Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal

Samuel Erdtman <> Mon, 20 May 2019 11:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 427D2120170 for <>; Mon, 20 May 2019 04:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wxGQ2esVrsjw for <>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 48C7712016F for <>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
Received: by with SMTP id g9so6557115plm.6 for <>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=kBzuPRNCiCzLxL6AnlUaUq5NCDyqPvXnlx3EkN1mLgI=; b=vTZpk92xacWJVc9iETQaBEmqOqn6+x1MzKRTJgCfEYMihNGcfOHeGIdqcm08Q0KFKJ 8PlVE6wt0VW0bTDiNKLpwUZHwFqSZNS4cVYCwZ4J0VtREfFGnYMqf2w31YBw0xIKHCYB y3qDjs0XIl3JRQX7dasGWGYQyOUoUDE5zPAQdCeqvu7+Dhfp0dfO6EUhyNmVYsXrwK3u Y5QVXEiXJnToYu/GxoY9SAYZVQ25mICiJ5Panvwk6jslVaSz5ymqz4gqsdEe4ncKKt48 pyjG5CknsVtwwXSGwtUi380y/K5zUhFmgy4aT+Giu2OIomPqFVvfEenVzaooMHwRxJWP 1A+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kBzuPRNCiCzLxL6AnlUaUq5NCDyqPvXnlx3EkN1mLgI=; b=hbdox/J+Zyo1c5ijXZcFLMV8oXwsl5G2YlZVM8auyIYc9IzOjTY4dWZzSIAYUJOTnj G9SEUVx4eGqsxVEcgz+xMCxYuVFl0KxWEnDeTuhu6/O4YznIcUhSe63SBuXLmbej9Dhj p7uk6zin/ltrI8eiogSQJPZf8KgVIiqZm4eQVWrG+fi6hYB2ZK29yN3ktVXhISXwVjKq Y35JC6VB67LI89EA2Zt01bZZ5Xe5Fa6BNYhqbYDMCnpkEOS6Y7HjgC/DvPJrJF4/Qbgk MLyuErjGWtFUHWHRTk8Sm/e8qH6WRwvPLJWLWnvXl5AyLsHGIW3TGjm58gkyD7Y7EH1s n8Tw==
X-Gm-Message-State: APjAAAVF9shdha1Op1tIN0M4t2VRl9sd8FE+saJN9mPpPLrP38BUKbRv Ixp77LWrJhzeULpjS3cxNApY+usFe6J1Tebfl8vqOkJ2weIdgQ==
X-Google-Smtp-Source: APXvYqx8VgKUxBaW3pjz51B9B3qwqeHvET2UISOPf/pxvgQ2/6nZCtpY29QTVN/rJMM4SzG9C5ByntzNCx0+rd2urYU=
X-Received: by 2002:a17:902:3383:: with SMTP id b3mr29417465plc.193.1558350100196; Mon, 20 May 2019 04:01:40 -0700 (PDT)
MIME-Version: 1.0
From: Samuel Erdtman <>
Date: Mon, 20 May 2019 13:01:28 +0200
Message-ID: <>
Content-Type: multipart/alternative; boundary="0000000000002881e405894fa8b9"
Archived-At: <>
Subject: Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 May 2019 11:01:43 -0000

I support this work I think the use cases that has been mentioned before
(documentation, logging, debug, embedding, countersigningetc.) are valuable
but would like to add another to the list.

My use case if about interaction with legacy systems. In a distributed
environment where systems can publish and subscribe to messages it is hard
or even impossible to do significant changes to the format (XML, JOSN,
base64url) of messages because it will break existing clients subscribing
to the messages. With the solution of cleartext JSON signing adding
end-to-end security by signing the JSON would be very non intrusive (adding
a new attribute) and existing clients could continue to read the JSON
values that they know of while new and updated clients can also verify the
signature of a message when needed.

You could partly solve this with a translation layer but it would be
hard/impossible to get ensure end-to-end security of messages.

I hope this adds to the support of this work

Best regards