Re: [jose] Hurdles when Converting XML/XML DSig to JSON
Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 20 August 2013 12:53 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E7BA11E8219 for <jose@ietfa.amsl.com>; Tue, 20 Aug 2013 05:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id it9O0qTD1tmH for <jose@ietfa.amsl.com>; Tue, 20 Aug 2013 05:53:44 -0700 (PDT)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id EB25711E8217 for <jose@ietf.org>; Tue, 20 Aug 2013 05:53:43 -0700 (PDT)
Received: by mail-la0-f53.google.com with SMTP id el20so271530lab.40 for <jose@ietf.org>; Tue, 20 Aug 2013 05:53:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=4W5aJCmvJtZe2LiQ9bqlNV5Yax52w7pT7tOWmEEagv4=; b=BYZG6bo82lW8azj+1V/LVFbpML88m02Xrr8Tq2ehUrvxeFlMXTHIwsPMc91A/7Ryoa a06ZX3pUAYrepOioqn4sYK3T2pGsku20nn0S7mE6viNjYrp+fnBrY7LxYn3jj9OoBB6T sDvjjNEQ+WIzVHkN15ct0Xr8nm62BFMN5d2RYvnfRqWJJax5LZmdUUb0RQ6CuGFdF2oK qqNoUlIcsh2w9E+HgZwZl7H8slkDNqlyzxrbktSS66tn3eRB1l/AwxEWiLFUf0vJiX6h Rzk1X4T010gk4ZyQJR6Notl1aGI3GneRCLB+i2bT4hYyRxGYfMFoP2EiqyWA/Jbe2GbJ fXIQ==
X-Received: by 10.112.42.103 with SMTP id n7mr2633885lbl.6.1377003222826; Tue, 20 Aug 2013 05:53:42 -0700 (PDT)
Received: from [192.168.0.5] (37.250.149.73.bredband.tre.se. [37.250.149.73]) by mx.google.com with ESMTPSA id y8sm1139709lby.5.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 20 Aug 2013 05:53:42 -0700 (PDT)
Message-ID: <521366CE.7060406@gmail.com>
Date: Tue, 20 Aug 2013 14:53:34 +0200
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "jose@ietf.org" <jose@ietf.org>
References: <52108D45.70904@gmail.com>
In-Reply-To: <52108D45.70904@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [jose] Hurdles when Converting XML/XML DSig to JSON
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2013 12:53:45 -0000
I just found out that names SHOULD be unique in proper JSON which will force me to convert essentially everything into arrays. I thought these issues were addressed years ago but I was wrong: http://www.ietf.org/mail-archive/web/json/current/msg01178.html The JSON folks are apparently still struggling with basics... Anders On 2013-08-18 11:00, Anders Rundgren wrote: > Hi, > I have begun seriously thinking about converting the KeyGen2 protocol into JSON. > Unfortunately I'm not too pleased with the result if I follow the current JOSE specifications. > In particular the JWS signature scheme makes the end-result violate a fundamental quality its XML counterpart: readability. > > If you have a few minutes to spare, feel free looking into my pathetic (?) efforts coming up with a workaround: > http://webpki.org/papers/PKI/converting-xmldsig-2-json.pdf > > BTW, I noted one issue that could be of general applicability and that is the use of indirect (2-level) signatures in XML DSig, PDF and possible several other schemes as well. > Question: are limitations in cryptographic subsystems for combined hashing and signing huge amounts of data only a historical artifact these days? > > FWIW, the workaround solution adopts this idea to not impose any signature-related restrictions on message size. > > Cheers, > Anders > http://webpki.org/papers/keygen2/doc/keygen2schema.html > >
- [jose] Hurdles when Converting XML/XML DSig to JS… Anders Rundgren
- Re: [jose] Hurdles when Converting XML/XML DSig t… Anders Rundgren