[Json] Browser Polyfill. Re: I-D: draft-rundgren-json-canonicalization-scheme-00
Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 17 March 2018 18:58 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE0F12D86B for <json@ietfa.amsl.com>; Sat, 17 Mar 2018 11:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiY1qB2K9DnU for <json@ietfa.amsl.com>; Sat, 17 Mar 2018 11:58:24 -0700 (PDT)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9646412D868 for <json@ietf.org>; Sat, 17 Mar 2018 11:58:23 -0700 (PDT)
Received: by mail-wr0-x230.google.com with SMTP id s18so14652972wrg.9 for <json@ietf.org>; Sat, 17 Mar 2018 11:58:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=Vpb2O/gI/dYtvxZYAX+n+z44CvRNXI6cD7QZz4YuAJE=; b=kCJHO9m+3Iz7zTmfxMX+vwCGQaMwbdwBQ8SwOmNQYEjzLmSwye6Ob34qBYqzgT4th/ IrvFLOL+q4Bf58xr+S9mbGPduirnYzPzB9bSP3qLFnKDpmMUC6063boowZEd95aaPX/e T7X+afpj/nbrbBGqb2Kac0p24UpjZjcuYoGPLc1gY/z6j7e2cPyrflTlCg0WesSOHtWv p7isehB/gNh8zJErNBqeLDEV2UgF90gVdwlmQQdhfEjJtIZX8Hfn/Og4/ELAhV99fu6G 9nqWljxPohhG38r2F19fJQ014JIXW0d9Rn8uvmCe8sUxDKv49r4337asSdEhu+T/q0ZG Y9bQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=Vpb2O/gI/dYtvxZYAX+n+z44CvRNXI6cD7QZz4YuAJE=; b=hGNGGsKyk+CkJy0jQmJOeP1nhspfDgouadk4ALAK5a7dWF1GLVHN0uwBBfHaJe4/m0 RhHUGQsdxXlRGWW0s86bgBI9+Y2mObL7DM2uhyEgBmi7n+zdKUAP3BRY3WIqoRfut10h Qcu9jtxvjJ6wBae+wMpPi52gQljj/kqOWJNutUSITqK49vWw5IBYyAQ70IjLTLUS8SDu kyFTt8sWBsxdqi3t+D3v479v0RYP6YF4SjUea92uB7Ugtjghw/1mx2dqWf9eMcRFC0SN HBzbHmudr3MQBwTdBTXQUUhjmEO0F/fWzqEV3PsTDAGJR2Tw8MeNtlOAkaOdzLGn4DeR zEAA==
X-Gm-Message-State: AElRT7FaJO4mOByEzY8KzpUXjpH336cLIA2mjhnvBuT0S0BG8Hew998c hiy8Yc29k+RYOB00QpgSLGOjFw==
X-Google-Smtp-Source: AG47ELuw64BRjGh4a9MDD0cFU0JUlvV1ppVQ++KToB9aBQrPH8CTzdC2z0RwNrrfxP8eFKgr6O7Y2Q==
X-Received: by 10.223.195.206 with SMTP id d14mr5470751wrg.0.1521313101738; Sat, 17 Mar 2018 11:58:21 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id 142sm10815067wmq.47.2018.03.17.11.58.19 for <json@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Mar 2018 11:58:20 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "json@ietf.org" <json@ietf.org>
References: <65d998cb-8aed-205b-98bd-ac1297310a50@gmail.com>
Message-ID: <bf013bf4-087c-d529-9473-e7a511b79869@gmail.com>
Date: Sat, 17 Mar 2018 19:58:18 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <65d998cb-8aed-205b-98bd-ac1297310a50@gmail.com>
Content-Type: multipart/alternative; boundary="------------35E866BC5555AB8A22FE0170"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/-hjkus912kG31ru7PQPpqTVLsJ0>
Subject: [Json] Browser Polyfill. Re: I-D: draft-rundgren-json-canonicalization-scheme-00
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2018 18:58:26 -0000
https://cyberphone.github.io/doc/security/browser-json-canonicalization.html On 2018-03-16 06:46, Anders Rundgren wrote: > No, this I-D has not yet been submitted to the IETF but it is available anyway :-) > > Abstract > > Cryptographic operations like hashing and signing depend on that the > target data does not change during serialization, transport, or > parsing. By applying the rules defined by JCS (JSON Canonicalization > Scheme), data provided in the JSON [RFC8259] format can be exchanged > "as is", while still being subject to secure cryptographic > operations. JCS achieves this by exploiting the strict operation of > the JSON serialization method defined in ECMAScript beginning with > version 6 [ES6]. > > The intended audiences of this document are JSON tool vendors, as > well as designers of JSON based cryptographic solutions. > > Current draft: > https://cyberphone.github.io/doc/security/draft-rundgren-json-canonicalization-scheme.html > > Workspace: > https://github.com/cyberphone/json-canonicalization > > I would be VERY happy to get some feedback on this! > If you have any interest in co-authoring, I'm open to suggestions. > > Thanx, > Anders > > // ES6 based JSON canonicalizer > 'use strict'; > var canonicalize = function(object) { > > var buffer = ''; > serialize(object); > return buffer; > > function serialize(object) { > if (object !== null && typeof object === 'object') { > if (Array.isArray(object)) { > buffer += '['; > let next = false; > // Array - Maintain element order > object.forEach((element) => { > if (next) { > buffer += ','; > } > next = true; > // Recursive call > serialize(element); > }); > buffer += ']'; > } else { > buffer += '{'; > let next = false; > // Object - Sort properties before serializing > Object.keys(object).sort().forEach((property) => { > if (next) { > buffer += ','; > } > next = true; > // Properties are just strings - Use ES6 > buffer += JSON.stringify(property); > buffer += ':'; > // Recursive call > serialize(object[property]); > }); > buffer += '}'; > } > } else { > // Primitive data type - Use ES6 > buffer += JSON.stringify(object); > } > } > };
- [Json] I-D: draft-rundgren-json-canonicalization-… Anders Rundgren
- [Json] Browser Polyfill. Re: I-D: draft-rundgren-… Anders Rundgren
- Re: [Json] I-D: draft-rundgren-json-canonicalizat… Anders Rundgren