[Json] Canonicalized JSON

Anders Rundgren <anders.rundgren.net@gmail.com> Sun, 08 November 2015 15:59 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E8E1B31D7; Sun, 8 Nov 2015 07:59:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8aRlxemzjfx; Sun, 8 Nov 2015 07:59:42 -0800 (PST)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CA311B31D4; Sun, 8 Nov 2015 07:59:41 -0800 (PST)
Received: by wmww144 with SMTP id w144so13653233wmw.0; Sun, 08 Nov 2015 07:59:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=wxHC70KBtHz2GNlL1XuCZy3xyNVE1nHfqwnmXmf9XIk=; b=k/ZfeWoAjPg74j4yWNVFkmNmLRQa8XHqFCm7WPrNCGS2ZZWbUSsycJM3SAH2Bgm9pn bjZc7KJM6IPs3+SI1LaPHSQYzSly5F611wDkKvrWdTUNoUmBYRDyeBfn60dp9Wu6W34c uTWSGnbBqQokw5rPKZUjM7W+YS5mWiKmU9/8zXv76S5TpAaFvvEj1l7SLwYvp+4eWFX0 J9k9nqn3HFNASY5g3aNZxUcfIdO6dz+a9KesvCYxzmK2zEtcEr8++YKhofGgHSJoAv3d hi9TT/O2Qe5sHgPSW8tVDMsK0oB1pIyEdFH39jBsdwaoX+y2dlzNLXrYWh2fdJLGZYNc q5MA==
X-Received: by 10.28.138.148 with SMTP id m142mr22057611wmd.2.1446998380185; Sun, 08 Nov 2015 07:59:40 -0800 (PST)
Received: from [192.168.1.79] (148.198.130.77.rev.sfr.net. [77.130.198.148]) by smtp.googlemail.com with ESMTPSA id n17sm9444455wmg.17.2015.11.08.07.59.36 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 08 Nov 2015 07:59:39 -0800 (PST)
To: "jose@ietf.org" <jose@ietf.org>, "json@ietf.org" <json@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <563F7160.30603@gmail.com>
Date: Sun, 8 Nov 2015 16:59:28 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/json/V0JcYGG9yus62_T0vG2A4x2fOHo>
Subject: [Json] Canonicalized JSON
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Nov 2015 15:59:43 -0000

Canonical JSON would [probably] be cool but it isn't a reality.

Anyway, I have continued the quest into ES6 and the canonicalization of Numbers
and AFAICT [1] a bunch of ES6-vendors [2] have selected algorithms [3] that produce
deterministic and interoperable values for serializing and deserializing Numbers.

That is, no workarounds of any kind are necessary for using in-object JS or JSON signatures
like the JS-example below which was created by my just updated reference implementation:

var reading =
{
   device: "Pump2",
   value: 13000,
   signature:
     {
       algorithm: "ES256",
       publicKey:
         {
           type: "EC",
           curve: "P-256",
           x: "ajlL4ksVEi-T589G7X9H4VOLoqbMkzPQw_GQFvUIXMA",
           y: "BdNg_sfSs6cZsYiMoRSmvnFOHXHJhYf9adQTkP1yweA"
         },
       value: "VMbKgogiOeoWQd7tT9_vqNVxUm0fg7phsITvfj6Ggd_ghYj0BzW30QOS69tiYL0tTIEMVI4Kf9ZnQUocrr7XYQ"
     }
};

1] Test-file with specific values as well as random numbers.  10 million total:
http://webpki.org/ietf/es6testfile.txt

2] Google (Chrome), Mozilla (Firefox), and Apple (Safari).

3] https://github.com/cyberphone/openkeystore/blob/master/library/src/org/webpki/json/DToA.java

- anders