Re: [Uta] back to smtp-sts-04

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 06 April 2017 14:12 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C449B128CDB for <uta@ietfa.amsl.com>; Thu, 6 Apr 2017 07:12:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3SmfQtbz5ll for <uta@ietfa.amsl.com>; Thu, 6 Apr 2017 07:11:59 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A77E1275AB for <uta@ietf.org>; Thu, 6 Apr 2017 07:11:53 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id CFA2A7A330A for <uta@ietf.org>; Thu, 6 Apr 2017 14:11:52 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <9402ac0a4990432f994656ddaf94b9e2@COPDCEX19.cable.comcast.com>
Date: Thu, 06 Apr 2017 10:11:51 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <CE55E42E-9845-46A6-B0AA-F56CE56F2936@dukhovni.org>
References: <52dde16a-a3bb-5844-7daa-a349def85049@wizmail.org> <80676A32-78CB-4FFA-AEE4-94DA95102B98@dukhovni.org> <a2a6e5f5-ff3b-272b-abda-b49fe23a485d@wizmail.org> <605FE793-3D82-4C4F-9F93-D50DF4320DF5@dukhovni.org> <9402ac0a4990432f994656ddaf94b9e2@COPDCEX19.cable.comcast.com>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/Ne6erbZO03B98uzohRq6sqvj0rI>
Subject: Re: [Uta] back to smtp-sts-04
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 14:12:02 -0000

> On Apr 6, 2017, at 9:17 AM, Brotman, Alexander <Alexander_Brotman@comcast.com> wrote:
> 
> With regard to the JSON policy (though that's STS, not TLSRPT).
> It's a small file, which given the JSON requirement, should
> be properly formatted.  I would think this should be relatively
> easy to parse with standard C string functions.

Here are the line counts for the "*.[ch]" files from what appears
to be a popular JSON parsing API for C:

$ git clone https://github.com/json-c/json-c.git
$ cd json-c
$ wc -l *.[ch] | sort -n
      11 strdup_compat.h
      19 json_inttypes.h
      20 json_c_version.c
      22 json_c_version.h
      25 random_seed.h
      26 libjson.c
      31 math_compat.h
      34 json.h
      35 bits.h
      45 vasprintf_compat.h
      55 json_object_private.h
      63 arraylist.h
      71 debug.h
      83 debug.c
      89 json_util.h
      91 json_visit.h
     114 printbuf.h
     115 json_pointer.h
     133 json_visit.c
     143 arraylist.c
     154 printbuf.c
     168 json_object_iterator.c
     208 json_tokener.h
     238 random_seed.c
     239 json_object_iterator.h
     326 json_pointer.c
     326 json_util.c
     366 linkhash.h
     690 linkhash.c
     901 json_object.h
     978 json_tokener.c
    1195 json_object.c
    7014 total

That does not jive with relatively easy to parse...

JSON supports comments, elements that are integers, strings,
arrays or associative arrays (nested JSON objects).  JSON
strings are UTF-8 and allow embedded NUL octets.

Your JSON reference is to the obsolete RFC4627, the non-obsolete
reference is RFC7159.

Speaking of the policy, what should be done if the HTTPS policy
contains multiple JSON objects, no JSON objects, or broken JSON?

Is there a size limit a parser can reasonably impose on the policy
data to avoid resource exhaustion parsing absurdly large JSON input?
Could we say for example that a valid STSv1 JSON object must fit in
16K bytes or 64K bytes?

How does a domain get rid of its STS policy?  I thought we had discussed
using "max_age = 0" for this, which after being in place long enough to
assure that all previously cached policies have expired can be removed.
Or might just "404" suffice?

-- 
	Viktor.