Re: [Json] RFC 8785 - JSON Canonicalization Scheme

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 06 July 2020 13:57 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46E03A1515 for <json@ietfa.amsl.com>; Mon, 6 Jul 2020 06:57:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xEjLV79VtDLP for <json@ietfa.amsl.com>; Mon, 6 Jul 2020 06:57:30 -0700 (PDT)
Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 937D73A1510 for <json@ietf.org>; Mon, 6 Jul 2020 06:57:30 -0700 (PDT)
Received: by mail-wm1-x344.google.com with SMTP id l17so39483354wmj.0 for <json@ietf.org>; Mon, 06 Jul 2020 06:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=3n7VX37dlkpJW3xqkZq8yOjn0KG66Ge21erq9RE9BYY=; b=lIut0F8q0ezMSH0AtnN0PpaXyF5rcSSuQuAXoN9i28wqX3j4/IQzUgboE1Vd+E8oMX 9q8vFFEttSio504Y5Ejbh2y0dLhm1ctOZyoOmZL+qFBLPpkSPl3v6A1GURe6Y23C7B9m 10lfB6Va1GpSvxDbw25rJHGcHrBZsxYOfkUr7QiUB0v+ztqWaShr/+JHf4c18rs0g6fd v1Hq2kYjcMklDj9qlZwTI+DIE5EbirVT6saJZeDF3cGqfy52ErLe6KkQKUqL6Bkjoc/i n2nPVGAqQCSUvAKgFV80sI3KjSeWcRUuVRP74Pc0ZKrsjUAYdjmGxU3Q0Qh+yJvAEk3i tJ+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=3n7VX37dlkpJW3xqkZq8yOjn0KG66Ge21erq9RE9BYY=; b=bXHx2N16ax/HD89N2XYPL5MruQVbFx6du0KN64x+FlE2fjZQlzRNoY//ZPz47T83z9 tJaDdhEm5H+bdspxog9R/MjofUnoCXx/iTVazfPqPEl9jXh66M9AMdWWpyamhMZ4vHoE K3lAQd0RuAqWwKKKjRVbMaudGtazDrT10lQ+uEWMR8wDA899/f9L6+SFnqV+XUtTpTVm oVULZL6bIdT/BAOrTGbdgjbeQy4+86iouM5+XtKVMhzlhtcx4BOFpmUnwAFvGwKvkCaN n3xsAqsqjpUQvJS2hnDswl/oM+MeZMErpPiFOBHRnR/dx2FYbnIiL907FnoE137Y90Aa cZaA==
X-Gm-Message-State: AOAM532BPxk/LoTIwk54teMaKbIEoohWiRO2Yjh7bknXHodqeMxcfTpm rsm0f8KDvBQyfuWnKZ792XchF0Em5sc=
X-Google-Smtp-Source: ABdhPJzOW7mwR+R2NfLkmFQJPCMxghfiZdd4qP8jpuxWp3XCFXrHA4B2ZsW9LIP3A0BtEed0X0Q3BA==
X-Received: by 2002:a1c:bc54:: with SMTP id m81mr42390329wmf.22.1594043848570; Mon, 06 Jul 2020 06:57:28 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id 12sm23082645wmg.6.2020.07.06.06.57.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Jul 2020 06:57:27 -0700 (PDT)
To: Ulysse Carion <ulysse@segment.com>
Cc: "json@ietf.org" <json@ietf.org>
References: <ce98d1e6-1f39-84ca-b9b0-d11b0aa3c2f7@gmail.com> <715bce33-a744-5a97-8c6b-c7d2b27510f2@gmail.com> <CAJK=1Rje7POnLVrUxPFAkAb5h8atP3n25GYyGdWob3wZRWH20g@mail.gmail.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <7d822b82-0a92-7da0-0dcf-6a7ae3456dab@gmail.com>
Date: Mon, 6 Jul 2020 15:57:25 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CAJK=1Rje7POnLVrUxPFAkAb5h8atP3n25GYyGdWob3wZRWH20g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/35nsuRydjRmRfvprsZ1V80JEbfU>
Subject: Re: [Json] RFC 8785 - JSON Canonicalization Scheme
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 13:57:33 -0000

