Re: [jose] JWK-specific key fingerprints?

Daniel Holth <dholth@gmail.com> Tue, 12 February 2013 20:01 UTC

Return-Path: <dholth@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1964B21F8E18 for <jose@ietfa.amsl.com>; Tue, 12 Feb 2013 12:01:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OsY5lTgQu12N for <jose@ietfa.amsl.com>; Tue, 12 Feb 2013 12:01:22 -0800 (PST)
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48]) by ietfa.amsl.com (Postfix) with ESMTP id 1FCEF21F8E77 for <jose@ietf.org>; Tue, 12 Feb 2013 12:01:17 -0800 (PST)
Received: by mail-wg0-f48.google.com with SMTP id 16so370107wgi.15 for <jose@ietf.org>; Tue, 12 Feb 2013 12:01:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=meTEOU5fQ5IbHhJIlz/ElABnXdxfTa+ZOpPnn/QQZew=; b=uVvm2fYupAYILjDw+1DLnMCkc3BZ/6miquYlVhyfXRzr5R+nAjkwoRF+koH8DhRmbB D3mGFTJQgPrirRny/HJTi+tJWmJF6LYVUoeTPBb2UVux699Ouw9Bx2iROSq0V8ETcbFj aQG4Tpd81MSd2lzajph02Aj0WF0B/xUg5SGpSchYvMGIGBzOU7q4Pi3yNIHYnya3FONB SrHxlUQ+iYYbJrl75an4M6LKwUGoRQLuSxQZhg91KDAghFna87jGrVqZKshKC4ZBiG8q aCnHjFObI/a6WEprdATTABt7GjkqlKo/3+I+j5PSVIOSC8OHH7aq80Bvmy6b4eJx/jr6 vZ5A==
MIME-Version: 1.0
X-Received: by 10.180.7.232 with SMTP id m8mr5580039wia.8.1360699277268; Tue, 12 Feb 2013 12:01:17 -0800 (PST)
Received: by 10.195.12.70 with HTTP; Tue, 12 Feb 2013 12:01:17 -0800 (PST)
In-Reply-To: <CABkgnnWzdoo6b0ZymF0cv_v9zOjJKTWuUhkWuxiA-cM9qgu0jg@mail.gmail.com>
References: <CAG8k2+4xaAUBPs=Kw-=eBHZNyOMs6VYByPEb1jnAv1aGjLupng@mail.gmail.com> <CABkgnnWzdoo6b0ZymF0cv_v9zOjJKTWuUhkWuxiA-cM9qgu0jg@mail.gmail.com>
Date: Tue, 12 Feb 2013 15:01:17 -0500
Message-ID: <CAG8k2+47GQXHhWBdqd82UEAPZUfAigYE-vwxpaMJm4F5i8098A@mail.gmail.com>
From: Daniel Holth <dholth@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=f46d044287921155c804d58c7dcf
Cc: jose <jose@ietf.org>
Subject: Re: [jose] JWK-specific key fingerprints?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 20:01:23 -0000

On Tue, Feb 12, 2013 at 2:53 PM, Martin Thomson <martin.thomson@gmail.com>wrote;wrote:

> On 12 February 2013 10:56, Daniel Holth <dholth@gmail.com> wrote:
> > ... canonical json ....
>
> Isn't mention of canonical JSON a swear-jar offense?  Something needs
> canonicalization, but JSON seems a poor candidate.
>

There is something called Canonical JSON. They take out all the whitespace,
sort keys lexicographically, and only quote the " inside strings. It is
used in the wild by the OLPC project I think.

bencode is an easier to implement protocol that is used in bittorrent and
yields a tiny write-only implementation if all you want to do is get unique
hashes for the subset of JSON used by JWK.