[Gen-art] Gen-art last call/telechat review of draft-ietf-json-rfc4627bis-07.txt (extended)
Elwyn Davies <elwynd@dial.pipex.com> Fri, 29 November 2013 13:31 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B861AE0A4 for <gen-art@ietfa.amsl.com>; Fri, 29 Nov 2013 05:31:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.592
X-Spam-Level:
X-Spam-Status: No, score=-100.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_RP_RNBL=1.31, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOkuzzzy3D2C for <gen-art@ietfa.amsl.com>; Fri, 29 Nov 2013 05:30:59 -0800 (PST)
Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by ietfa.amsl.com (Postfix) with ESMTP id 45B081AD7C2 for <gen-art@ietf.org>; Fri, 29 Nov 2013 05:30:59 -0800 (PST)
X-Trace: 41674509/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$OFF_NET_AUTH_ACCEPTED/None/81.187.254.249/None/elwynd@dial.pipex.com
X-SBRS: None
X-RemoteIP: 81.187.254.249
X-IP-MAIL-FROM: elwynd@dial.pipex.com
X-SMTP-AUTH: elwynd@dial.pipex.com
X-MUA: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap4EAKmWmFJRu/75/2dsb2JhbABZgz+5LIE2g1hBLw00AkwNAQUCAQGIAQnAO40bgQsRAVCEOgOUMYNjgTCEfotlgWuBPoFx
X-IPAS-Result: Ap4EAKmWmFJRu/75/2dsb2JhbABZgz+5LIE2g1hBLw00AkwNAQUCAQGIAQnAO40bgQsRAVCEOgOUMYNjgTCEfotlgWuBPoFx
X-IronPort-AV: E=Sophos;i="4.93,798,1378854000"; d="scan'208";a="41674509"
X-IP-Direction: OUT
Received: from weee-pc2.folly.org.uk (HELO [81.187.254.249]) ([81.187.254.249]) by smtp.pipex.tiscali.co.uk with ESMTP; 29 Nov 2013 13:30:57 +0000
Message-ID: <5298970E.90707@dial.pipex.com>
Date: Fri, 29 Nov 2013 13:30:54 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: General Area Review Team <gen-art@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-json-rfc4627bis.all@tools.ietf.org
Subject: [Gen-art] Gen-art last call/telechat review of draft-ietf-json-rfc4627bis-07.txt (extended)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Nov 2013 13:31:03 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-json-rfc4627bis-07.txt Reviewer: Elwyn Davies Review Date: 28 November 2013 IETF LC End Date: 25 November 2013 IESG Telechat date: 5 December 2013 Summary: [Apologies for missing the end of last call.] Almost ready for publication as a standard track RFC. There are a couple of minor issues and some nits that should be addressed before publication. After I submitted the original version of this review three additional points occurred to me: - The virtue of providing an appendix with the ABNF altogether in one place - the inconsistency of sections 9 and 10. - minor inconsistency in layout of example 1. There have been discussions of the use of BOM characters at the start of JSON strings, whether the top level production should just be a 'value' (with ws), what the status of the reference to ECMA-404 shoould be and the "heavy encouragement" of the use of UTF-8 encoding. IANA also require some clarification of the update of the application/json MIME type. This review doesn't address these issues. Major issues: None. Minor issues: s1, para 4: It would probably be useful to clarify that 'value' has the same meaning as in the previous para. Also that it is not required that the array elements in a single array be all the same type. s4: The unordered nature of the entries in an object is not mentioned. Presumably it should state that two objects with the same sets of name-value pairs ("members") in any order are logically equivalent. s10: s9 allows there to be parsers that accept extensions. s10 only allows generators to produce strict JSON. Perhaps one should allow for strict generators and extended generators that match with extended parsers? s12, last sentence: > The same > consideration applies in any other programming language in which JSON > texts conform to that language's syntax. Whilst there is clearly a security issue when a JSON text is fed to the equivalent of JavaScript's eval() function, it strikes me that this is only a problem if the other programming language also overloads its equivalent of eval() to parse JSON texts. I think the text isn't clear on this. Perhaps add 'and the JSON text parser does the equivalent of eval()' to the end. (Actually the change note in Appendix A is *much* clearer on what is meant!) A potentially more serious issue comes from the standard buffer overrun/execution of data problems in that the JSON text may be parsed (effectively compiled) into a piece of executable binary. This should probably be called out. Nits/editorial comments: General: Many RFCs that use ABNF specifications where parts of the ABNF are presented in separate sections also provide a section or appendix with the whole of the ABNF in one place. Whilst this provides a very minor double maintenance problem, it does aid implementers and facilitates checking of the complete grammar to catch mismatches. s1, para 1 and s1.2, para 2: The statements of ECMAscript being 'Third Edition' in s1 and 'version 5.1' in s1.2 is slightly confusing - would it be possible to explain what is going on here please? s5: Would be worth reiterating that there is no requirement for the values in an array to be the same type. s6: To be absolutely definite, assert that numbers are represented in base 10. s11: There is inconsistency in the presentation of email addresses: The two instances of <iesg@ietf.org are (presumably) missing a trailing '>'. For consisteency should douglas@crockford.com be <douglas@crockford.com>? s13: (very nitty - but could be confusing) The indentations of the "Animated" member and the trailing } are inconsistent with pretty printing scheme for the rest of the example. ("Animated" s/b right shifted by 4 spaces, } s/b left shifted by 2 spaces) s13: Might be useful to insert examples with - an array with elements that are not the same type - equivalent objects with the members in different orders. These could also show off escape sequences and maximally compact formats (using the equivalent object example to show that the white space is irrelevant).
- [Gen-art] Gen-art last call/telechat review of dr… Elwyn Davies