Re: [jose] Beyond RFC 8785 (JSON Canonicalization Scheme)

David Waite <> Sat, 11 July 2020 07:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 944E73A0B55 for <>; Sat, 11 Jul 2020 00:26:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3hiv1vaSTnDK for <>; Sat, 11 Jul 2020 00:26:01 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 58A4F3A0B41 for <>; Sat, 11 Jul 2020 00:26:01 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by (Postfix) with ESMTPA id A4A0D38486F; Sat, 11 Jul 2020 07:25:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dkim; t=1594452359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mcl5dCfdUxh2e2Ct6DRKd7t1Fn5/UTtUcIT58kxO7i8=; b=KXC00Ri1Y6c09vSiDvheAzTCu//MKoX4BdJbje9gMuTLPVg03jJOOkcfQdVDmXYzmRwvok +V+0cZPUcBwyowtqPSYw+BvrpY3TthNbhuCT+GJmvR/2DCuGf50hr280K93NNaEX92sY/d 7dCa/32v4Ljs+DOpzwzxGWFMtMJV2AE=
From: David Waite <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D3B673BB-1DA2-4A9B-BEB0-EB5B0B7655C2"
Mime-Version: 1.0
Date: Sat, 11 Jul 2020 01:25:57 -0600
In-Reply-To: <>
Cc: Mike Jones <>, "" <>
To: Anders Rundgren <>
References: <> <>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=dkim; t=1594452360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mcl5dCfdUxh2e2Ct6DRKd7t1Fn5/UTtUcIT58kxO7i8=; b=IGRMX/9Vk3l3vrIqeOxsSQKsQQWgRETYBY7o/1e40EdhGNRAQZh0WfwHTeC4s6v00uLQtR CWyJMJblU6Pkpv5GBHd6gYPh1ICaJkgj97tAzhONusGxJiZvyy4TcEtzKbiHdis2pIBD6Y ZoeRnj720bfzPkHLN4Klww2WWNg6h1Q=
ARC-Seal: i=1; s=dkim;; t=1594452360; a=rsa-sha256; cv=none; b=HxKFfbIUWbsp+wDvkhR9nuKi+W5eZd3Z9fk2CD3hPs/xkgNb1I6GSG64Mb+7qvcdhhohS4 uJiKLow4tE01OwQCagBFS7+jeDqamd/n0OsCkf2OmtXauQqdC8OmM7H9Y410QKpPF6OWEr ASjzmbIL/NYd3W87+BzfpR7nzkvonaw=
ARC-Authentication-Results: i=1;; auth=pass
Authentication-Results:; auth=pass
X-Spamd-Bar: /
Archived-At: <>
Subject: Re: [jose] Beyond RFC 8785 (JSON Canonicalization Scheme)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 11 Jul 2020 07:26:03 -0000

> On Jul 11, 2020, at 00:50, Anders Rundgren <> wrote:
>> On 2020-07-10 22:21, Mike Jones wrote:
>> There are things I would have commented on in JCS if I'd seen intermediate drafts before it became an RFC.  (For instance, I would have asked for explicit serialization instructions for the one ASCII control character not in the range 0x00-0x1F - 0x7F (DEL).)
> Serialization of JSON tokens follows ECMAScript to 100% so the string serialization algorithm is essentially just a copy.

Neither IETF nor ECMA variants of JSON actually define required escaping for the high control points (0x7F-0x9F). So this is likely fairly consistent, if arguably bad behavior.

In the node REPL (which is the same JSON code as Chrome):

> console.log(JSON.stringify({"a":"\u007f"}))

Printing the code points, that is an inline DEL character in the JSON stringified output.