Re: [Json] I-D: draft-rundgren-json-canonicalization-scheme-00
Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 02 May 2018 09:22 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36B7E1270A7 for <json@ietfa.amsl.com>; Wed, 2 May 2018 02:22:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTCvMVFq8UOD for <json@ietfa.amsl.com>; Wed, 2 May 2018 02:22:26 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0439D12D94B for <json@ietf.org>; Wed, 2 May 2018 02:22:26 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id o78so23094589wmg.0 for <json@ietf.org>; Wed, 02 May 2018 02:22:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=/1b89IAyBLzc76dOv5hfjWnsUPi6uYnfA2RhfKKcQB0=; b=LotZhRCQsqSB3tJPOPDFOdL+KVBqpBMXu1kPAfwt6hSob4tCO6csT37931WbvbttQq A4tAFTohuaQn52CAO9yCR2wCOdOSFAksZKV3sv+8TlXv18xo04WjbOdk5xZLwiv4A/oS GcC63SxQ2DggyvglFXgbGEN58m4xEwAtKFMnCFr93zzP+3CFVS0ekbhA4tQUrqkxtO3K tClJj/OkmNymZQuT/tusq+swuAKom1g1pufLE+R125s6oYNzpTlJzvVZXP24ClW0yR8X 3r/Fz/jvbK5T792EQs9IU1ke6z9P9NQCwPu6s1baaD7ZI0VXpEqjWF+DP5B1u9olAFrt Cupg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=/1b89IAyBLzc76dOv5hfjWnsUPi6uYnfA2RhfKKcQB0=; b=gYWqBqc2cT4AyLUCOa8T0B6dJvpkS0GeoLq9VuAiEyZ1Jhc1/aPGQ3Bso7HtWI3MQ7 3aOCfi0+C1Bcs0tBLxSeuafm5iaaDFLbGWW9CPyj1W2qURp+bi1bv8gzmBS+j3uW9xJW 6qn92XZ3+Entf72Lvd+9dz3oAwtHBOqy2rjPOI7EP6GnXa12rSUONXJEzB6YFw6rKs+4 HcSq4muJylWbXRPfFvrE4MD5Qo85TpvFaVEQaFTBuFfgeaSvq2eA+2bnc3pIRzgiDyp8 puA/EzDtUM8Y/84Hn44vuPJ9Y4ajnPZ8cVTvHFipAtODf9zMnoL9/NO7M6XYvZ7Bz+NA yupw==
X-Gm-Message-State: ALQs6tDUjcQsp1ZjA27GhoO0EBC4gQiW+VpUGFW8eR/Chk2l06vIKd0L DR7+o47QsuTV3gm9KTsXDgRbIw==
X-Google-Smtp-Source: AB8JxZrOYy5m3Y4tTQAwzGcG0wkNyUZ0k7FSSTbt4RiewF/I8wJ65o6cEPLHmRg5of6ik2LbCOPhjA==
X-Received: by 10.28.213.198 with SMTP id m189mr11861867wmg.28.1525252944011; Wed, 02 May 2018 02:22:24 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id p10-v6sm11208715wre.77.2018.05.02.02.22.22 for <json@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 May 2018 02:22:23 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "json@ietf.org" <json@ietf.org>
References: <65d998cb-8aed-205b-98bd-ac1297310a50@gmail.com>
Message-ID: <45af54a1-89a3-0128-0ad7-59f8f1907d92@gmail.com>
Date: Wed, 02 May 2018 11:22:21 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <65d998cb-8aed-205b-98bd-ac1297310a50@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/SN6Y7d1i_uEwvh_qnZy8S0vFWWg>
Subject: Re: [Json] I-D: draft-rundgren-json-canonicalization-scheme-00
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 09:22:28 -0000
Ping? JSON canonicalization is impossible or at least very hard. JSON canonicalization is stupid, just dress everything in Base64Url (like JOSE), and the problem is solved. JSON canonicalization is unnecessary, JSON is "as is", now we turn to CBOR and ProtoBuf which were designed with canonicalization in mind. On 2018-03-16 06:46, Anders Rundgren wrote: > No, this I-D has not yet been submitted to the IETF but it is available anyway :-) > > Abstract > > Cryptographic operations like hashing and signing depend on that the target > data does not change during serialization, transport, or parsing. By applying > the rules defined by JCS (JSON Canonicalization Scheme), data provided in the > JSON [RFC8259] format can be exchanged "as is", while still being subject to > secure cryptographic operations. JCS achieves this by combining the strict > serialization of JSON data defined in ECMAScript [ES6] with a platform > independent sorting scheme. > > The intended audiences of this document are JSON tool vendors, as well as > designers of JSON based cryptographic solutions. > > > Current draft: > https://cyberphone.github.io/doc/security/draft-rundgren-json-canonicalization-scheme.html > > Workspace: > https://github.com/cyberphone/json-canonicalization > > I would be VERY happy to get some feedback on this! > If you have any interest in co-authoring, I'm open to suggestions. > > Thanx, > Anders > > // ES6 based JSON canonicalizer > 'use strict'; > var canonicalize = function(object) { > > var buffer = ''; > serialize(object); > return buffer; > > function serialize(object) { > if (object !== null && typeof object === 'object') { > if (Array.isArray(object)) { > buffer += '['; > let next = false; > // Array - Maintain element order > object.forEach((element) => { > if (next) { > buffer += ','; > } > next = true; > // Recursive call > serialize(element); > }); > buffer += ']'; > } else { > buffer += '{'; > let next = false; > // Object - Sort properties before serializing > Object.keys(object).sort().forEach((property) => { > if (next) { > buffer += ','; > } > next = true; > // Properties are just strings - Use ES6 > buffer += JSON.stringify(property); > buffer += ':'; > // Recursive call > serialize(object[property]); > }); > buffer += '}'; > } > } else { > // Primitive data type - Use ES6 > buffer += JSON.stringify(object); > } > } > };
- [Json] I-D: draft-rundgren-json-canonicalization-… Anders Rundgren
- [Json] Browser Polyfill. Re: I-D: draft-rundgren-… Anders Rundgren
- Re: [Json] I-D: draft-rundgren-json-canonicalizat… Anders Rundgren