On 5 Sep 2016, at 23:26, Jerry Lundström wrote:

Hi Paul,

On 09/05/16 17:40, Paul Hoffman wrote:
On 5 Sep 2016, at 1:42, Jerry Lundström wrote:

- Non-ASCII octets escaping "\DDD" may lead to broken implementations and/or encoding problem (oh so many printf()'ed JSON implementations out

Sure, but I'm not sure what to do about this. It's not really a security consideration, and it's not really even about this format: that's true for any application that gets a host name in return to a PTR query, yes?

I was more commenting on the fact that it is escaping in a format that
already support escaping. The JSON output would be double escaped and
implementations would need to unescape it themselves rather then let
JSON handle it.

Got it. I'l add a new bit to the Security Considerations about double-escaping.

- The use of "!" and "*" in object attribute names will make it hard to use in language that can read JSON and give out native objects such as

Yeah, I thought about that: it sucks for most programming languages.
Would people be happier if I used "B64" and "HEX" for trailers of names instead of "!" and "*"? I guess I'm in control of the naming and can be
sure those don't appear at the end of object names.

That would be better yes but it also got me thinking, why two different
ways of encoding it?

Could be simplified by just using base64url (or base64).

I think I'll go with B64 and HEX. The reason for two encodings is that hand-editing HEX is definitely easier than Base64, but DNSSEC keys are often expressed as

--Paul Hoffman

DNSOP mailing list

Reply via email to