Re: [jose] JWK-specific key fingerprints?

Richard Barnes <rlb@ipv.sx> Mon, 18 February 2013 17:51 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F052421F8B0F for <jose@ietfa.amsl.com>; Mon, 18 Feb 2013 09:51:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.465
X-Spam-Level:
X-Spam-Status: No, score=-2.465 tagged_above=-999 required=5 tests=[AWL=0.511, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqXhJEi-vjgy for <jose@ietfa.amsl.com>; Mon, 18 Feb 2013 09:51:44 -0800 (PST)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com [209.85.214.178]) by ietfa.amsl.com (Postfix) with ESMTP id D381221F8AE7 for <jose@ietf.org>; Mon, 18 Feb 2013 09:51:43 -0800 (PST)
Received: by mail-ob0-f178.google.com with SMTP id wd20so5809407obb.37 for <jose@ietf.org>; Mon, 18 Feb 2013 09:51:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=4/+foqsHf+K6m85Ob+2p0SUNL/veIv1i/fe1bRf+hGU=; b=nMhcJ6PsSz5aqiEWvUCQmVNceJpVqvwqgV20VZClrg/v8GZyH8Kvenx3SoEgdRpeEf khIghJ9gbSVPWUv+UkRiREpHEIw+5+qF0SaOoo/EuHZzgeRVm0sBzv5eTTKz1yGN6UBY cSlYjQtoznfr3EmEyBQHbtI6sM82dOC1jOmSFiZHjS5doyQ0NzykFfbE+BKFesQljCWb ULJCt6+wlF5vkT7vLK/HgkhLVZNS73kzIY/EnQLqDJnzCRT2DuTHrqgnyC/LOGPVZwzy ymefI0fdZ/M0Ii6yYBRyxuNTPFoJH4fQozpgquUhhlXLGdGA7h+WH+3amrd8xgFI5W7E utHQ==
MIME-Version: 1.0
X-Received: by 10.60.8.199 with SMTP id t7mr6197513oea.26.1361209903335; Mon, 18 Feb 2013 09:51:43 -0800 (PST)
Received: by 10.60.7.132 with HTTP; Mon, 18 Feb 2013 09:51:43 -0800 (PST)
X-Originating-IP: [2606:4100:3880:2520:f035:6a9f:8a04:1595]
In-Reply-To: <CAG8k2+47GQXHhWBdqd82UEAPZUfAigYE-vwxpaMJm4F5i8098A@mail.gmail.com>
References: <CAG8k2+4xaAUBPs=Kw-=eBHZNyOMs6VYByPEb1jnAv1aGjLupng@mail.gmail.com> <CABkgnnWzdoo6b0ZymF0cv_v9zOjJKTWuUhkWuxiA-cM9qgu0jg@mail.gmail.com> <CAG8k2+47GQXHhWBdqd82UEAPZUfAigYE-vwxpaMJm4F5i8098A@mail.gmail.com>
Date: Mon, 18 Feb 2013 12:51:43 -0500
Message-ID: <CAL02cgQ3Oh1D9qHW7XWAZqzmfnE5T6-FjNydjpMEMhaHf2d7Xw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Daniel Holth <dholth@gmail.com>
Content-Type: multipart/alternative; boundary=e89a8ff1ce46c0cadc04d60360c2
X-Gm-Message-State: ALoCoQlqU+0VBiRi/CVVhbxuGYIE44/yiLD5zVGDUQ7xekkVIGI6A1GNuOpzdT6PDP7L7nKlRpGF
Cc: Martin Thomson <martin.thomson@gmail.com>, jose <jose@ietf.org>
Subject: Re: [jose] JWK-specific key fingerprints?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 17:51:45 -0000

Citation for Canonical JSON:
<http://wiki.laptop.org/go/Canonical_JSON>

I have implemented this in python.  It is surprisingly easy [1].
 Canonicalization has been anathema to this group, but I suspect largely
because people have been bitten by XML canonicalization, rather than
because JSON canonicalization has been tried and found difficult.

If we're going to go down this path, I would prefer Canonical JSON to
bencode, if only because bencode is an entirely different format to
implement.

Personally, given how easy canonicalization is to implement (it actually
requires fewer lines in my experience than base64!), it seems like a
sensible choice in general.  In particular, for the JSON serialization, it
would save some unnecessary base64 encoding that is currently required.  I
would be glad to contr

--Richard

[1] My own canonicalization, not sure if it matches the one linked above <
http://pastebin.com/ptUfn0c3>



On Tue, Feb 12, 2013 at 3:01 PM, Daniel Holth <dholth@gmail.com> wrote:

> On Tue, Feb 12, 2013 at 2:53 PM, Martin Thomson <martin.thomson@gmail.com>wrote;wrote:
>
>> On 12 February 2013 10:56, Daniel Holth <dholth@gmail.com> wrote:
>> > ... canonical json ....
>>
>> Isn't mention of canonical JSON a swear-jar offense?  Something needs
>> canonicalization, but JSON seems a poor candidate.
>>
>
> There is something called Canonical JSON. They take out all the
> whitespace, sort keys lexicographically, and only quote the " inside
> strings. It is used in the wild by the OLPC project I think.
>
> bencode is an easier to implement protocol that is used in bittorrent and
> yields a tiny write-only implementation if all you want to do is get unique
> hashes for the subset of JSON used by JWK.
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>