Re: [jose] Canonical JSON form
David Waite <david@alkaline-solutions.com> Thu, 11 October 2018 01:42 UTC
Return-Path: <david@alkaline-solutions.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABFCA130DFB for <jose@ietfa.amsl.com>; Wed, 10 Oct 2018 18:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OboAZrr9G4Vp for <jose@ietfa.amsl.com>; Wed, 10 Oct 2018 18:42:45 -0700 (PDT)
Received: from alkaline-solutions.com (lithium5.alkaline-solutions.com [IPv6:2600:3c00::f03c:91ff:fe93:6974]) by ietfa.amsl.com (Postfix) with ESMTP id 542F5130DF3 for <jose@ietf.org>; Wed, 10 Oct 2018 18:42:44 -0700 (PDT)
Received: from [IPv6:2601:282:202:b210:f955:f038:a7d9:69e9] (unknown [IPv6:2601:282:202:b210:f955:f038:a7d9:69e9]) by alkaline-solutions.com (Postfix) with ESMTPSA id 230F53167C; Thu, 11 Oct 2018 01:42:44 +0000 (UTC)
From: David Waite <david@alkaline-solutions.com>
Message-Id: <BCEFDF86-4B11-4385-A7CB-35E52BF7364F@alkaline-solutions.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2708F5CF-41B5-462A-82D4-F6215B5D9E77"
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.100.42\))
Date: Wed, 10 Oct 2018 19:42:43 -0600
In-Reply-To: <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com>
Cc: Bret Jordan <jordan.ietf@gmail.com>, "jose@ietf.org" <jose@ietf.org>
To: "Manger, James" <James.H.Manger@team.telstra.com>
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com> <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com> <CAOASepM=hB_k7Syqw4+b7L2vd6E_J0DSAAW0mHYdLExBZ6VBuw@mail.gmail.com> <00ad01d460f4$69ae8a00$3d0b9e00$@augustcellars.com> <8436AEE7-B25A-4538-B8F6-16D558D9A504@gmail.com> <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.100.42)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/tEpDBUxUrbS-9KSa8g2oJ4-I4N8>
Subject: Re: [jose] Canonical JSON form
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 01:42:48 -0000
Even this I-D presents some interesting potential compatibility issues when round-tripping from canonical JSON to an internal representation and back, such as an implementation normalizing external text, or storing numbers in numerical types other than double. The bigger issue in the past has not been the body of work defining a canonicalization scheme, but that people did that in the past for XML signatures. It became a huge interoperability issue due not just to the complexity of the canonicalization scheme[s], but to the difficulty in detecting and dealing with modifications to the canonical form. This also gracefully went down the slipper slope to signing portions and even specific features of a document, and tooling needing to accommodate preserving canonical form when e.g. signed documents were placed inside other documents. -DW > On Oct 10, 2018, at 6:29 PM, Manger, James <James.H.Manger@team.telstra.com> wrote: > > https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme <https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme>
- [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Nathaniel McCallum
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Manger, James
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Neil Madden
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Sergey Beryozkin
- Re: [jose] Canonical JSON form Kathleen Moriarty
- Re: [jose] Canonical JSON form Phil Hunt
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Axel.Nennker
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Tim Bray
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Samuel Erdtman
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Jim Schaad
- Re: [jose] Canonical JSON form Carsten Bormann
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form David Waite
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] Canonical JSON form Anders Rundgren
- [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Jim Schaad
- Re: [jose] JWS Counter Signatures Anders Rundgren
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Nat Sakimura
- Re: [jose] JWS Counter Signatures Bret Jordan
- Re: [jose] JWS Counter Signatures Carsten Bormann
- Re: [jose] JWS Counter Signatures Phil Hunt
- Re: [jose] JWS Counter Signatures Benjamin Kaduk
- Re: [jose] Canonical JSON form Anders Rundgren
- Re: [jose] Canonical JSON form Bret Jordan