On 2020-07-06 03:10, Ulysse Carion wrote:
> Hi Anders,
Hi Ulysse,
> 
> Nice job with JCS. I've taken a stab at implementing it here (in
> Golang), because I have a possible use for something like this, and
> your Golang reference implementation wasn't super usable as-is:
> 
> https://github.com/ucarion/jcs

Great job! Your code (modulo comments) weighed in at a mere 200 lines.

> Overall, I think this document makes sense, and -- given its
> prerequisites -- is the design any one of us would have landed on
> given time to meditate on the details. 

Well, we didn't exactly "landed" there; RFC 8785 represents a third
and complete rewrite. Although working, the previous attempts were
pretty much c**p from an implementation point-of-view.  Without the
great (but sometimes rather dismissive) input from the IETF community,
it would maybe never even had happened :)


> I usually specifically avoid
> embedding signatures within the data being signed, but when that's not
> an option JCS seems a quite reasonable choice.

In my case the ability to (in a reasonable manner), serialize a signed
HTTP request was *one* of the biggest motivations.  AFAICT, none of the
current efforts in the IETF, the W3C or more recently in ETSI, have this
capability.


> Two notes on what you could do to help future implementers:
> 
> 1. I wish you could provide some sort of script that generates
> floating-point test-cases, instead of having folks download a 3.8G
> file if they want to make sure they're correctly aping JavaScript's
> float-to-string algorithm.

I'm currently spending my limited cycles on the next steps on this
journey which will take a lot of work although they are (IMO)
technically ready as well as implemented:
https://cyberphone.github.io/doc/security/jsf.html
https://cyberphone.github.io/doc/security/jef.html

> 
> 2. I don't understand why implementations MUST detect and error on
> invalid surrogate pairs. For implementations that aren't implementing
> their own JSON parser at the same time, doing so may not always be
> possible. Can you elaborate on the reasoning, and maybe offer
> implementers guidance on the relevant parts of the Unicode spec?

If you don't honor all parts of a specification, you may run into
interoperability problems.  JCS is supposed to be "complete" but
I'm sure that most people (currently including myself...), won't
bother to death about this particular requirement in their actual
implementations...


> A prospective implementer already needs to go pretty deep into the hairy
> details of floating-point numbers and character encoding, and a bit of
> guidance in the developer portal would go a long way.


There is hope:
https://github.com/ulfjack/ryu/issues/87#issuecomment-646550719

> These are just details. Overall, I think JCS is quite nicely done.
> Thanks for making this.

Thanx,
Anders

> 
> Best,
> Ulysse
> 
> 
> On Sat, Jul 4, 2020 at 11:27 AM Anders Rundgren
> <anders.rundgren.net@gmail.com> wrote:
>>
>> https://www.rfc-editor.org/rfc/rfc8785
>>
>> In case you would like to test what you can do with JSON canonicalization, there are two public Web applications at your disposal:
>> Using JWS: https://mobilepki.org/jws-jcs
>> Using an "unwrapped" JWS called Java Signature Format (JSF): https://mobilepki.org/jsf-lab
>>
>> A real-world implementation from OWASP using JSF: https://cyclonedx.org/use-cases/#authenticity
>>
>> In Saturn JSF is not only a security solution, it is also used for counter-signatures to simplify state-holding in payment systems:
>> https://cyberphone.github.io/doc/saturn/hybrid-payment.html#6
>>
>> By securely embedding related messages in each other (aka "Russian doll"), there is no need for external references to previous messages.
>>
>> Enjoy!
>>
>> Anders
>>
>> _______________________________________________
>> json mailing list
>> json@ietf.org
>> https://www.ietf.org/mailman/listinfo/json