Re: [jose] Canonical JSON form

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 11 October 2018 18:06 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92A17130EB9 for <jose@ietfa.amsl.com>; Thu, 11 Oct 2018 11:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmSNaKYURf_0 for <jose@ietfa.amsl.com>; Thu, 11 Oct 2018 11:06:37 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66AA9130E82 for <jose@ietf.org>; Thu, 11 Oct 2018 11:06:37 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id p125-v6so7807592oic.3 for <jose@ietf.org>; Thu, 11 Oct 2018 11:06:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=apoRRhTQ76KrGUzRjTg+YF47FkgsddVt4ZvT/FN/l9k=; b=OCyV/0zI8swGaIJqUdEWvfd6/Y86d7gERSakgau08NAxESHVvvqi09MWQO/k+gbOqC APRvv1ecRes9k+iNK7unh1eG+riz6ACDZR8ZIjzWDiR1jH16o8uhnAR9Q3sVyfP7iZnD wBsgZI6TFqVeJtaOjM5knjjeZjPksge582tKySZ3o3IsQD8brzEq3U0ni+nOT25RwBTQ qH+tVMNVC0x3sHeabJG+CxBpi8jPl90WCpSD59KYYYKpt56GCoxNoZxlu2qwM+v6axwX xtfYJmkYt13csJuWli/d9EmCvsDESQbO4a42Aml/o7jfQwHUmOKjtzSNoe9LwhQOH2EJ Az/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=apoRRhTQ76KrGUzRjTg+YF47FkgsddVt4ZvT/FN/l9k=; b=dcl3QLG5JthWMAbksJ9bhikQCF/HkXcPDb978h0d4MTeIrEcIEltDTdgFcINZEOYiO SLEnzEjWoPHSFlm1setM7UQWSsbiLA8BnnGpEQIRLc89+7BKnT4gWlVA/q+76iNukqHS BTsq4TxXXKSy4XfJO2Omw78+x78kRfKmM4rulVvFQ5HT1WvpQDV8tD4cGLqnPXUCCye4 MpqkZRxjJTf4xxNSeKZlfH37hkPkE0V7xOxtkc5sqFyuN2ypNtqEsu9G5e1jd+SojjyV UtImdNB9D7Ldg8WYhvlRByxtt/24uYx5JYZw/5uEOqCvfx5ssaCfYnAx3NLtMItzvPkV Kcew==
X-Gm-Message-State: ABuFfogzRRVy7S7d0+ZMAlz8Je14qgs6qnOx8duLO78vtn/UlreYtB+6 feJ+uuANOBNFOLSOl2pGLmYBpPRDlZtta7quO5k=
X-Google-Smtp-Source: ACcGV63w/yyT9EhPYvOtx5mgB3qn83dGcYdFKvdkFGAlHkCdZnCv5sVDzm1L91uNwcNs1Wtc29uWHQpKNeZtTF8BOAM=
X-Received: by 2002:aca:e501:: with SMTP id c1-v6mr1406312oih.281.1539281196622; Thu, 11 Oct 2018 11:06:36 -0700 (PDT)
MIME-Version: 1.0
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com> <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com> <CAOASepM=hB_k7Syqw4+b7L2vd6E_J0DSAAW0mHYdLExBZ6VBuw@mail.gmail.com> <00ad01d460f4$69ae8a00$3d0b9e00$@augustcellars.com> <8436AEE7-B25A-4538-B8F6-16D558D9A504@gmail.com> <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com> <CAHbuEH6DCD7Zc+PK3TnCBkKv1esnROwyCcDb8ZR+TKwgQQ+yXQ@mail.gmail.com> <0E6BD488-74D5-4640-BC31-5E45B0531AFC@gmail.com>
In-Reply-To: <0E6BD488-74D5-4640-BC31-5E45B0531AFC@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 11 Oct 2018 14:06:00 -0400
Message-ID: <CAHbuEH5oH-Km6uAjrSr0pEHswFBLuDpfVweQ+gpj472yk+8iTQ@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: "Manger, James" <James.H.Manger@team.telstra.com>, jose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ef2af20577f7d463"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ibXopzLuraRL1qFxdgXAiffGLFw>
Subject: Re: [jose] Canonical JSON form
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 18:06:41 -0000

Hi Bret,

JOSE is closed, so a new WG would have to be formed if this were to be done
in a WG.  That might be reopening JOSE or something else.  Another
possibility is for James to try to progress his existing draft and
determine interest.  Has it been presented at SecDispatch yet to gauge
interest and uncover problems?

