Re: [ogpx] type-system : eliminate closing tags for collections in binary serialization?
Han Sontse <han.sontse.sl@gmail.com> Mon, 29 March 2010 05:22 UTC
Return-Path: <han.sontse.sl@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 494AC3A69EF for <ogpx@core3.amsl.com>; Sun, 28 Mar 2010 22:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBIT8aaVF3rY for <ogpx@core3.amsl.com>; Sun, 28 Mar 2010 22:22:42 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id B30933A699A for <ogpx@ietf.org>; Sun, 28 Mar 2010 22:18:11 -0700 (PDT)
Received: by pwi10 with SMTP id 10so6506946pwi.31 for <ogpx@ietf.org>; Sun, 28 Mar 2010 22:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:references:in-reply-to :mime-version:content-type:message-id:content-transfer-encoding:from :subject:date:to:x-mailer; bh=k+6p+GBqessCyJUQ/6TrcLTdHXdj36cvnGEuOYHgsMA=; b=VfbRMjO9l7NzAJFicyzFMir5lQrLMplw6kWBrKcO6V1SrHL9PUYkhteIk2gQ3u0U7I JbOh8OMzh4/+zix89MWAgAMCzdbexuawUnPH1yOTtz45WMV64uOHUVcCTIwg5+2DNxcf YuWXKHo3nN2vNoh0QGEzeACQjrAguQst5DTT0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=references:in-reply-to:mime-version:content-type:message-id :content-transfer-encoding:from:subject:date:to:x-mailer; b=r0gdm8Dgk8hzVRXJSXBe9hNhzWxiwcwWeK+RDCrVB4JxCVND78dqf3vL4epxyDu825 7bElNqGCpirgmxdiG3Y6T4408mmLjxdEUoD87lxDUfnuWKW5JTuRXOT9wg/qJCebRPha lnyy3ZsPS/LNNNw1VnVCrgNB+a+eohKvGoE8I=
Received: by 10.115.24.9 with SMTP id b9mr3868957waj.83.1269839885256; Sun, 28 Mar 2010 22:18:05 -0700 (PDT)
Received: from [192.168.1.40] ([98.125.230.118]) by mx.google.com with ESMTPS id 20sm3644926pzk.7.2010.03.28.22.18.04 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 28 Mar 2010 22:18:04 -0700 (PDT)
References: <b325928b1003281034x68725d0h555d608e4c8a5d36@mail.gmail.com> <201003282129.59068.bobby@sharedrealm.com>
In-Reply-To: <201003282129.59068.bobby@sharedrealm.com>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
Message-Id: <68104EE8-753D-4D6F-9FB1-CC9640C8BE91@gmail.com>
Content-Transfer-Encoding: quoted-printable
From: Han Sontse <han.sontse.sl@gmail.com>
Date: Sun, 28 Mar 2010 22:17:57 -0700
To: ogpx@ietf.org
X-Mailer: Apple Mail (2.1077)
Subject: Re: [ogpx] type-system : eliminate closing tags for collections in binary serialization?
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2010 05:23:49 -0000
My instinct is to have the closing tag AND the object count. And apply the rule that count MUST equal the enclosed objects. Having both is a basic sanity check on the content. Robert's comments earlier about potential to exploit the protocol are found first within the ambiguities of the specification. Being a little pedantic in the object structure is good for security and consistency. Some things should not be shortcut to save a few transmitted symbols. UDP wrappers are a good example why it's a bad idea. ~HS~ On Mar 28, 2010, at 9:29 PM, Robert G. Jakabosky wrote: > > I vote to remove the closing tags, since they are redundant. > > If the closing tags are kept in the spec, then they should only be used for > validation (i.e. the number of objects contained between the opening & > closing tag MUST match the "object count"). > > Also I vote that the spec require malformed binary/JSON/XML LLSD messages to > be rejected. This is very important for security reasons and it will make it > easier for new implementations to be made, since there will be less > convertion/corner case rules. > > On Sunday 28, Meadhbh Hamrick wrote: >> so... just an idea... >> >> the current type system draft, draft-hamrick-vwrap-type-system-00, >> requires that maps or arrays that are serialized using the binary >> serialization scheme have a closing tag in addition to an opening tag. >> for example, to serialize the map: >> >> { >> foo : string, >> bar : integer >> } >> >> you would use an opening tag of a left curly brace ('{') followed by a >> 32 bit count of the number of elements in the map, followed by the two >> elements, followed by a closing tag of a right curly brace. >> >> i have a vague concern that the closing tag is unneeded, may confuse >> implementers and could lead to security concerns (at worst) or generic >> errors (at best.) specifically, what happens when you don't have a >> closing tag following the last element in the collection? >> >> i don't think this is a "big deal," and we can certainly provide >> guidance for implementers with properly worded statements about how we >> think such situations should be handled. >> >> and i think that making this change would require both opensim and LL >> to modify their code, so i can totally understand if peeps would >> rather keep the closing tag for collections. >> >> but.. i think it would be a good idea to either a) eliminate the >> closing tags or b) add some guidance to implementers about handling >> encoding errors. i have a separate email coming up for guidance. >> >> so, assuming we wanted to eliminate closing tags, we might