On 5 Sep 2016, at 23:26, Jerry Lundström wrote:
Hi Paul,
On 09/05/16 17:40, Paul Hoffman wrote:
On 5 Sep 2016, at 1:42, Jerry Lundström wrote:
- Non-ASCII octets escaping "\DDD" may lead to broken
implementations
and/or encoding problem (oh so many printf()'ed JSON implementations
out
there)
Sure, but I'm not sure what to do about this. It's not really a
security
consideration, and it's not really even about this format: that's
true
for any application that gets a host name in return to a PTR query,
yes?
I was more commenting on the fact that it is escaping in a format that
already support escaping. The JSON output would be double escaped and
implementations would need to unescape it themselves rather then let
JSON handle it.
Got it. I'l add a new bit to the Security Considerations about
double-escaping.
- The use of "!" and "*" in object attribute names will make it hard
to
use in language that can read JSON and give out native objects such
as
JavaScript.
Yeah, I thought about that: it sucks for most programming languages.
Would people be happier if I used "B64" and "HEX" for trailers of
names
instead of "!" and "*"? I guess I'm in control of the naming and can
be
sure those don't appear at the end of object names.
That would be better yes but it also got me thinking, why two
different
ways of encoding it?
Could be simplified by just using base64url (or base64).
I think I'll go with B64 and HEX. The reason for two encodings is that
hand-editing
HEX is definitely easier than Base64, but DNSSEC keys are often
expressed as
Base64.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
