[jose] Firefox/IE/Safari/Chrome - JCS Compatibility Test
Anders Rundgren <anders.rundgren.net@gmail.com> Sun, 26 October 2014 09:31 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 127921A6FFB for <jose@ietfa.amsl.com>; Sun, 26 Oct 2014 02:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.68
X-Spam-Level: *
X-Spam-Status: No, score=1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FF_IHOPE_YOU_SINK=2.166, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URIBL_RHS_DOB=1.514] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLBulqs84WXk for <jose@ietfa.amsl.com>; Sun, 26 Oct 2014 02:31:06 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 759E91A0021 for <jose@ietf.org>; Sun, 26 Oct 2014 02:31:06 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id b13so3707707wgh.0 for <jose@ietf.org>; Sun, 26 Oct 2014 02:31:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=k9I/5hF8iqRgrswN/EfelXVTjaLYTuhKktbVpbdBpKQ=; b=VEVflVXdLB+P54F3WfjvGwlchc8qDKKUL+MP/i6xFtl9b0GQ/5knqbLD4BWcxelSsX oUpjDGlWenVJov/k1nqXKGtsyz3EqsnKQKQakNKeqUY52gfK4zHhhKN7Mvz9LN7O0H52 ZnLHAhxiSZ8q9+L2guG0+SOJ3iwugEXfPh3nbA6sys/W9YXhUEbWZkFpTuXgGqD6eGzb NtFhJCJw3DjWukFWNVZUhu6HEGd1E+8G5eQCjJJXMc49ETu+CGlXca3reMfblQR5U3Vv UW2dZsXDMRmrZSJ5K78DIJTPoFwoPOzyceE1tZAbNMd8lUJd+tkW15vifj2JGD6sOeRI Lwdg==
X-Received: by 10.180.74.237 with SMTP id x13mr14771140wiv.6.1414315865042; Sun, 26 Oct 2014 02:31:05 -0700 (PDT)
Received: from [192.168.1.79] (222.118.176.95.rev.sfr.net. [95.176.118.222]) by mx.google.com with ESMTPSA id mc4sm7700805wic.6.2014.10.26.02.31.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 26 Oct 2014 02:31:04 -0700 (PDT)
Message-ID: <544CBF4B.90703@gmail.com>
Date: Sun, 26 Oct 2014 10:30:51 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "jose@ietf.org" <jose@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/DjH_Yivj_eFxPep51De-i4iqeNo
Subject: [jose] Firefox/IE/Safari/Chrome - JCS Compatibility Test
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Oct 2014 09:31:08 -0000
Dear List, Although JSON-I says that preserving the order of properties shouldn't be counted on, the JSON implementations in browsers *seem* to do that anyway. This also means that at least on the browser-side there there's no problem supporting clear-text signatures ( https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcs.html ) like featured in the following authentic example created with Chrome and WebCrypto: https://openkeystore.googlecode.com/svn/wcpp-payment-demo/trunk/docs/messages.html#UserAuthorizesTransaction Well, there *is* indeed one thing that doesn't work out-of-the-box and that are floating-point numbers: https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcsbrowsertest.html For JSON applications using floating point numbers, JWS, "upgraded" parsers (like the one I have built), or putting floating point numbers in strings are the [currently] only ways ahead. Note: The idea with JCS is in *no way* competing with JOSE but offering an alternative for those who (like me) are in the process migrating traditional business applications from XML to JSON. If you apply JWS on the counter-signed message above I have a feeling that not everybody would be completely thrilled. BTW, there's is one thing I lack in the browser parsers which I have used extensively on the server-side and that is the ability to test that all properties actually have been read (=no unexpected). This can (at least for low-to-medium complex systems) together with strict "reader" code, pretty well compensate for the lack of a JSON schema. Cheers, AndersR https://mobilepki.org/WebCryptoPlusPlus
- [jose] Firefox/IE/Safari/Chrome - JCS Compatibili… Anders Rundgren