Re: [jose] Canonical JSON form
Bret Jordan <jordan.ietf@gmail.com> Wed, 10 October 2018 20:49 UTC
Return-Path: <jordan.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D073D128CB7 for <jose@ietfa.amsl.com>; Wed, 10 Oct 2018 13:49:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gp_8vu-hmrMa for <jose@ietfa.amsl.com>; Wed, 10 Oct 2018 13:49:32 -0700 (PDT)
Received: from mail-yw1-xc33.google.com (mail-yw1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86376128A6E for <jose@ietf.org>; Wed, 10 Oct 2018 13:49:32 -0700 (PDT)
Received: by mail-yw1-xc33.google.com with SMTP id v198-v6so2727615ywg.12 for <jose@ietf.org>; Wed, 10 Oct 2018 13:49:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=R3L8+GUjQgiulE/MnLD77KLnVMjw1+jUeRxWSaFtQ8o=; b=RbX+5+k5aRlhe3jG6makCJ5LOnvsL1vegijlpm60Myl+XvP/Pqfk02I1+3EA7olCiN kFxgySZBpBYGVK3UWY44+XXhd/OKhUlLBpKw7o6sx2eSsD/FTI67FN1YVKG3RA6moRtD dBiXmpohJO58rV19Kt9T/jjXKS7Jul977xOeyOJE7waZc1881hCpNfS9o7a50+aU1cYK 6F2WUWArui3tZ5uG5EmBuFEvU95FKOAmNoG/hEgIeHHg0Wn1pe0B9/exHLayth3D2d+/ p1A9KY5YPNUKgC6NBSFNTl0xBDLLRHGpb4+tdWnzpMI67Z/sq/Nja+JV8PMNq8jQ5iWN VqTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=R3L8+GUjQgiulE/MnLD77KLnVMjw1+jUeRxWSaFtQ8o=; b=gsQ01d4mFBbv6Jq+uiBVMHOphgYCm4QijrrLb/yLQ9+lEQDrUjE7TtzEvZ0VthjS2V VFEgGLSKp45nB9Efc2gQKktJ6LxTb3ar6uLt828URY4Nn4sHOKgFhj8yJTUFKtGq8gEM R5f+oMOeVbRjR8nS3AEcEkGCsyRN3vxSP8x9AwLlpyB/2kkjglixaIpSIDrYSyNQTNkM IIJQxsP+DK32KFTtLDFU8syvmv2+aovIQzZHhL9ab+vB+T2RW/kAt/R+C1QD72G5f76B yi8ZUnVBRJIsxGoLdx/pQLhFtd/yiLAM87DAt9vO9OV4mMj+emclNUosj3E2pqXS87yi b6Lg==
X-Gm-Message-State: ABuFfojv5BqVGx8EiR1TNzDodB5b04C+RNKnJzrxqPjjY0DsvL4zsLyD o6E2WpcZVwNe9/qJVvlV8q8=
X-Google-Smtp-Source: ACcGV63KD7YonWjyhgHy96ZnR/41M6MBMWH+OfcaTgMw987kaxwRTNRIwrruM2GPMuvZ0x51+H7z7g==
X-Received: by 2002:a81:6702:: with SMTP id b2-v6mr19822870ywc.94.1539204571676; Wed, 10 Oct 2018 13:49:31 -0700 (PDT)
Received: from ?IPv6:2605:a601:3260:266:11d5:fada:d8f3:ba5c? ([2605:a601:3260:266:11d5:fada:d8f3:ba5c]) by smtp.gmail.com with ESMTPSA id l30-v6sm34154099ywa.104.2018.10.10.13.49.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Oct 2018 13:49:30 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0E521857-575A-4954-8D73-3FB98CD91970"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 10 Oct 2018 14:48:52 -0600
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com>
To: Nathaniel McCallum <npmccallum@redhat.com>, jose@ietf.org
In-Reply-To: <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com>
Message-Id: <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ZktAaiLdLHKyS79Ihoxd_TQmO6s>
Subject: Re: [jose] Canonical JSON form
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2018 20:49:35 -0000
Would this WG be open to working on a solution to sign JSON (not a byte stream) and define a canonical representation for said JSON? Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 1:15 PM, Nathaniel McCallum <npmccallum@redhat.com> wrote: > > JWS signs a byte stream, not JSON. If you want to use a JWS to sign > JSON data it is your responsibility to ensure that both sides produce > an equivalent byte stream. > On Wed, Oct 10, 2018 at 3:04 PM Bret Jordan <jordan.ietf@gmail.com> wrote: >> >> Dear WG, >> >> I was reading through RFC 7515 to see if it would work for a project I am working on. Basically the need to sign and resign a JSON object. However, in RFC 7515 there does not seem to be any definition for serializing a canonical form of JSON. This means that two organizations that serialize it differently would produce two different signatures. >> >> Super simple example >> >> { “type” : “house”, “size” : “1000 sq feet” } >> >> >> >> Or >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> >> Or >> >> {“type”:“house”,“size”:“1000 sq feet”} >> >> >> >> Or (tabs not spaces) >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> All four of these JSON structures would produce a different signature as defined by RFC 7515. What am I missing? >> >> >> Thanks, >> Bret >> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 >> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose
- [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Manger, James
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Neil Madden
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Sergey Beryozkin
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Phil Hunt
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Axel.Nennker
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Jim Schaad
- Re: [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Nat Sakimura
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Carsten Bormann
- Re: [jose] JWS Counter Signatures Phil Hunt
- Re: [jose] JWS Counter Signatures Benjamin Kaduk
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan