Re: TJSON from Tony Arcieri on 2016-11-03 (public-interledger@w3.org from November 2016)

From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 3 Nov 2016 12:10:59 -0700
To: Stefan Thomas <stefan@ripple.com>
Cc: Shane McCarron <shane@spec-ops.io>, Anders Rundgren <anders.rundgren.net@gmail.com>, Adrian Hope-Bailie <adrian@hopebailie.com>, Interledger Community Group <public-interledger@w3.org>
Message-ID: <CAHOTMVLcWjNadCOVqGLp_99sytwz7gicyMPpipinCuRN+ahG3w@mail.gmail.com>

On Thu, Nov 3, 2016 at 11:15 AM, Stefan Thomas <stefan@ripple.com> wrote:

> Why do I have to add a ton of tags? Why not just:
>
> {
>   "count": 5,
>   "key:b64":  "AANFJzysAFsbashj==",
>   "message": "Hello!"
> }
>

There's an alternative syntax proposal here which is quite similar:

https://github.com/tjson/tjson-spec/issues/30

> I.e. tag the fields where your default guess of the type would be wrong
> and leave the rest of the fields as-is.
>

There's a domain separation concern if you don't always add a tag: it no
longer becomes possible to encode strings which legitimately end with a
given postfix. This could, among other things, be exploited by an attacker
to change how strings are interpreted, provided the attacker can control
the key.

I would prefer not to have that sharp edge.

-- 
Tony Arcieri

Received on Thursday, 3 November 2016 19:11:51 UTC