Re: [jose] canonical JSON

David Waite <david@alkaline-solutions.com> Tue, 19 February 2013 21:02 UTC

Return-Path: <david@alkaline-solutions.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1465E21F8A74 for <jose@ietfa.amsl.com>; Tue, 19 Feb 2013 13:02:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVCR0Ybz3OhZ for <jose@ietfa.amsl.com>; Tue, 19 Feb 2013 13:02:21 -0800 (PST)
Received: from alkaline-solutions.com (lithium5.alkaline-solutions.com [173.255.196.46]) by ietfa.amsl.com (Postfix) with ESMTP id 7A2FF21F8A71 for <jose@ietf.org>; Tue, 19 Feb 2013 13:02:21 -0800 (PST)
Received: from [10.1.1.100] (unknown [205.169.68.218]) by alkaline-solutions.com (Postfix) with ESMTPSA id 9098A315C0; Tue, 19 Feb 2013 21:07:12 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail=_34182363-A38F-46A1-9BD3-C992D21C587C"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: David Waite <david@alkaline-solutions.com>
In-Reply-To: <CAHBU6iu3soqk92j3tKpXNErFsgLm6SZ8V30A=Gf7DcbZCYFqkA@mail.gmail.com>
Date: Tue, 19 Feb 2013 14:02:20 -0700
Message-Id: <F818E19C-BD39-4F9E-A05C-13340067F947@alkaline-solutions.com>
References: <CAG8k2+4xaAUBPs=Kw-=eBHZNyOMs6VYByPEb1jnAv1aGjLupng@mail.gmail.com> <CABkgnnWzdoo6b0ZymF0cv_v9zOjJKTWuUhkWuxiA-cM9qgu0jg@mail.gmail.com> <CAG8k2+47GQXHhWBdqd82UEAPZUfAigYE-vwxpaMJm4F5i8098A@mail.gmail.com> <CAL02cgQ3Oh1D9qHW7XWAZqzmfnE5T6-FjNydjpMEMhaHf2d7Xw@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1150757902D@WSMSG3153V.srv.dir.telstra.com> <CAG8k2+5mVYJ6TgQHJ9juXEaWkfMteG6gV8w_dCoShP4-9fPqMA@mail.gmail.com> <CAL02cgRZkf8rR=gAuR6ZT61WCah3aWQNAq8d+GLWweehH7jN6A@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411513E85D@xmb-aln-x11.cisco.com> <4E1F6AAD24975D4BA5B1680429673943674774DA@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAHBU6iu3soqk92j3tKpXNErFsgLm6SZ8V30A=Gf7DcbZCYFqkA@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
X-Mailer: Apple Mail (2.1503)
Cc: Daniel Holth <dholth@gmail.com>, Richard Barnes <rlb@ipv.sx>, Mike Jones <Michael.Jones@microsoft.com>, jose <jose@ietf.org>, "Matt Miller \(mamille2\)" <mamille2@cisco.com>, "Manger, James H" <James.H.Manger@team.telstra.com>
Subject: Re: [jose] canonical JSON
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2013 21:02:22 -0000

I think JSON canonicalization and potential transforms could be a limiting factor in adoption. In terms of technical challenges (outside deciding on string normalization), I suspect some JSON implementations might break due to the use of integer types to represent non-floating-point numbers in their parsed data.  

As an example, the integer 9007199254740993 can't be represented in a Javascript Number type, as numbers are actually doubles. A 64-bit integer would have no problem representing it, however.

-David Waite

On Feb 19, 2013, at 1:50 PM, Tim Bray <tbray@textuality.com> wrote:

> My instinct, as the author of a reasonably popular library that generates canonical XML, is that JSON ought to be quite a bit easier.  But that’s only interesting if Mike is wrong and there aren’t better alternatives. -T
> 
> 
> On Tue, Feb 19, 2013 at 12:48 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> [Repeating this on the correct thread...]
> 
> I'm strongly against canonicalization.  The XML canonicalization experience was horrible and resulted in more interop bugs than any other aspect of XML DSIG, XML ENC, etc.  Let's not repeat the mistakes of our elders. ;-)
> 
> I also haven't seen a clear use case that canonicalization solves that can't be more easily solved another way.
> 
>                                 -- Mike