Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 08, 2017 at 08:47:24AM +0100, Julian Reschke wrote:
> On 2017-03-08 08:39, Julian Reschke wrote:
> > On 2017-03-08 02:48, Benjamin Kaduk wrote:
> >> I'm also concerned about the freewheeling use of Unicode.  While
> >> this document does discuss the potential encodings and lists UTF-8
> >> as the default (and most interoperable), I think it would benefit
> >> from a stricter warning that parties using JSON for communication
> >> must have some out-of-band way to agree on what encoding is to be
> >> used.  I would expect that this is usually going to be done by the
> >> protocol using JSON, but could see a place for the actual
> >> communicating peers to have out-of-band knowledge.  (An application
> >> having to guess what encoding is being used based on heuristics is a
> >> recipe for disaster.)
> >> ...
> >
> > AFAIU, there is no need for out-of-band knowledge (which would be very
> > bad). Recipients are supposed to inspect the payload and detect which of
> > the three encoding was used.
> >
> > That said, we probably should make that clearer.

If that's what's supposed to happen, it should probably be more
clear, yes.  (But aren't there texts that have valid interpretations
in multiple encodings?)


> >> ...
> >> I'm also rather curious about the claim that no "charset" parameter
> >> is needed as it "really has no effect on compliant recipients".  Why
> >> is this not a good way to communicate whether UTF-8, UTF-16, or
> >> UTF-32 is in use for a given text?
> >> ...
> >
> > It might have been, but that's now how it is implemented.
> 
> s/now/not/

Alas.

Thanks for the insight.

-Ben




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]