Re: [jose] Binary JSON Signing and Encryption

Sergey Beryozkin <sberyozkin@gmail.com> Mon, 07 July 2014 10:49 UTC

Return-Path: <sberyozkin@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7394F1B280E for <jose@ietfa.amsl.com>; Mon, 7 Jul 2014 03:49:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5VNwCZNGejqx for <jose@ietfa.amsl.com>; Mon, 7 Jul 2014 03:49:19 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BFC1B280D for <jose@ietf.org>; Mon, 7 Jul 2014 03:49:19 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id x48so4163843wes.23 for <jose@ietf.org>; Mon, 07 Jul 2014 03:49:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=or9+/J0qjN8tj/qqJ9CuG8aTipPd5mjLOJ1YW2F/efY=; b=iApgRC4KJ/E0X4bGVy7H0FkUzrwWO2yukwTGiFM+XLnuUzjp+owZ0Aj4/uiZv/kObH CcY9JWWqGan8W0NthJmoC6Z1MBoTIw7Syw3TpMbSA7wa3nTMtHxsapKtaFOS/P7OqFsb yH+aZDAtwO3OYAGkS0sKHFUfk77tEkVJ207xcOI4g3tnBzPE9FhsZiiuoQfsAMg23gky vu4KmyDmi8yM9fjudKblPA9f/GWrQrS5il4h2yMyzf0HyoQx+9o5A8eeIm7yiyHhrF9/ i+cQnX8c6wt6jjJrrtypNBK3P1brcK4t0n6IvGqEPqjgUOdaK/6Kn+o8EZqro6H73l/Q bgxg==
X-Received: by 10.180.79.201 with SMTP id l9mr36479735wix.60.1404730157612; Mon, 07 Jul 2014 03:49:17 -0700 (PDT)
Received: from [10.36.226.2] ([80.169.137.63]) by mx.google.com with ESMTPSA id bq7sm113809139wib.7.2014.07.07.03.49.16 for <jose@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Jul 2014 03:49:16 -0700 (PDT)
Message-ID: <53BA7B2B.3080105@gmail.com>
Date: Mon, 07 Jul 2014 11:49:15 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: jose@ietf.org
References: <CFDD04E6.1B0C3%john.mattsson@ericsson.com> <CAHBU6iuY0t2Xtgq5ORxs-_7e6X4YNRwCKvmLkz+y2L1+EAMQyg@mail.gmail.com>
In-Reply-To: <CAHBU6iuY0t2Xtgq5ORxs-_7e6X4YNRwCKvmLkz+y2L1+EAMQyg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/1Bs29hNgVhZ63o4192O8vzKUyXw
Subject: Re: [jose] Binary JSON Signing and Encryption
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 10:49:21 -0000

I've recently realized that JSON Web Signature and Encryption can sign 
and encrypt arbitrary payloads. Only the metadata (headers) are in JSON 
format.
While I do not appreciate/understand how constrained some devices can be 
but I wonder if there could be any significant win by replacing the JSON 
metadata with the binary equivalent, it is likely in 80% there will be 
two/three headers max with some of those headers are the hints on how to 
process the payloads thus bearing no memory requirements...

Cheers, Sergey

On 05/07/14 18:34, Tim Bray wrote:
> If you move from JSON to something that’s not JSON, you lose a whole lot
> of super-developer-friendly libraries and tooling, all very
> fully-debugged and performant; and you also lose interchange
> opportunities.  So you should be really sure that you actually get a
> significant advantage in one or more of performance, code size, or data
> size.
>
> I personally just haven’t seen the evidence that the binary-ness of a
> format guarantees really significant wins. Specifically, my experience
> is that time spent deserializing message formats into program data
> structures is often dominated by memory management code.  I’m not saying
> that some sort of binary JSON-like message format is necessarily bad,
> but I am saying that the costs are significant, and you should insist on
> quantitative evidence of a win before you impose those costs on your
> community.
>
>
> On Fri, Jul 4, 2014 at 4:26 PM, John Mattsson
> <john.mattsson@ericsson.com <mailto:john.mattsson@ericsson.com>> wrote:
>
>     One of the outcomes (from a breakout session) of the recent W3C workshop
>     on the Web of Things (http://www.w3.org/2014/02/wot/) were that for
>     constrained devices, more lightweight alternatives to JSON are desired.
>
>     It was discussed that one of the binary JSON formats (e.g. RFC7049 CBOR)
>     would be better alternatives for constrained devices using 802.15.4, and
>     that e2e secure binary JSON would be needed in some applications and
>     architectures.
>
>     Is anyone aware of any work on securing binary JSON?
>
>     John Mattsson
>
>
>     ----------------------------------------------------
>     JOHN MATTSSON
>     MSc Engineering Physics, MSc Business Administration and Economics
>     Ericsson IETF Security Coordinator
>     Senior Researcher, Security
>
>     _______________________________________________
>     jose mailing list
>     jose@ietf.org <mailto:jose@ietf.org>
>     https://www.ietf.org/mailman/listinfo/jose
>
>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>