Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal
Samuel Erdtman <samuel@erdtman.se> Mon, 20 May 2019 11:01 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 427D2120170 for <dispatch@ietfa.amsl.com>; Mon, 20 May 2019 04:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxGQ2esVrsjw for <dispatch@ietfa.amsl.com>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48C7712016F for <dispatch@ietf.org>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id g9so6557115plm.6 for <dispatch@ietf.org>; Mon, 20 May 2019 04:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=kBzuPRNCiCzLxL6AnlUaUq5NCDyqPvXnlx3EkN1mLgI=; b=vTZpk92xacWJVc9iETQaBEmqOqn6+x1MzKRTJgCfEYMihNGcfOHeGIdqcm08Q0KFKJ 8PlVE6wt0VW0bTDiNKLpwUZHwFqSZNS4cVYCwZ4J0VtREfFGnYMqf2w31YBw0xIKHCYB y3qDjs0XIl3JRQX7dasGWGYQyOUoUDE5zPAQdCeqvu7+Dhfp0dfO6EUhyNmVYsXrwK3u Y5QVXEiXJnToYu/GxoY9SAYZVQ25mICiJ5Panvwk6jslVaSz5ymqz4gqsdEe4ncKKt48 pyjG5CknsVtwwXSGwtUi380y/K5zUhFmgy4aT+Giu2OIomPqFVvfEenVzaooMHwRxJWP 1A+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kBzuPRNCiCzLxL6AnlUaUq5NCDyqPvXnlx3EkN1mLgI=; b=hbdox/J+Zyo1c5ijXZcFLMV8oXwsl5G2YlZVM8auyIYc9IzOjTY4dWZzSIAYUJOTnj G9SEUVx4eGqsxVEcgz+xMCxYuVFl0KxWEnDeTuhu6/O4YznIcUhSe63SBuXLmbej9Dhj p7uk6zin/ltrI8eiogSQJPZf8KgVIiqZm4eQVWrG+fi6hYB2ZK29yN3ktVXhISXwVjKq Y35JC6VB67LI89EA2Zt01bZZ5Xe5Fa6BNYhqbYDMCnpkEOS6Y7HjgC/DvPJrJF4/Qbgk MLyuErjGWtFUHWHRTk8Sm/e8qH6WRwvPLJWLWnvXl5AyLsHGIW3TGjm58gkyD7Y7EH1s n8Tw==
X-Gm-Message-State: APjAAAVF9shdha1Op1tIN0M4t2VRl9sd8FE+saJN9mPpPLrP38BUKbRv Ixp77LWrJhzeULpjS3cxNApY+usFe6J1Tebfl8vqOkJ2weIdgQ==
X-Google-Smtp-Source: APXvYqx8VgKUxBaW3pjz51B9B3qwqeHvET2UISOPf/pxvgQ2/6nZCtpY29QTVN/rJMM4SzG9C5ByntzNCx0+rd2urYU=
X-Received: by 2002:a17:902:3383:: with SMTP id b3mr29417465plc.193.1558350100196; Mon, 20 May 2019 04:01:40 -0700 (PDT)
MIME-Version: 1.0
From: Samuel Erdtman <samuel@erdtman.se>
Date: Mon, 20 May 2019 13:01:28 +0200
Message-ID: <CAF2hCbYk2rL9JAd4VoN3ZrKCXkrLvRWQWMhHFekDAXLH-LBrgg@mail.gmail.com>
To: dispatch@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002881e405894fa8b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/7MBWuqTZnmePo1BHnCHIvrBbgbs>
Subject: Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 11:01:43 -0000
I support this work I think the use cases that has been mentioned before (documentation, logging, debug, embedding, countersigningetc.) are valuable but would like to add another to the list. My use case if about interaction with legacy systems. In a distributed environment where systems can publish and subscribe to messages it is hard or even impossible to do significant changes to the format (XML, JOSN, base64url) of messages because it will break existing clients subscribing to the messages. With the solution of cleartext JSON signing adding end-to-end security by signing the JSON would be very non intrusive (adding a new attribute) and existing clients could continue to read the JSON values that they know of while new and updated clients can also verify the signature of a message when needed. You could partly solve this with a translation layer but it would be hard/impossible to get ensure end-to-end security of messages. I hope this adds to the support of this work Best regards //Samuel
- [dispatch] JSON Canonicalization Scheme (JCS) Pro… Bret Jordan
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Brian Rosen
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Anders Rundgren
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Bret Jordan
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Ben Campbell
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Eric Rescorla
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Matthew A. Miller
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Brian Campbell
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Anders Rundgren
- Re: [dispatch] JSON Canonicalization Scheme (JCS)… Samuel Erdtman