want to >> change section 4.3 to read thusly. >> >> 4.3. Binary Serialization >> >> The LLSD Binary Serialization is an encoding syntax appropriate for >> situations where high message entropy is required or limiting >> processing power for parsing messages is available. >> >> Encoding LLSD structured data using the binary serialization scheme >> involves generating tag, (optional) size values, and serialization of >> simple values. Composite types are serialized by iterating across >> all members of the collection, serializing each simple or composite >> member in turn. For each element in an >> LLSD structured data object, the following process is used to >> generate a binary output stream of serialized data: >> >> o A one octet type tag is emitted to the output stream. See the >> table below for tag octets. >> >> o If the size of the element being serialized is variable (as it >> will be for strings, URIs, arrays and maps), the size or length of >> the element is output to the stream as a network-order 32 bit >> value. Elements of types with fixed lengths such as undefined >> values, booleans, integers, reals, UUIDs and dates will not >> include size information in the output stream. >> >> o Finally, the binary representation of the element is appended to >> the output stream. >> >> Undefined Undefined values are serialized with a single exclamation >> point character ('!'). Undefined values append neither size >> information or data to the output stream. >> >> Boolean True values are serialized with a single '1' character. >> False values are serialized with a single '0' character. >> Booleans append neither size information or data to the output >> stream. >> >> Integer Integer values are serialized by emitting the 'i' character >> to the output stream followed by the four octets representing the >> integer's 32 bits in network order. >> >> Real Real values are serialized by emitting the 'r' character to the >> output stream followed by the eight octets representing the real >> value's 64 bits in network order. >> >> String String values are serialized by emitting the 's' character to >> the output stream followed by the string's length in octets >> represented as a network-order 32 bit integer, followed by the >> string's UTF-8 encoding. >> >> UUID UUID values are serialized by emitting the 'u' character to the >> output stream followed by the sixteen octets representing the >> UUID's 128 bits, with the most significant byte coming first. >> >> Date Date values are serialized by emitting the 'd' character to the >> output stream followed by the number of seconds since the start >> of the epoch, represented as a 64-bit real value. >> >> URI URI values are serialized by emitting the 'l' character to the >> output stream followed by the URI's length in octets represented >> as a network-order 32 bit integer, followed by the binary >> representation of the URI. >> >> Binary Binary values are serialized by emitting the 'b' character to >> the output stream followed by the binary array's length in octets >> represented as a network-order 32 bit integer, followed by the >> octets of the binary array. >> >> Array Arrays are serialized by emitting the left square bracket >> ('[') character, followed by the count of objects in the array >> represented as a network-order 32 bit integer, followed by each >> array element in order. Note that compliant implementations MUST >> preserve the order of array elements. >> >> Map Maps are serialized by emitting the left curly brace ('{') >> character, followed by the count of objects in the map >> represented as a network-order 32 bit integer, followed by each >> key-value element. Map keys are represented as strings except >> that they use the character 'k' instead of the character 's' as a >> tag. Note that preserving the order of maps is not REQUIRED. >> >> -cheers >> -meadhbh >> >> -- >> meadhbh hamrick * it's pronounced "maeve" >> @OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com >> _______________________________________________ >> ogpx mailing list (VWRAP working group) >> ogpx@ietf.org >> https://www.ietf.org/mailman/listinfo/ogpx > > > > -- > Robert G. Jakabosky > _______________________________________________ > ogpx mailing list (VWRAP working group) > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx
- [ogpx] type-system : eliminate closing tags for c… Meadhbh Hamrick
- Re: [ogpx] type-system : eliminate closing tags f… Robert G. Jakabosky
- Re: [ogpx] type-system : eliminate closing tags f… Han Sontse
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell
- Re: [ogpx] type-system : eliminate closing tags f… Robert G. Jakabosky
- Re: [ogpx] type-system : eliminate closing tags f… Dahlia Trimble
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell
- [ogpx] Fwd: type-system : eliminate closing tags … Meadhbh Hamrick
- Re: [ogpx] type-system : eliminate closing tags f… Joshua Bell