IETF Logo Mail Archive

Re: [Json] Canonicalization

Nico Williams <nico@cryptonector.com> Wed, 20 February 2013 03:11 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C553D21F8815 for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 19:11:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.487
X-Spam-Level:
X-Spam-Status: No, score=-3.487 tagged_above=-999 required=5 tests=[AWL=-1.510, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6H89a8PTrIFn for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 19:11:45 -0800 (PST)
Received: from homiemail-a70.g.dreamhost.com (caiajhbdccac.dreamhost.com [208.97.132.202]) by ietfa.amsl.com (Postfix) with ESMTP id 2302421F8810 for <json@ietf.org>; Tue, 19 Feb 2013 19:11:45 -0800 (PST)
Received: from homiemail-a70.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a70.g.dreamhost.com (Postfix) with ESMTP id B5A0B76806C for <json@ietf.org>; Tue, 19 Feb 2013 19:11:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=yc1eRw0i5q1SYud6gLIE tztEFxA=; b=oy0+Ilyv/bZTy6zIw7WjWTT5QpgvxvcDEsUgc68CjAvTKLWbbUrl /XOjaKQREU3LeAFHeHIBwjgF5g4xwwwQN8ZHAsnFT/h4Do+LTopspEt26QFE6F+Y UcYjr/4eZBuTI+31qDUMeJSSYQko27Y3E3o3YvuqRvRJT/T+IVc2Si0=
Received: from mail-we0-f175.google.com (mail-we0-f175.google.com [74.125.82.175]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a70.g.dreamhost.com (Postfix) with ESMTPSA id 5911176806B for <json@ietf.org>; Tue, 19 Feb 2013 19:11:44 -0800 (PST)
Received: by mail-we0-f175.google.com with SMTP id x8so6262355wey.6 for <json@ietf.org>; Tue, 19 Feb 2013 19:11:42 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.180.84.165 with SMTP id a5mr31473846wiz.6.1361329902901; Tue, 19 Feb 2013 19:11:42 -0800 (PST)
Received: by 10.216.254.217 with HTTP; Tue, 19 Feb 2013 19:11:42 -0800 (PST)
In-Reply-To: <CALcybBB2KowXG+vYeJHjDUOqdZMPy0mQOpxHf8ioe3eWAVb0uw@mail.gmail.com>
References: <BF7E36B9C495A6468E8EC573603ED9411513E818@xmb-aln-x11.cisco.com> <A723FC6ECC552A4D8C8249D9E07425A70F897263@xmb-rcd-x10.cisco.com> <255B9BB34FB7D647A506DC292726F6E11507579808@WSMSG3153V.srv.dir.telstra.com> <1F2DF9AD-EE7A-4CC6-BBA6-AF07D02347F9@vpnc.org> <CAK3OfOhkSdi_4kuM3SG2N=bcfAwE-3E9+_SWW8ULSfedO8HAkQ@mail.gmail.com> <2510D743-1CCE-42D0-9067-836F03BDD606@vpnc.org> <CALcybBDfyDGh-Gt9v-94OBM7XFzzSwywZJW_fECuig6hrN0cCw@mail.gmail.com> <1361323974.9790.41.camel@pbryan-wsl.internal.salesforce.com> <CALcybBAkJg1JyMwPc-xsCv_GvROPE696-4ak8YqaO2vXcQ+QHA@mail.gmail.com> <CALcybBAyc1CcaH1_yyg8AQ9=SM6Tn7+1mbtQL+b9910ojuvbqQ@mail.gmail.com> <CAK3OfOjo36iw5cpwowKRUWOgXd9L-M6bOX4qc8_hrdscbAQbiQ@mail.gmail.com> <CALcybBB2KowXG+vYeJHjDUOqdZMPy0mQOpxHf8ioe3eWAVb0uw@mail.gmail.com>
Date: Tue, 19 Feb 2013 21:11:42 -0600
Message-ID: <CAK3OfOjz1TPbhFggz5ADh-4eEQC1iDVAbRYWWfpU7US79ao-3w@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Francis Galiegue <fgaliegue@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "Paul C. Bryan" <pbryan@anode.ca>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] Canonicalization
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 03:11:45 -0000

On Tue, Feb 19, 2013 at 9:00 PM, Francis Galiegue <fgaliegue@gmail.com> wrote:
> On Wed, Feb 20, 2013 at 3:36 AM, Nico Williams <nico@cryptonector.com> wrote:
> [...]
>>
>> Yes and no.  If the verifier and the signer both have the same
>> document then no c14n is needed.  If the verifier must reconstruct the
>> signed document -as opposed to receiving it from the signer- then the
>> verifier must reconstruct exactly the signed document or the signature
>> will not verify.
>>
>
> There is one thing I don't get: in any case, what is transmitted over
> the network is just a stream of bytes. One end writes that stream, the
> other reads it.

No, in this one case the two ends construct some data.  A good example
would be channel bindings (RFCs 5056, 5929), except that mostly that
has no structure, so it's not really a good example after all, but it
illustrates the point.

> In order for the receiving end to interpret that data, should signing
> be used, it needs to verify that the _byte stream_, not its
> interpretation, is correct. That byte stream MAY be JSON. It may not
> be.

That's just it: in this case the data isn't transmitted, only the
signature.  There's many protocols that transmit signatures (or
hashes) but not necessarily contents.  E.g., rsync.  What if you had a
JSON-based synchronization protocol and you're sending file metadata,
only there's a lot of it (e.g., large ACLs), and you're trying to
avoid sending it, so you send file names and metadata hashes, and if
the receiver's don't match then you send the actual metadata?

Nico
--

v2.23.0 | Report a Bug | By Email