1. 13

  2. 3

    Some previous discussion on HN: https://news.ycombinator.com/item?id=30218954

    It’s not clear to me what advantages, if any, this encoding has over the current semi-standard of Protocol Buffers (+ clones such as Thrift).

    1. 1

      I am also unsure where this fits in with other security-focused formats such as Saltpack and more general efforts at future-proofing attempts such as Multiformats.

      1. 1

        Likewise, it was not clear to me why this would be more secure than pretty much any other format. There’s a bit of a disconnect between the goals and the result.

        1. 4

          It’s pretty strict about formats and representable values, and specifies a bunch of types not natively represented in JSON, so it’d be less prone to issues caused by ambiguous parsing/validation, which has been the cause of some major security holes.

          But while I like the approach, especially having both a binary and text encoding, I think it tries to do too much. My enthusiasm waned the further I read down the spec. I get the feeling it will be quite a bit of work to implement, which weighs against its getting much use. Part of the appeal of JSON, outside JavaScript, is that it’s really easy to write a codec.

          1. 3

            When I got to the part about graphs and trees, that felt like a really bad scope creep.