IETF Logo Mail Archive

Re: [Json] Kicking Off JSONbis

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 12 November 2015 05:22 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF231AC43A for <json@ietfa.amsl.com>; Wed, 11 Nov 2015 21:22:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JEaB5H8J5_sT for <json@ietfa.amsl.com>; Wed, 11 Nov 2015 21:22:39 -0800 (PST)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D81FB1AC438 for <json@ietf.org>; Wed, 11 Nov 2015 21:22:38 -0800 (PST)
Received: by wmww144 with SMTP id w144so72527946wmw.0 for <json@ietf.org>; Wed, 11 Nov 2015 21:22:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=cpgfuGTTQdwiTqjg9/ls2MrqwbIcnUm3aOS5bGDgdW0=; b=ITYC6fHO6scefeyEPDsV6r5IhshBch1WnE2wkqoZAhtxtUvNjOlLfoqps63f8kd3mR R4790I0CrS6qYvJP1ZpNK3MPz9uu/3FF4rE//8nTUyJHa/xG5lFJe10fRc5gOIBLG+jE DjPzx97ld/Y0Wk76Ae9nppxWU1hZZB59pZyAFlKCgra3EZqTilfnod1xzAD/BZYUCgvz AMjM2+OZCAwAVismYWTfgO9bCFx8IB091kj3sr+FKX8+dpGwOMI1q2eZLzNA0+rlhK2z QuNAKetVwH7ExXzHro5nPZeQosmJegiKSEccMuchfvCdSj1T6GtKMqlbvooIVrHYuB7M CnOg==
X-Received: by 10.194.192.106 with SMTP id hf10mr13978267wjc.131.1447305757344; Wed, 11 Nov 2015 21:22:37 -0800 (PST)
Received: from [192.168.1.79] (148.198.130.77.rev.sfr.net. [77.130.198.148]) by smtp.googlemail.com with ESMTPSA id t126sm12977227wmd.23.2015.11.11.21.22.36 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Nov 2015 21:22:36 -0800 (PST)
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Carsten Bormann <cabo@tzi.org>
References: <DB74C466-D542-42D6-95B0-690A564435A9@cisco.com> <CAC4RtVD3cKThDTr_eS-QCUhKqZkMS0y+nPS5HxCk3f1RQ7VyJQ@mail.gmail.com> <CAHBU6iv_w_O95Nq-bU1z2GOKgouuGrMbZP4Uwio25pPtFCc3UQ@mail.gmail.com> <CALaySJ+==5_mstrgHEd7bUGzSo85Er9VR_zEaJ+gh-O+zSpK=w@mail.gmail.com> <88A80A45-E673-4D0A-995B-3872874C23AE@cisco.com> <CALaySJJ01gEoHqZ4ehVHzv8mqD1CXKV3Ave3yQPrgrAGe4yckg@mail.gmail.com> <CAHBU6iuxBvn3ug9LwcK9gvrQDLr1uz=3NCrcrZaejF2iUwiLVA@mail.gmail.com> <CAChr6SzuxZrCJ+Gfc9LkKX88SetAOTp3GpxpxVF1CmmT3j5MoQ@mail.gmail.com> <56241BFE.5080609@tzi.org> <2DB105A8-AB80-4386-915D-D9AD1FBF77AD@cisco.com> <56342E23.6000509@tzi.org> <563B15AD.3070309@it.aoyama.ac.jp> <563B17FF.5050002@gmail.com> <FF6B7829-0FA5-42D5-848D-B279069376C8@cisco.com> <56421902.8040001@gmail.com> <313EF0F9-0DC4-432B-9904-1E8B4C483EA9@cisco.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <56442216.6080802@gmail.com>
Date: Thu, 12 Nov 2015 06:22:30 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <313EF0F9-0DC4-432B-9904-1E8B4C483EA9@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/json/2ieFOOyV90WyW5j7DssVLLnqmP4>
Cc: "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] Kicking Off JSONbis
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 05:22:40 -0000

On 2015-11-11 22:31, Joe Hildebrand (jhildebr) wrote:
> On 11/10/15, 9:19 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com> wrote:
<snip>
>>
>> My target application has since mid-2013 been a JSONesque counterpart
 > to XML's enveloped signatures but without getting bogged down by complex,
 > stand-alone canonicalizers.  The latest developments seem to verify that
 > the most difficult part of JSON (Numbers), also are properly canonicalized
 > by the majority (but not all) ES6 implementations.  This enables very simple
 > and efficient "in-object" JavaScript and JSON signatures which only rely on
 > standard JavaScript for creating and manipulating objects and the built-in
 > JSON parse/stringify methods for parsing and serialization respectively:
>>
>> https://mailarchive.ietf.org/arch/msg/jose/s5TdEtfOdQ0z3Qmtij2yXemZW-A
>
> Oh!  You're relying on the parsing and serializing code to be parallel,
 > such that the parser maintains order, and the serializer repeats that order on output.
>
> Interesting.  However, that would be a major change to the JSON spec (that would
 > necessitate changes to LOTS of existing code, at a performance or memory penalty).
 > It also took me a good amount of time to track down even in the ECMAscript
 > doc - so I don't think you can expect most folks reading ECMA-404 to figure this
 > out either.  If you really want interoperability, there's nothing stopping you
 > from doing something like I-JSON that says an ordered-json is JSON, except for
 > some other constraints.

The depicted signature runs without hiccups in Chrome, Firefox, Safari, and of course
in the Java reference implementation which generated it. The current alternative
is using JWS which encapsulates (=hides) data in Base64 which is perfectly OK for
some applications but (IMO) slightly less appetizing for things like Web Payments.

The genie is out of the bottle and now it is time to wish something :-)

Anders

v2.23.0 | Report a Bug | By Email