IETF Logo Mail Archive

Re: [Json] Canonicalization

Francis Galiegue <fgaliegue@gmail.com> Wed, 20 February 2013 03:01 UTC

Return-Path: <fgaliegue@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE9A21F8814 for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 19:01:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yADbsAAxcVvE for <json@ietfa.amsl.com>; Tue, 19 Feb 2013 19:01:00 -0800 (PST)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id 80CB421F8855 for <json@ietf.org>; Tue, 19 Feb 2013 19:01:00 -0800 (PST)
Received: by mail-ea0-f172.google.com with SMTP id f13so3175619eaa.3 for <json@ietf.org>; Tue, 19 Feb 2013 19:00:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=wSc+LufkpUxc2bU9ObTKUjelVcCH7dH185p0dsIwDCc=; b=D5M7DDXLG7tx6gJrOxUeiZuiEIlCxhxxsMj/ar2idr5y8xvuVUULUHsORulCrzfbOY 2acE2QCC67CqCt0SlwGBAv80RjfFS/sUAAsvkl39agpCrnyh6dE58nW7xGpUFCcumGkh fZajMCHu3DsmBif7z9rJ/V5x7JZzs9NReQbYgC+5dGhWZQ1Yde00kE7JTfKpCw/k/tzF l+zXkefNBRrNuEE3vHvw2ojJ7P9MHU2HQjincg/0HRW/972jLJmfsTYCgp+Hg7G9j99m 2pd2M+imM4PnYxVMV30nUwQdkemkkOTXGHbJYjTooiSs7kLFfStnMUP+tDhtxxMq8rkU ZyTQ==
MIME-Version: 1.0
X-Received: by 10.14.193.134 with SMTP id k6mr63875434een.37.1361329259578; Tue, 19 Feb 2013 19:00:59 -0800 (PST)
Received: by 10.14.1.7 with HTTP; Tue, 19 Feb 2013 19:00:59 -0800 (PST)
In-Reply-To: <CAK3OfOjo36iw5cpwowKRUWOgXd9L-M6bOX4qc8_hrdscbAQbiQ@mail.gmail.com>
References: <BF7E36B9C495A6468E8EC573603ED9411513E818@xmb-aln-x11.cisco.com> <A723FC6ECC552A4D8C8249D9E07425A70F897263@xmb-rcd-x10.cisco.com> <255B9BB34FB7D647A506DC292726F6E11507579808@WSMSG3153V.srv.dir.telstra.com> <1F2DF9AD-EE7A-4CC6-BBA6-AF07D02347F9@vpnc.org> <CAK3OfOhkSdi_4kuM3SG2N=bcfAwE-3E9+_SWW8ULSfedO8HAkQ@mail.gmail.com> <2510D743-1CCE-42D0-9067-836F03BDD606@vpnc.org> <CALcybBDfyDGh-Gt9v-94OBM7XFzzSwywZJW_fECuig6hrN0cCw@mail.gmail.com> <1361323974.9790.41.camel@pbryan-wsl.internal.salesforce.com> <CALcybBAkJg1JyMwPc-xsCv_GvROPE696-4ak8YqaO2vXcQ+QHA@mail.gmail.com> <CALcybBAyc1CcaH1_yyg8AQ9=SM6Tn7+1mbtQL+b9910ojuvbqQ@mail.gmail.com> <CAK3OfOjo36iw5cpwowKRUWOgXd9L-M6bOX4qc8_hrdscbAQbiQ@mail.gmail.com>
Date: Wed, 20 Feb 2013 04:00:59 +0100
Message-ID: <CALcybBB2KowXG+vYeJHjDUOqdZMPy0mQOpxHf8ioe3eWAVb0uw@mail.gmail.com>
From: Francis Galiegue <fgaliegue@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="UTF-8"
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "Paul C. Bryan" <pbryan@anode.ca>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] Canonicalization
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 03:01:06 -0000

On Wed, Feb 20, 2013 at 3:36 AM, Nico Williams <nico@cryptonector.com> wrote:
[...]
>
> Yes and no.  If the verifier and the signer both have the same
> document then no c14n is needed.  If the verifier must reconstruct the
> signed document -as opposed to receiving it from the signer- then the
> verifier must reconstruct exactly the signed document or the signature
> will not verify.
>

There is one thing I don't get: in any case, what is transmitted over
the network is just a stream of bytes. One end writes that stream, the
other reads it.

In order for the receiving end to interpret that data, should signing
be used, it needs to verify that the _byte stream_, not its
interpretation, is correct. That byte stream MAY be JSON. It may not
be.

The problem is therefore, IIUC, that if the protocol exchange has
determined that this byte stream is JSON, then there should exist a
canonical form. OK, but then what about this:

{
    "x": 0.00000000000000000000000000000000000000000000000000000000000000000000000000002
}

This is valid JSON. However hard you wish to canonicalize it, the fact
is, some languages won't read it correctly -- in fact, most languages
won't.

And c14n won't help here.

-- 
Francis Galiegue, fgaliegue@gmail.com
Try out your JSON Schemas: http://json-schema-validator.herokuapp.com

v2.23.0 | Report a Bug | By Email