You could also consider alternate solutions.  The problems cited were
problems with XML already.  Since RID defined the same capability, you
could test out interoperability using RID in XML more extensively as you'd
be mapping the same functionality into JSON.  This would give you in your
new effort feedback into design considerations and help you determine if
you really want to go this route or perhaps some other solution may be
preferred (see Neil's message).  In any case, more work should be done
before a new WG around canonicalization is performed IMO, but I am also no
longer an AD, so advice from current ones may vary :-)

Best,
Kathleen

On Thu, Oct 11, 2018 at 1:24 PM Bret Jordan <jordan.ietf@gmail.com> wrote:

> Kathleen,
>
> From your comments I take it is okay then to do a draft proposal in
> another WG and then have this mailing list review it?  Would we then
> restart JOSE if the draft was good to have it standardized in JOSE or just
> some other WG?
>
> I just want to be sensitive to the work that has already been done and
> build on it.  I also do not want to do things that are “bad form”.  We are
> all in this boat together, and I just want to work with everyone to row in
> the same direction.
>
> BTW, I have spoken with a few other vendors and service providers and they
> are also very interested in this work as it would solve a lot of problems
> they have or are seeing.
>
> Thanks,
> Bret
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
> can not be unscrambled is an egg."
>
> On Oct 10, 2018, at 7:47 PM, Kathleen Moriarty <
> kathleen.moriarty.ietf@gmail.com> wrote:
>
> Bret,
>
> You could define it within a draft in a different working group other than
> JOSE and ask for reviewers from JOSE to review and comment to catch
> problems.  Although already described above, there are issues with this and
> JSON, which is why the WG didn't want to do canonicalization.
>
> I'm assuming you want to do basically what was done for RID in XML using
> JSON.  You may want to look at the set of possibilities to replicate as
> they are all likely needed with what you are trying to do or just as part
> of your gap analysis.
>
> https://tools.ietf.org/html/rfc6545#section-9.1
> Also look at 9.3.1 and 9.3.2 as you're likely to also need multi-hop
> authentication too.
>
> To David's point in the message that follows this (came in while typing),
> RID signed portions of the message to enable interoperability and you are
> likely to need to do very similar things that are described in RID related
> to the policy work I had previously mentioned for your gap analysis as
> being similar functionality.  If you haven't looked at that part of the
> document, I think it will be helpful.
>
> Best regards,
> Kathleen
>
>
>
> On Wed, Oct 10, 2018 at 8:29 PM Manger, James <
> James.H.Manger@team.telstra.com> wrote:
>
>> https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme
>>
>> is a decent attempt at JSON canonicalization (and an appendix lists a few
>> other attempts).
>>
>> This one sorts object members based on their UTF-16 encoding (without
>> escapes), and assumes double precision floats is the model for numbers.
>>
>>
>>
>> --
>>
>> James Manger
>>
>>
>>
>> *From:* jose [mailto:jose-bounces@ietf.org] *On Behalf Of *Bret Jordan
>> *Sent:* Thursday, 11 October 2018 11:02 AM
>> *To:* Jim Schaad <ietf@augustcellars.com>
>> *Cc:* Nathaniel McCallum <npmccallum@redhat.com>om>; jose@ietf.org
>> *Subject:* Re: [jose] Canonical JSON form
>>
>>
>>
>>
>> Other implementations say that you should preserver the order of the
>> fields you read when serialized which is part of JSON for the browser
>> implementations but not necessarily elsewhere.
>>
>>
>>
>> Preserving order is hard.  Depending on your programming language you
>> might be deserializing the content in to a struct or you may be using a
>> map.
>>
>>
>>
>> What I need is a way for individuals and organizations to be able to pass
>> around and share JSON data and collaboratively work on that JSON data and
>> sign the parts that they have done.
>>
>>
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Bret
>>
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>>
>> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
>> can not be unscrambled is an egg."
>>
>>
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>
>
> --
>
> Best regards,
> Kathleen
>
>
>

-- 

Best regards,
Kathleen