Re: [jose] Canonical JSON form
Bret Jordan <jordan.ietf@gmail.com> Thu, 11 October 2018 14:33 UTC
Return-Path: <jordan.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01F9130E97 for <jose@ietfa.amsl.com>; Thu, 11 Oct 2018 07:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFZA8DC9cuBX for <jose@ietfa.amsl.com>; Thu, 11 Oct 2018 07:33:01 -0700 (PDT)
Received: from mail-yw1-xc2c.google.com (mail-yw1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 360C3130E95 for <jose@ietf.org>; Thu, 11 Oct 2018 07:33:01 -0700 (PDT)
Received: by mail-yw1-xc2c.google.com with SMTP id a197-v6so3656162ywh.9 for <jose@ietf.org>; Thu, 11 Oct 2018 07:33:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=jTbP0x6+Bmec76wqQ1WcBwb/8b9lSBKqQrbSIn4ItHg=; b=A4ZFGVNN6zUl//EZJbtdxFPJ4Bi6TmEVRwIjAq9+d/Z/SbvdN0hXeCz6m597iwi0R8 IV6eaFBwMBhe2Jl3J+Qnci7eiqeQaW0Ke7+X1ShgyMAGgeDqfYkJkO9gysd/rbsXhMxA KHIvwC5z+nPDRN990hBvfvezk76tohdn7EPsJVk7Z8kY6AjEOKo6rn89eR22lESfodN8 RSnu+1bY7XodLF/reWVgvjFEylLFhuySfADj7XTcQEw0TPW1+DqPPym9kr+Lfn8eeLop KERPe4tgg0ueB65MZMpiiQvhldzRS3mqgJcwsambztO7OPHHK7C3UV8tnEdG/eCUAysk YM6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=jTbP0x6+Bmec76wqQ1WcBwb/8b9lSBKqQrbSIn4ItHg=; b=ErN3tKg3KJQiVWfG4ssg80ULSbfRWSvRl8dtdhy5pYofRQ2RLg9pxxoOGUM/RANLyj NvkbPXeLdVgl0QBUZjLHU+qS6iEZUxMs2ycTJQQtKjtDSL43OFXtiWiJZJ6YH3dQlaEb 171gQypvx+W13Qpl14HIIN4b7pIhOqOJBkW3I1lz48tWX4um4R8xGEdqbk06DmGg2gXt vtsEtGCMuQSm3d2516mjyDZM0KOHNAb2lxbN6Pyo9qd4j0QlA/Hs4g29GRV0r2dRWDpY XPAN+J2R5HZQ6Z6rC1Eg/Y8hmQfgbADkADdynfVrP3kdAh0LrDLjbysUur/k3hZZqmSI TJdQ==
X-Gm-Message-State: ABuFfogUJVcRTIlDe3kWm0js4W58IHr2DYyjtp4yBVQBUReRmLFI0PCg FAEbHYbc4nmfCql31wzp0w1OMb8F
X-Google-Smtp-Source: ACcGV60yWqOSoiLkFrKmg37oQp2taILvlkisDjT7Lyh1IeSjGhDGwAGLm5i2bvL2CKSTBn6rAgY+BA==
X-Received: by 2002:a0d:df8d:: with SMTP id i135-v6mr953566ywe.349.1539268380496; Thu, 11 Oct 2018 07:33:00 -0700 (PDT)
Received: from ?IPv6:2605:a601:3260:266:7534:8ac9:bb4c:ce9d? ([2605:a601:3260:266:7534:8ac9:bb4c:ce9d]) by smtp.gmail.com with ESMTPSA id s3-v6sm11094028ywc.72.2018.10.11.07.32.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 07:32:59 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <797C369C-519D-48CE-B544-C68F156FCA33@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CEE600C9-87E0-417B-AF6C-06E0D7407492"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Thu, 11 Oct 2018 08:32:20 -0600
In-Reply-To: <CAHbuEH6DCD7Zc+PK3TnCBkKv1esnROwyCcDb8ZR+TKwgQQ+yXQ@mail.gmail.com>
Cc: "Manger, James" <James.H.Manger@team.telstra.com>, jose@ietf.org
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com> <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com> <CAOASepM=hB_k7Syqw4+b7L2vd6E_J0DSAAW0mHYdLExBZ6VBuw@mail.gmail.com> <00ad01d460f4$69ae8a00$3d0b9e00$@augustcellars.com> <8436AEE7-B25A-4538-B8F6-16D558D9A504@gmail.com> <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com> <CAHbuEH6DCD7Zc+PK3TnCBkKv1esnROwyCcDb8ZR+TKwgQQ+yXQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/VxOaEbINqsOVi7XPTOEfYqdg8bY>
Subject: Re: [jose] Canonical JSON form
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 14:33:05 -0000
Awesome advise. Thanks. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 7:47 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > Bret, > > You could define it within a draft in a different working group other than JOSE and ask for reviewers from JOSE to review and comment to catch problems. Although already described above, there are issues with this and JSON, which is why the WG didn't want to do canonicalization. > > I'm assuming you want to do basically what was done for RID in XML using JSON. You may want to look at the set of possibilities to replicate as they are all likely needed with what you are trying to do or just as part of your gap analysis. > > https://tools.ietf.org/html/rfc6545#section-9.1 <https://tools.ietf.org/html/rfc6545#section-9.1> > Also look at 9.3.1 and 9.3.2 as you're likely to also need multi-hop authentication too. > > To David's point in the message that follows this (came in while typing), RID signed portions of the message to enable interoperability and you are likely to need to do very similar things that are described in RID related to the policy work I had previously mentioned for your gap analysis as being similar functionality. If you haven't looked at that part of the document, I think it will be helpful. > > Best regards, > Kathleen > > > > On Wed, Oct 10, 2018 at 8:29 PM Manger, James <James.H.Manger@team.telstra.com <mailto:James.H.Manger@team.telstra.com>> wrote: > https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme <https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme> > is a decent attempt at JSON canonicalization (and an appendix lists a few other attempts). > > This one sorts object members based on their UTF-16 encoding (without escapes), and assumes double precision floats is the model for numbers. > > > > -- > > James Manger > > > > From: jose [mailto:jose-bounces@ietf.org <mailto:jose-bounces@ietf.org>] On Behalf Of Bret Jordan > Sent: Thursday, 11 October 2018 11:02 AM > To: Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com>> > Cc: Nathaniel McCallum <npmccallum@redhat.com <mailto:npmccallum@redhat.com>>; jose@ietf.org <mailto:jose@ietf.org> > Subject: Re: [jose] Canonical JSON form > > > > > Other implementations say that you should preserver the order of the fields you read when serialized which is part of JSON for the browser implementations but not necessarily elsewhere. > > > > Preserving order is hard. Depending on your programming language you might be deserializing the content in to a struct or you may be using a map. > > > > What I need is a way for individuals and organizations to be able to pass around and share JSON data and collaboratively work on that JSON data and sign the parts that they have done. > > > > > > > > Thanks, > > Bret > > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > > > > > > _______________________________________________ > jose mailing list > jose@ietf.org <mailto:jose@ietf.org> > https://www.ietf.org/mailman/listinfo/jose <https://www.ietf.org/mailman/listinfo/jose> > > > -- > > Best regards, > Kathleen
- [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Manger, James
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Neil Madden
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Sergey Beryozkin
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Phil Hunt
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Axel.Nennker
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Jim Schaad
- Re: [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Nat Sakimura
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Carsten Bormann
- Re: [jose] JWS Counter Signatures Phil Hunt
- Re: [jose] JWS Counter Signatures Benjamin Kaduk
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan