[jose] I-D: draft-rundgren-json-canonicalization-scheme-02

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 20 December 2018 03:12 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B600F12D7EA; Wed, 19 Dec 2018 19:12:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSSW6LaEo0UN; Wed, 19 Dec 2018 19:12:37 -0800 (PST)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB35C130DD5; Wed, 19 Dec 2018 19:12:36 -0800 (PST)
Received: by mail-wr1-x42d.google.com with SMTP id r10so195916wrs.10; Wed, 19 Dec 2018 19:12:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:from:to:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=JXRTRwaSb1CgbHsZNgXkHMvicPA59+aREepA4kR4qEw=; b=WuE1oyCNcG6X4N9+o4njVinxW5CH6YpTXG7RkhRn880ziIskdISWBZXbv/uSDBllgj LOgeAknOGv8vRiiA7ut6Db2snsaWFeE+QYHi54LCtbv7BBHAT9T6ZyttYHR0+3lZ/GXs wuMHwOOz5JzwdibJnnNJ9hxeWRQJKZqHvs8gydJt5fYmAM8lBziqst+MhXV8AYR3g1mm 96NqHSTEv35zRT7b1lqoY8L5maPVGmL3FChwV4nUw2FP1yDCY8GJOVn/LfbXAw69MHKU 5I2yMNIn8nNK5dy6ESvQ42s7tOJfeQsoSwtVFK0ZLEaPgGmytLGXGpOrzuI2k+WE+Feh Pgrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:from:to:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=JXRTRwaSb1CgbHsZNgXkHMvicPA59+aREepA4kR4qEw=; b=MfxqXgpFMhSiggxgvxL6Z7+JN3Nl1tpltFndn2/AfCDgwZV0NdTHj3LMUv+/Zl+4Tw FG/iAgtb3wWR5X6V6j+8fkdNa9AgJcVoFy1sbIM3QWGbSMvpu7+q0TzTB2AaiEyu9ln2 8RMG026tZHaCDInzI8uT4bg0gV8QwDsHzkWJSv+kuPj6UG5mpmkgSaJg6QJG40/gLQ1w Ntkyy+iD1rLklVG4MnGKJmVtHbfJK2FONNGq8cvzfMKD3yKqX3A39Lv5/taLDScXj+LT Kq/clu4cWs7zBa1v8IdsG/7OvYUDGVaoSeaNMURSfRbS1O6DRATHn5bwwvvZZHtOiGXH rhwA==
X-Gm-Message-State: AA+aEWangt4R4tizsg/zI2zCbnfZCF7JGR8qqpivBZzvwyADR/n7+Wy5 pmLBrui61s6WzpdltAV+RdHEQFtK
X-Google-Smtp-Source: AFSGD/XgGeTQZvIM53g9jEQM5X01L5UFOFYZSiK3haC2q8qJ+/RRWkxWpLTtydmIfVdkk59PwMrYzQ==
X-Received: by 2002:adf:900f:: with SMTP id h15mr20675555wrh.18.1545275554728; Wed, 19 Dec 2018 19:12:34 -0800 (PST)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id y8sm8132743wmg.13.2018.12.19.19.12.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Dec 2018 19:12:33 -0800 (PST)
References: <154524860359.1830.15798957210923037180.idtracker@ietfa.amsl.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "json@ietf.org" <json@ietf.org>, "jose@ietf.org" <jose@ietf.org>
X-Forwarded-Message-Id: <154524860359.1830.15798957210923037180.idtracker@ietfa.amsl.com>
Message-ID: <983a6cb9-cca5-697f-73a4-d2fa8de6c27e@gmail.com>
Date: Thu, 20 Dec 2018 04:12:28 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <154524860359.1830.15798957210923037180.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Hz60Iyr4Fb6gyFy_vZkWQQM0n34>
Subject: [jose] I-D: draft-rundgren-json-canonicalization-scheme-02
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 03:12:39 -0000

https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02

Abstract:
    Cryptographic operations like hashing and signing depend on that the
    target data does not change during serialization, transport, or
    parsing.  By applying the rules defined by JCS (JSON Canonicalization
    Scheme), data provided in the JSON [RFC8259] format can be exchanged
    "as is", while still being subject to secure cryptographic
    operations.  JCS achieves this by building on the serialization
    formats for JSON primitives as defined by ECMAScript [ES6],
    constraining JSON data to the I-JSON [RFC7493] subset, and through a
    platform independent property sorting scheme.

    The intended audiences of this document are JSON tool vendors, as
    well as designers of JSON based cryptographic solutions.

////
In addition to some wordsmithing, this revision is supposed to make it
clearer that JCS is not a traditional canonicalization scheme working
on the text level, but a serialization scheme providing a canonical
form of JSON data conforming to a strict interpretation of I-JSON.

The serialization-only scheme makes implementation straightforward
and improves performance.

A list of Open Source implementations is also included in this revision.

Enjoy!

Anders