IETF Logo Mail Archive

Re: [apps-discuss] JSON mailing list and BoF

Nico Williams <nico@cryptonector.com> Tue, 19 February 2013 20:59 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7147E21F8A4F; Tue, 19 Feb 2013 12:59:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.844
X-Spam-Level:
X-Spam-Status: No, score=-3.844 tagged_above=-999 required=5 tests=[AWL=-1.867, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAjWqP2uaCKh; Tue, 19 Feb 2013 12:59:17 -0800 (PST)
Received: from homiemail-a25.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by ietfa.amsl.com (Postfix) with ESMTP id 6E65521F8A3F; Tue, 19 Feb 2013 12:59:17 -0800 (PST)
Received: from homiemail-a25.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTP id 4A439678058; Tue, 19 Feb 2013 12:59:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=MCPVJH1MmHDSGvrkCgbq Nklxv+s=; b=iNnOq4CKkUkrpdg3YWkaxlByFfbeTV3S7dOkCbOAWNeaElXdmAeO JPXSsWpUFN4CB57Daf2a1bCdMf1BoT7DUCo1pnc1BgGsc2DmNSTu7c4rQtWNKE3c TfAQb0eQFId+w0FNm6s9FarMeU8r6sCTRWsMSo8jqFxodFPEKNvwq6Y=
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTPSA id B858267803E; Tue, 19 Feb 2013 12:59:16 -0800 (PST)
Received: by mail-wi0-f178.google.com with SMTP id o1so5388346wic.17 for <multiple recipients>; Tue, 19 Feb 2013 12:59:14 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.180.91.106 with SMTP id cd10mr11273471wib.6.1361307554320; Tue, 19 Feb 2013 12:59:14 -0800 (PST)
Received: by 10.216.254.217 with HTTP; Tue, 19 Feb 2013 12:59:14 -0800 (PST)
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367477490@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <A723FC6ECC552A4D8C8249D9E07425A70F8943CC@xmb-rcd-x10.cisco.com> <BF7E36B9C495A6468E8EC573603ED9411513E818@xmb-aln-x11.cisco.com> <4E1F6AAD24975D4BA5B168042967394367477490@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Tue, 19 Feb 2013 14:59:14 -0600
Message-ID: <CAK3OfOh3yiCuauFTFHeEQgr2R5m+CAmA7PwUFNxAp56ZWkO9rQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "json@ietf.org" <json@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] JSON mailing list and BoF
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2013 20:59:18 -0000

On Tue, Feb 19, 2013 at 2:47 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> I'm strongly against canonicalization.  The XML canonicalization experience was horrible and resulted in more interop bugs than any other aspect of XML DSIG, XML ENC, etc.  Let's not repeat the mistakes of our elders. ;-)
>
> I also haven't seen a clear use case that canonicalization solves that can't be more easily solved another way.

But what were the mistakes?  Is canonicalization in and of itself a
mistake?  Or were the mistakes about how to do it?

I personally think that standards should avoid having to canonicalize
JSON (and XML) wherever possible.  The simplest way to do this is
never re-encode in the process of validating signatures, for example.
However, I'm not sure that we can always avoid canonicalization, or
that even if we can it has no value; I could be convinced.

Nico
--

v2.23.0 | Report a Bug | By Email