations where high message entropy is required or limiting >> processing power for parsing messages is available. >> >> Encoding LLSD structured data using the binary serialization scheme >> involves generating tag, (optional) size values, and serialization of >> simple values. Composite types are serialized by iterating across >> all members of the collection, serializing each simple or composite >> member in turn. For each element in an >> LLSD structured data object, the following process is used to >> generate a binary output stream of serialized data: >> >> o A one octet type tag is emitted to the output stream. See the >> table below for tag octets. >> >> o If the size of the element being serialized is variable (as it >> will be for strings, URIs, arrays and maps), the size or length of >> the element is output to the stream as a network-order 32 bit >> value. Elements of types with fixed lengths such as undefined >> values, booleans, integers, reals, UUIDs and dates will not >> include size information in the output stream. >> >> o Finally, the binary representation of the element is appended to >> the output stream. >> >> Undefined Undefined values are serialized with a single exclamation >> point character ('!'). Undefined values append neither size >> information or data to the output stream. >> >> Boolean True values are serialized with a single '1' character. >> False values are serialized with a single '0' character. >> Booleans append neither size information or data to the output >> stream. >> >> Integer Integer values are serialized by emitting the 'i' character >> to the output stream followed by the four octets representing the >> integer's 32 bits in network order. >> >> Real Real values are serialized by emitting the 'r' character to the >> output stream followed by the eight octets representing the real >> value's 64 bits in network order. >> >> String String values are serialized by emitting the 's' character to >> the output stream followed by the string's length in octets >> represented as a network-order 32 bit integer, followed by the >> string's UTF-8 encoding. >> >> UUID UUID values are serialized by emitting the 'u' character to the >> output stream followed by the sixteen octets representing the >> UUID's 128 bits, with the most significant byte coming first. >> >> Date Date values are serialized by emitting the 'd' character to the >> output stream followed by the number of seconds since the start >> of the epoch, represented as a 64-bit real value. >> >> URI URI values are serialized by emitting the 'l' character to the >> output stream followed by the URI's length in octets represented >> as a network-order 32 bit integer, followed by the binary >> representation of the URI. >> >> Binary Binary values are serialized by emitting the 'b' character to >> the output stream followed by the binary array's length in octets >> represented as a network-order 32 bit integer, followed by the >> octets of the binary array. >> >> Array Arrays are serialized by emitting the left square bracket >> ('[') character, followed by the count of objects in the array >> represented as a network-order 32 bit integer, followed by each >> array element in order. Note that compliant implementations MUST >> preserve the order of array elements. >> >> Map Maps are serialized by emitting the left curly brace ('{') >> character, followed by the count of objects in the map >> represented as a network-order 32 bit integer, followed by each >> key-value element. Map keys are represented as strings except >> that they use the character 'k' instead of the character 's' as a >> tag. Note that preserving the order of maps is not REQUIRED. >> >> -cheers >> -meadhbh >> >> -- >> meadhbh hamrick * it's pronounced "maeve" >> @OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com >> _______________________________________________ >> ogpx mailing list (VWRAP working group) >> ogpx@ietf.org >> https://www.ietf.org/mailman/listinfo/ogpx > > > _______________________________________________ > ogpx mailing list (VWRAP working group) > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx > >
- [ogpx] type-system : eliminate closing tags for c… Meadhbh Hamrick
- Re: [ogpx] type-system : eliminate closing tags f… Robert G. Jakabosky
- Re: [ogpx] type-system : eliminate closing tags f… Han Sontse
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell
- Re: [ogpx] type-system : eliminate closing tags f… Robert G. Jakabosky
- Re: [ogpx] type-system : eliminate closing tags f… Dahlia Trimble
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell
- [ogpx] Fwd: type-system : eliminate closing tags … Meadhbh Hamrick
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell