Re: [secdir] secdir review of draft-ietf-json-text-sequence-11

Nico Williams <> Wed, 17 December 2014 18:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B413A1A6FF9; Wed, 17 Dec 2014 10:55:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 22ZpWKTMavZt; Wed, 17 Dec 2014 10:55:30 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0A6081A1BBE; Wed, 17 Dec 2014 10:55:30 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id A0F1C76805C; Wed, 17 Dec 2014 10:55:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to;; bh=IzuTY1544Pk/Ln DQHPRFYHEuuBk=; b=jHapU2vp3COnmD3Rfg+EsiySpk+yZZ+tp2PNFJQKPYy7jb pVItMYBHNeSpE3IYFL3HFTDQ73wZJQzpBlY9WAmhq2kAwt683X/UYeBOfczSE4QN ajs5yyqcAKDPoWCB5aSx5KM1wtggpgzsCQDbN0CIAIU3QbL01IYT+0B0DrU2s=
Received: from localhost ( []) (Authenticated sender: by (Postfix) with ESMTPA id 3ED0E768057; Wed, 17 Dec 2014 10:55:29 -0800 (PST)
Date: Wed, 17 Dec 2014 12:55:28 -0600
From: Nico Williams <>
To: Carl Wallace <>
Message-ID: <20141217185523.GA3241@localhost>
References: <20141216000109.GP3241@localhost> <> <20141216163238.GT3241@localhost> <> <20141216174829.GZ3241@localhost> <> <20141216193707.GE3241@localhost> <> <20141216213533.GI3241@localhost> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [secdir] secdir review of draft-ietf-json-text-sequence-11
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Dec 2014 18:55:34 -0000

On Tue, Dec 16, 2014 at 09:13:55PM -0500, Carl Wallace wrote:
>                                          [...]. I still think the solution
> is to remove the delimiters added by the JSON text sequence encoder in the
> JSON text sequence decoder.  This seems cleaner to me.  It would probably
> require the encoder to reject inputs that have not been properly
> terminated or perhaps have a flag to auto-add <ws> to non-self-delimited
> top level values before adding the <LF> where such is safe to do.

Tolerating a missing LF seems like a fine thing to do if the top-level
value was nonetheless valid and delimited.

On the other hand it adds some ambiguity if some sequence parser
implementations can tolerate it and others can't.

For logging applications tolerating a missing LF seems like a desirable
thing to do, actually.  For non-logging applications not tolerating it
seems better.

Does requiring that the sequence parser strip the trailing LF
complicate the sequence parser ABNF?  I think the stripping of the
trailing LF simply can't be expressed in ABNF, only in prose.

I'll play with an implementation tonight and see what I think after I
re-write some code (jq, specifically).  It may well be that I like it
better your way.