IETF Logo Mail Archive

Re: [secdir] [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 16 March 2017 12:19 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 979ED129471; Thu, 16 Mar 2017 05:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=Q82Sti7Z; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DzChXsvu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbcHSJjOkoZ3; Thu, 16 Mar 2017 05:18:58 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3442129456; Thu, 16 Mar 2017 05:18:57 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 4B47E20932; Thu, 16 Mar 2017 08:18:57 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute7.internal (MEProxy); Thu, 16 Mar 2017 08:18:57 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=qpjA8AxfsaCeZWbx1P RFHo+7D4Y=; b=Q82Sti7ZxyriBWyw6o9TivOR4zpadA+Y7JIO3U6ZG8zsCjTq4F gnyzhR8OVI+gzL/hKOV6yC5Wd+z96G+B0EGdgVqn1EBVXDH2TLqyGVfxxaldYf4D 3ZHaZ0IsrMuvdJdtTD+RWA51np5Tq5aioQjW23Xipytrvpf/FnPR+p0epwtYMTTR jPMNfMQzjYuRmKoScNEdA4X2g5qca/9XoqEBYD7LXRbqtOCGDrUQf11vaqeeIGNs uUaahbNC15AJ9w1brb0ZGsgZNbgttCIOC/sQ5ikL3pUaNQMGyuZ4Z4dyCxPHT94H UqufYH1/rXGsY45BAsoBRgUGrN5zi//fNE6w==
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=qpjA8AxfsaCeZWbx1PRFHo+7D4Y=; b=DzChXsvuewY7va6/FKyz7DgG CsYV1J4vrLAph3U/W+qU8uqQwCUjq+vmPfB3I75EZD2a7f7UeguUzFaHjk46MEMk 6TAoytqkApQVWyIsX0rh4j58WRWO8kDP3GtDKSu39h69serKegvp+1iz27FjGJeY Fs//dZeppp4QkxFWiHsHdElbYhjdSPN646Dc5UpNtTP71ayP1yiIuFk7lho+NQSg cYwTz5AOMazlwHyfRggDxLN7ZGqLY264S3wupBF2TjFEEKjRLxzHth0PXJ8zyyk0 3fheLZsbpRsE4yFxj6nrExQaR6Z7BRBDeJIneXtygb/Lg+kAW9IJiLLP52HrqQ==
X-ME-Sender: <xms:sYLKWAtlwoRzH-M3Q5awjvz4vSN5NVWmwOgpnRSy2Nr1fMRWetxcZg>
X-Sasl-enc: TC0jBlsX8n8Fnn38lv8TDxhH1i0CUJDSuFknC+/YAlUL 1489666736
Received: from [172.22.50.14] (unknown [62.232.206.186]) by mail.messagingengine.com (Postfix) with ESMTPA id E12A724591; Thu, 16 Mar 2017 08:18:56 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPad Mail (14A456)
In-Reply-To: <d520cf1f-bafd-6f62-c46c-482ad3a01f20@gmx.de>
Date: Thu, 16 Mar 2017 12:38:45 +0000
Cc: Peter Cordell <petejson@codalogic.com>, John Cowan <cowan@ccil.org>, Carsten Bormann <cabo@tzi.org>, draft-ietf-jsonbis-rfc7159bis.all@ietf.org, secdir@ietf.org, "json@ietf.org" <json@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EAF23716-FC94-478C-ACCF-9ED58B8A0ADF@fastmail.fm>
References: <otwresf20y4vnpmoboqqjnux.1489359742487@email.android.com> <0d3258fa-0f9d-cc5d-06d7-fcba943349ad@gmx.de> <f63c6a4a-dfbb-e03a-ea1e-38002f81ced8@it.aoyama.ac.jp> <0631d12c-f447-8904-6e2d-81e02cc6e8d3@codalogic.com> <1e075450-d958-db9c-ae63-3cbf3733024c@outer-planes.net> <cf6e35ba-6a67-4b35-d4e1-e99fee6e9f19@gmx.de> <1F1D1DCB-767F-490D-A425-AB5E66D51D3E@tzi.org> <CAD2gp_R7raq0mzfhATTYONdowBm0HvVHFAqJqoVcLmYABrgPpA@mail.gmail.com> <c20a17b7-0329-db5b-0983-23ebe11720f2@codalogic.com> <1f87f5d4-cbb0-9350-2d08-31350fa7438d@gmx.de> <24d37dc6-eee2-5e0c-6d33-d3450750e886@codalogic.com> <d520cf1f-bafd-6f62-c46c-482ad3a01f20@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3gZarmMJalbWKgNv9oEICDrrK8k>
Subject: Re: [secdir] [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 12:19:05 -0000

> On 16 Mar 2017, at 11:35, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
>> On 2017-03-16 12:23, Peter Cordell wrote:
>>> On 16/03/2017 10:49, Julian Reschke wrote:
>>>> On 2017-03-16 11:28, Peter Cordell wrote:
>>>> 
>>>> 8.1.  Character Encoding
>>>> 
>>>>   JSON text SHOULD be encoded in UTF-8 [UNICODE] (Section 3).  JSON
>>>>   texts that are encoded in UTF-8 are interoperable in the sense that
>>>>   they will be read successfully by the maximum number of
>>>>   implementations.
>>>> 
>>>>   There are many implementations that cannot successfully read texts
>>>>   in other encodings.  JSON text MAY be encoded in other encodings if
>>>>   the generator is sure that the intended parsers can read them.
>>>> 
>>>>   Implementations MUST NOT add a byte order mark to the beginning of a
>>>>   JSON text.  In the interests of interoperability, implementations
>>>>   that parse JSON texts MAY ignore the presence of a byte order mark
>>>>   rather than treating it as an error.
>>>> 
>>>> Are "generator" and "parser" the correct terms to use in this instance,
>>>> or does that functionality sit above the character encoding layer?
>>>> ...
>>> 
>>> Not convinced.
>>> 
>>> a) It's not constrained to UTF-8/16/32, so people might decide to
>>> support ISO-8859-1, or UTF-7-
>> 
>> Why is that a problem if the generator knows the parser can read it?  If
>> someone wants to use EBCDIC for whatever reason, are they not allowed to
>> call it JSON?
> 
> For application/json, it would violate a SHOULD-level requirement... <https://greenbytes.de/tech/webdav/rfc7159.html#rfc.section.8.1.p.1>:
> 
> "JSON text SHALL be encoded in UTF-8, UTF-16, or UTF-32. The default encoding is UTF-8, and JSON texts that are encoded in UTF-8 are interoperable in the sense that they will be read successfully by the maximum number of implementations; there are many implementations that cannot successfully read texts in other encodings (such as UTF-16 and UTF-32)."
> 
> So I agree it's technically allowed.

As this document is intended to be Internet Standard, it should strive to remove number of choices and generally non interoperable features. So listing the minimal list of allowed encodings in this document would be a good thing.

v2.23.0 | Report a Bug | By Email