IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-json-text-sequence-11

Carl Wallace <carl@redhoundsoftware.com> Tue, 16 December 2014 20:44 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 067151A87B8 for <secdir@ietfa.amsl.com>; Tue, 16 Dec 2014 12:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kBHPCsYoV10 for <secdir@ietfa.amsl.com>; Tue, 16 Dec 2014 12:44:13 -0800 (PST)
Received: from mail-qg0-f51.google.com (mail-qg0-f51.google.com [209.85.192.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE301A87A3 for <secdir@ietf.org>; Tue, 16 Dec 2014 12:44:13 -0800 (PST)
Received: by mail-qg0-f51.google.com with SMTP id e89so10628806qgf.24 for <secdir@ietf.org>; Tue, 16 Dec 2014 12:44:12 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=ico8deUiK2k0TK0LwpeGBtSpTQ5qwr7AKuxiu6x/zwA=; b=M8FERo0qDihCs5+XjfffmoR5FrpcURpGSMv8Sp/8C96VIzbdaBQVoCT5rT7c6WfLIn /6LGWB3h3AhKlEOPHfNU/xNE8N9m25OfsytIKlsl1Ep8h8cwMIc+eEATmTbPr++JcBDs fVzlCa3S+LZN8XqJ4UHkJLLR2d+4wxM7EL+eE9wZEiNtwUB4eUiDnamsQ+4D1kbriva9 YKRx3o6WMBCt1FSxkMpU3g+WCV2LVl9va6ZnAAHes6SJWgrB7QTP8Wex/zolUKBtEdwC DXzHJwdjWOsphl/rlm2C9jiZ6u+29Lm1CixWJDSfOIekx9Ci2sFQSdP2MhUSOwkyXXrR wNIA==
X-Gm-Message-State: ALoCoQmyNXQBk1EKbNStYHdix2/vZ0GP8zVSuWF6g2lH2jUnEQY5AdhdveVZytiwz55he64QVv92
X-Received: by 10.140.94.229 with SMTP id g92mr66700872qge.77.1418762652541; Tue, 16 Dec 2014 12:44:12 -0800 (PST)
Received: from [192.168.2.39] (pool-173-79-132-199.washdc.fios.verizon.net. [173.79.132.199]) by mx.google.com with ESMTPSA id t2sm1887282qae.6.2014.12.16.12.44.10 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 16 Dec 2014 12:44:11 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.4.3.140616
Date: Tue, 16 Dec 2014 15:44:05 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Nico Williams <nico@cryptonector.com>
Message-ID: <D0B5F9D2.29691%carl@redhoundsoftware.com>
Thread-Topic: [secdir] secdir review of draft-ietf-json-text-sequence-11
References: <D0B1EECD.29290%carl@redhoundsoftware.com> <20141216000109.GP3241@localhost> <D0B587AB.2948E%carl@redhoundsoftware.com> <20141216163238.GT3241@localhost> <D0B5C964.2954A%carl@redhoundsoftware.com> <20141216174829.GZ3241@localhost> <D0B5DC2E.295DB%carl@redhoundsoftware.com> <20141216193707.GE3241@localhost>
In-Reply-To: <20141216193707.GE3241@localhost>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/mDr1JBiTOd3gJZ6EvDPQVjNf3k0
Cc: draft-ietf-json-text-sequence@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-json-text-sequence-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2014 20:44:15 -0000

On 12/16/14, 2:37 PM, "Nico Williams" <nico@cryptonector.com> wrote:

><snip>
>Although such an encoder is not considered in the I-D, we could add some
>text about it.  I'd rather say: don't do that, always encode the JSON
>texts to encode the JSON text sequence.
>><snip>>Of course a properly functioning encoder on a properly function
>>system
>> >is in a position to terminate each element.  How can this be in doubt?
>> 
>> The JSON text encoder may be on one system and the JSON text sequence
>> encoder may be on another system (one of the examples in the draft is
>>for
>> logs, so this must already be assumed as possible). In the example
>>above,
>> if the text encoder fails after sending 123, the text sequence encoder
>> will add an <LF> and a decoder will not detect truncation. How can this
>>be
>> in doubt?
>
>It's not.  I just don't think one should encode JSON text sequences this
>way.  After lunch I'll propose text explicitly requiring sequence
>encoders to also invoke the JSON text encoder.

Most of the words in this now very long thread stem from this. I will wait
to review new text. I don’t think there is any lack of clarify on the
signature issue. Most of the remainder is related to the document’s
recognition of <RS>123<RS> as a detachable truncation problem but not
<RS>123<LF><RS> where the truncation occurred prior to invoking the
sequence encoder.

v2.23.0 | Report a Bug | By Email