Re: [jose] Binary JSON Signing and Encryption
Tim Bray <tbray@textuality.com> Sat, 05 July 2014 17:34 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFA9D1A0307 for <jose@ietfa.amsl.com>; Sat, 5 Jul 2014 10:34:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U-rtbazZF-X2 for <jose@ietfa.amsl.com>; Sat, 5 Jul 2014 10:34:46 -0700 (PDT)
Received: from mail-ve0-f170.google.com (mail-ve0-f170.google.com [209.85.128.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 374161B278B for <jose@ietf.org>; Sat, 5 Jul 2014 10:34:46 -0700 (PDT)
Received: by mail-ve0-f170.google.com with SMTP id i13so2598083veh.15 for <jose@ietf.org>; Sat, 05 Jul 2014 10:34:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iTKJ6eUs2rGi1jsMUGZoL+fQ2iUfBC63k9o+TbFnMho=; b=DoeZouQHL++hU585MgCYnfqpuM+YqNIlu5pNugFnt/6peovhI2EqYLHxj7dsZMqSWJ 9jTP8tJVCCu0ztBBj0EP1wVmJm8nrDiVP+X+jae50G90Kpwd2hthBx/vNFRimMaTbtEr njCjpAYZJ5CYVt2OH6u06uvgISPZPICbOzphHU4xKzPjbhebXMyA4LFXWLOsK6pAlTKh OapPdUOEUKykUCXixHESIxyJiYHWWZwvBop7ub3f5WoOjtSDWZf8gtgIU3EKCtmfMvbB 5a+PQCQvwKhv9H6aZaP+XsrN4nGZ4EHSUo0n4ikzJLUC7fqAR6E/nOUvXF3ppRFhFqSP k1LA==
X-Gm-Message-State: ALoCoQm4iUWfUY7qRb1F5HCPvkZgoUvuCzfsDVpN7mceUj1JR5RobI44BYT1K9YScwOU3xJwEinr
X-Received: by 10.58.229.162 with SMTP id sr2mr16122067vec.15.1404581685099; Sat, 05 Jul 2014 10:34:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.221.49.199 with HTTP; Sat, 5 Jul 2014 10:34:24 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <CFDD04E6.1B0C3%john.mattsson@ericsson.com>
References: <CFDD04E6.1B0C3%john.mattsson@ericsson.com>
From: Tim Bray <tbray@textuality.com>
Date: Sat, 05 Jul 2014 10:34:24 -0700
Message-ID: <CAHBU6iuY0t2Xtgq5ORxs-_7e6X4YNRwCKvmLkz+y2L1+EAMQyg@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/alternative; boundary="047d7bd6bd5c6661d904fd75a89e"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/TLFPPomQQdjiaosnI_-f24Ocrl8
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Binary JSON Signing and Encryption
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jul 2014 17:34:48 -0000
If you move from JSON to something that’s not JSON, you lose a whole lot of super-developer-friendly libraries and tooling, all very fully-debugged and performant; and you also lose interchange opportunities. So you should be really sure that you actually get a significant advantage in one or more of performance, code size, or data size. I personally just haven’t seen the evidence that the binary-ness of a format guarantees really significant wins. Specifically, my experience is that time spent deserializing message formats into program data structures is often dominated by memory management code. I’m not saying that some sort of binary JSON-like message format is necessarily bad, but I am saying that the costs are significant, and you should insist on quantitative evidence of a win before you impose those costs on your community. On Fri, Jul 4, 2014 at 4:26 PM, John Mattsson <john.mattsson@ericsson.com> wrote: > One of the outcomes (from a breakout session) of the recent W3C workshop > on the Web of Things (http://www.w3.org/2014/02/wot/) were that for > constrained devices, more lightweight alternatives to JSON are desired. > > It was discussed that one of the binary JSON formats (e.g. RFC7049 CBOR) > would be better alternatives for constrained devices using 802.15.4, and > that e2e secure binary JSON would be needed in some applications and > architectures. > > Is anyone aware of any work on securing binary JSON? > > John Mattsson > > > ---------------------------------------------------- > JOHN MATTSSON > MSc Engineering Physics, MSc Business Administration and Economics > Ericsson IETF Security Coordinator > Senior Researcher, Security > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
- [jose] Binary JSON Signing and Encryption John Mattsson
- Re: [jose] Binary JSON Signing and Encryption Carsten Bormann
- Re: [jose] Binary JSON Signing and Encryption Tim Bray
- Re: [jose] Binary JSON Signing and Encryption Richard Barnes
- Re: [jose] Binary JSON Signing and Encryption Mike Jones
- Re: [jose] Binary JSON Signing and Encryption Carsten Bormann
- Re: [jose] Binary JSON Signing and Encryption John Mattsson
- Re: [jose] Binary JSON Signing and Encryption Sergey Beryozkin
- Re: [jose] Binary JSON Signing and Encryption Hannes Tschofenig