Re: [jose] Binary JSON Signing and Encryption
Sergey Beryozkin <sberyozkin@gmail.com> Mon, 07 July 2014 10:49 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7394F1B280E for <jose@ietfa.amsl.com>; Mon, 7 Jul 2014 03:49:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5VNwCZNGejqx for <jose@ietfa.amsl.com>; Mon, 7 Jul 2014 03:49:19 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BFC1B280D for <jose@ietf.org>; Mon, 7 Jul 2014 03:49:19 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id x48so4163843wes.23 for <jose@ietf.org>; Mon, 07 Jul 2014 03:49:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=or9+/J0qjN8tj/qqJ9CuG8aTipPd5mjLOJ1YW2F/efY=; b=iApgRC4KJ/E0X4bGVy7H0FkUzrwWO2yukwTGiFM+XLnuUzjp+owZ0Aj4/uiZv/kObH CcY9JWWqGan8W0NthJmoC6Z1MBoTIw7Syw3TpMbSA7wa3nTMtHxsapKtaFOS/P7OqFsb yH+aZDAtwO3OYAGkS0sKHFUfk77tEkVJ207xcOI4g3tnBzPE9FhsZiiuoQfsAMg23gky vu4KmyDmi8yM9fjudKblPA9f/GWrQrS5il4h2yMyzf0HyoQx+9o5A8eeIm7yiyHhrF9/ i+cQnX8c6wt6jjJrrtypNBK3P1brcK4t0n6IvGqEPqjgUOdaK/6Kn+o8EZqro6H73l/Q bgxg==
X-Received: by 10.180.79.201 with SMTP id l9mr36479735wix.60.1404730157612; Mon, 07 Jul 2014 03:49:17 -0700 (PDT)
Received: from [10.36.226.2] ([80.169.137.63]) by mx.google.com with ESMTPSA id bq7sm113809139wib.7.2014.07.07.03.49.16 for <jose@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Jul 2014 03:49:16 -0700 (PDT)
Message-ID: <53BA7B2B.3080105@gmail.com>
Date: Mon, 07 Jul 2014 11:49:15 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: jose@ietf.org
References: <CFDD04E6.1B0C3%john.mattsson@ericsson.com> <CAHBU6iuY0t2Xtgq5ORxs-_7e6X4YNRwCKvmLkz+y2L1+EAMQyg@mail.gmail.com>
In-Reply-To: <CAHBU6iuY0t2Xtgq5ORxs-_7e6X4YNRwCKvmLkz+y2L1+EAMQyg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/1Bs29hNgVhZ63o4192O8vzKUyXw
Subject: Re: [jose] Binary JSON Signing and Encryption
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 10:49:21 -0000
I've recently realized that JSON Web Signature and Encryption can sign and encrypt arbitrary payloads. Only the metadata (headers) are in JSON format. While I do not appreciate/understand how constrained some devices can be but I wonder if there could be any significant win by replacing the JSON metadata with the binary equivalent, it is likely in 80% there will be two/three headers max with some of those headers are the hints on how to process the payloads thus bearing no memory requirements... Cheers, Sergey On 05/07/14 18:34, Tim Bray wrote: > If you move from JSON to something that’s not JSON, you lose a whole lot > of super-developer-friendly libraries and tooling, all very > fully-debugged and performant; and you also lose interchange > opportunities. So you should be really sure that you actually get a > significant advantage in one or more of performance, code size, or data > size. > > I personally just haven’t seen the evidence that the binary-ness of a > format guarantees really significant wins. Specifically, my experience > is that time spent deserializing message formats into program data > structures is often dominated by memory management code. I’m not saying > that some sort of binary JSON-like message format is necessarily bad, > but I am saying that the costs are significant, and you should insist on > quantitative evidence of a win before you impose those costs on your > community. > > > On Fri, Jul 4, 2014 at 4:26 PM, John Mattsson > <john.mattsson@ericsson.com <mailto:john.mattsson@ericsson.com>> wrote: > > One of the outcomes (from a breakout session) of the recent W3C workshop > on the Web of Things (http://www.w3.org/2014/02/wot/) were that for > constrained devices, more lightweight alternatives to JSON are desired. > > It was discussed that one of the binary JSON formats (e.g. RFC7049 CBOR) > would be better alternatives for constrained devices using 802.15.4, and > that e2e secure binary JSON would be needed in some applications and > architectures. > > Is anyone aware of any work on securing binary JSON? > > John Mattsson > > > ---------------------------------------------------- > JOHN MATTSSON > MSc Engineering Physics, MSc Business Administration and Economics > Ericsson IETF Security Coordinator > Senior Researcher, Security > > _______________________________________________ > jose mailing list > jose@ietf.org <mailto:jose@ietf.org> > https://www.ietf.org/mailman/listinfo/jose > > > > > -- > - Tim Bray (If you’d like to send me a private message, see > https://keybase.io/timbray) > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] Binary JSON Signing and Encryption John Mattsson
- Re: [jose] Binary JSON Signing and Encryption Carsten Bormann
- Re: [jose] Binary JSON Signing and Encryption Tim Bray
- Re: [jose] Binary JSON Signing and Encryption Richard Barnes
- Re: [jose] Binary JSON Signing and Encryption Mike Jones
- Re: [jose] Binary JSON Signing and Encryption Carsten Bormann
- Re: [jose] Binary JSON Signing and Encryption John Mattsson
- Re: [jose] Binary JSON Signing and Encryption Sergey Beryozkin
- Re: [jose] Binary JSON Signing and Encryption Hannes Tschofenig