19 Úno
2015
19 Úno
'15
19:13
On 2015-02-17 10:50, Jan Včelák wrote:
Hello Matthias-Christian,
Hello Jan,
On 17.2.2015 01:19, Matthias-Christian Ott wrote:
Just to clarify: With the term deterministically parasable I meant to it
requires a bounded amount of memory and can be parsed with a
deterministic finite automaton (hence the name).
It seems there is also JSON library that would meat that I didn't know
about but meets that requirement: jsmn [1].
Is there any reason why you chose JSON over a
simple and securely and
deterministically parseable file format for KASP?
We were looking for something, which is easy parseable by machines,
readable by humans, and available in popular scripting languages.
We originally wanted to use YAML (because the syntax is more
user-friendly), but we weren't satisfied with current open-source
implementations of YAML libraries. JSON was the second candidate. And
libjansson provides really nice and convenient API.
I'm aware that we won't please everyone by this decision. But I,
personally, prefer well-known and widespread format than a custom one.
I agree that JSON is not very simple, but it is definitelly secure and
deterministically parsable: If you have any strong opinions against JSON, we can
still discuss it.
Not in particular, I just found it a bit unusual to use JSON in a
security-relevant context. If JSON meets your requirements, the library
is well tested and other users are happy to easily use it with other
software, I have nothing to object.
Alternatives would have been the file system (like qmail), line and
colon delimited files text files (netstrings, CSV etc.), fixed length
binary formats or variable length binrary formats (Protocol Buffers,
ASN.1, XDR etc.). All of which have their own advantages and disadvantages.
So in my opinion, we can mark this discussion as "issue solved".
Regards,
Matthias-Christian
[1] http://zserge.com/jsmn.html