Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 11 May 2019 05:33 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 779C0120145 for <dispatch@ietfa.amsl.com>; Fri, 10 May 2019 22:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZ14xezffp_M for <dispatch@ietfa.amsl.com>; Fri, 10 May 2019 22:33:21 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 582081201DB for <dispatch@ietf.org>; Fri, 10 May 2019 22:33:20 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id v11so9867530wru.5 for <dispatch@ietf.org>; Fri, 10 May 2019 22:33:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=HnaVa2mX7Nu1f6IhgjyK86sSNTJMWoG+zb/5IEwptSg=; b=oSBr2etQgZyuq484687AYaj3OSzf4VU1kl2tKuUO82uTYxpjGKYKoCbme4fnQqFrmA pjOmUJQwV/w1kSMIaRvOv5ZfaF2kImmFS0dODpXNwZdO0kOv13S8EvPgrc2pNT7D2ooN //PrqmeRmWd7cXiZOnY2hj+mwbqcMrpYDDeTvijxiILjxo0RTZ7sMMCYxETPey6QZB9Z Ez4+TQY7IHhDnBNuJhR/OhHLCORllTGJ0Dwd8LTNUbRyB61lDRMyw3AJ1/kwx13bryNZ lJcYEYJyD5Tc94uvZdzqq8HfmpjdDhRuXdLdRxFc9sPJ+2/lHmCF5vI/MZlWrhL5yB+7 Gd9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=HnaVa2mX7Nu1f6IhgjyK86sSNTJMWoG+zb/5IEwptSg=; b=N+N0Q2g8Ja6raRPcylDtJzlOJiGly4/0poCvIeFu12kZxeGi3ou4xq041f7HKXGzpE DECq2otV8FnPI63sZXKebE0Y+xEgAK3NFJ5W3Ru2cl64I77V2tHyvzgyqCXc+zp8jaiq 4BZM09knjiVii1UYD2/O75rbSs004ABlbClgqmt78pIw/kW/Q3gpnMCBuEW3+RDP+W9A VOwaazNdZYFciKlLIU5EbLPPb+kuWv2YZ+JYBpUgIR0rQ4DHZi/NP8m4YGZWOuNZjsWr y63JCcGWY9ySxRjhbP+w0CzYlNZf1QSgG3yeGanMAQuV72JULnkgn/NvJMm+a8SByYkp 4hvg==
X-Gm-Message-State: APjAAAVfrdE22mzc6M6yJfAkgzxt3eYTb0TDAytJ/CdyMq1tFy9jPE/k vi8Sa5zNjGmnDe1TO8zMk4sL+jvSiiA=
X-Google-Smtp-Source: APXvYqwVpaOGXwSSd2V3DMDg0swOxPvIZmaMIVEKgACJHtK8PZGZ9UMRnJ6DhvWH9vcv8RLeUWID1g==
X-Received: by 2002:a5d:65d1:: with SMTP id e17mr9880377wrw.65.1557552798490; Fri, 10 May 2019 22:33:18 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id p67sm5763538wmp.22.2019.05.10.22.33.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 May 2019 22:33:17 -0700 (PDT)
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>
Cc: Ben Campbell <ben@nostrum.com>, DISPATCH <dispatch@ietf.org>
References: <6445089C-CC1A-4405-85CB-A7561D9B25BA@gmail.com> <2904F41A-539C-496B-ABF2-7D2618FC8116@nostrum.com> <CABcZeBNU6=TJ5RD-W4GMMy-z3zqrDz-P6-e3Bftet4L4js9HoQ@mail.gmail.com> <CA+k3eCScs8nrbb5NQv2wPO8kXRyBxqXCyFG+uVbN3PpXK1iL1Q@mail.gmail.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <c3596d61-42e2-5ebb-c28b-aa81286e662d@gmail.com>
Date: Sat, 11 May 2019 07:33:15 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CA+k3eCScs8nrbb5NQv2wPO8kXRyBxqXCyFG+uVbN3PpXK1iL1Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/TuQLBCSjw6l95mO6QXKRuiVzGy4>
Subject: Re: [dispatch] JSON Canonicalization Scheme (JCS) Proposal
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 May 2019 05:33:24 -0000

On 2019-05-10 17:43, Brian Campbell wrote:
> Similar to Ekr, none of this has really changed my opinion of this work or made me more enthusiastic about it. https://mailarchive.ietf.org/arch/msg/dispatch/RCRQgw69-jn0IlwnH1JTA7dwOlE

Brian & Ekr,

If the lack of enthusiasm is due to a belief that clear text data is a no-issue [*], I have nothing to add since that is merely an opinion.
If OTOH this is rather due to the technology itself a reference to the actual draft would be more than welcome.

https://cyberphone.github.io/ietf-json-canon/ietf-104-report.html
https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-06

JCS is not a fullblown canonicalization scheme like XML's C14; it is a (fairly rudimentary) serialization method.
The bad experiences from the XML era BTW were also due to other factors such as Namespaces, SOAP and an elaborate WS* stack which indeed took years to get fully interoperable between vendors.

thanx,
Anders

*] None of the current Open Banking APIs encode their signed messages in Base64Url


> 
> On Tue, May 7, 2019 at 3:36 PM Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
> 
> 
> 
>     On Tue, May 7, 2019 at 2:33 PM Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote:
> 
>         (as DISPATCH chair)
> 
>         It would be helpful to hear some more voices here. Does anyone else have opinions? Especially people involved in those side meetings?
> 
> 
>     FWIW, none of this has really changed me opinion of this from Prague or made me more enthusiastic about this work.
> 
>     -Ekr
> 
> 
>         Bret, could you offer a very high level summary of the side discussions from Prague?
> 
>         Thanks!
> 
>         Ben.
> 
>>         On Apr 29, 2019, at 1:44 PM, Bret Jordan <jordan.ietf@gmail.com <mailto:jordan.ietf@gmail.com>> wrote:
>>
>>         Dispatch,
>>
>>         During IETF 104 there were several meetings and sessions about the proposed JCS solution. This JCS solution defines a way to canonicalize JSON data to enable hash-able JSON. After listening to and working through most of the concerns that were raised, there seems to be some significant interest and use-cases for moving this work forward.
>>
>>         We respectfully request that DISPATCH look at this work and determine where it would best fit in the IETF.  We would also like to request that DISPATCH add this to the next interim or full meeting.
>>
>>         The current draft can be found here: https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-05
>>
>>         Further, many successful implementations for several different platforms as well as a public "playground" https://mobilepki.org/jws-jcs/home have been created to show that this not only works, but is pretty easy to implement.
>>
>>         Personally I know many organizations and solutions that desperately need this for production.   Thank you for your consideration.
>>
>>
>>         Thanks,
>>         Bret
>>         PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>>         "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
>>
>>         _______________________________________________
>>         dispatch mailing list
>>         dispatch@ietf.org <mailto:dispatch@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/dispatch
> 
>         _______________________________________________
>         dispatch mailing list
>         dispatch@ietf.org <mailto:dispatch@ietf.org>
>         https://www.ietf.org/mailman/listinfo/dispatch
> 
>     _______________________________________________
>     dispatch mailing list
>     dispatch@ietf.org <mailto:dispatch@ietf.org>
>     https://www.ietf.org/mailman/listinfo/dispatch
> 
> 
> /CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited..  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you./
> 
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
>