Re: [Json] [jose] EcmaScript V6 - Defined Property Order
Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 26 October 2015 05:14 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAAF71AC447; Sun, 25 Oct 2015 22:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLlhdMbdBYnk; Sun, 25 Oct 2015 22:14:56 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0E2E1AC425; Sun, 25 Oct 2015 22:14:55 -0700 (PDT)
Received: by wikq8 with SMTP id q8so147621810wik.1; Sun, 25 Oct 2015 22:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=OFs7LkpGk1vTHC2meYwOEAfTP9atl/x53Yma6raa2ow=; b=QQqAUOOwtMhJnFRoeKDAmpJedKiebY6LKCcCPzH7HQSoFv5VNpsRJ6GnTM4vdnzeZf xPIJ4IL6hBDrijpuFy/cUBHPEhuCCSNR4JUZibM5iB5WiSzU4ywViZI6TrlArr6P8Vuu OMeInwKUIMCPvmXTo0sdYltZPIA46nbz3r0hbmOZfXXSKVV50j5mGwDbjRuJ6iVtShXL KDckzp3FzutokhCS+m72RKAQNnI4Og6hCTJ48Z/K4WXYLbd1uG6AsRm+hyQ9eLBSgNsu s3ZsQVQuf1i95cGdnYSWWS8IBoXABeNlmlFC5qOrImi/BHPUEMHKPwIIKIfq48usLnKc YwMA==
X-Received: by 10.180.10.5 with SMTP id e5mr12097996wib.56.1445836494360; Sun, 25 Oct 2015 22:14:54 -0700 (PDT)
Received: from [192.168.1.79] (148.198.130.77.rev.sfr.net. [77.130.198.148]) by smtp.googlemail.com with ESMTPSA id ki7sm36802186wjc.28.2015.10.25.22.14.52 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Oct 2015 22:14:53 -0700 (PDT)
To: "Manger, James" <James.H.Manger@team.telstra.com>, "json@ietf.org" <json@ietf.org>, "jose@ietf.org" <jose@ietf.org>
References: <562C9C1F.6020507@gmail.com> <562CF614.4020200@gmail.com> <255B9BB34FB7D647A506DC292726F6E13BB107BC65@WSMSG3153V.srv.dir.telstra.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <562DB6CA.6070904@gmail.com>
Date: Mon, 26 Oct 2015 06:14:50 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BB107BC65@WSMSG3153V.srv.dir.telstra.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/json/ZOlE7e9QaOvM8ZTRJ35VR7lryTQ>
Subject: Re: [Json] [jose] EcmaScript V6 - Defined Property Order
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 05:14:58 -0000
On 2015-10-26 00:10, Manger, James wrote:
> Hi Anders,
>
> I agree that the EcmaScript string format for numbers is a better basis for a canonical JSON format than, say, normalized scientific notation - particularly for the dominant case of integers less than 2^64. However, EcmaScript's ToString(number) doesn't quite give a canonical form. 7.1.12.1 step 5 says "the least significant digit of s is not necessarily uniquely determined by these criteria". EcmaScript guarantees that ToNumber(ToString(x)) gives the same number x, but that is not quite what we need for signing. We need ToString(ToNumber(s)) to give the same string. I guess you could sign the 8 bytes of a 64-bit float, instead of the JSON decimal digits.
Hi James,
Thanx for pointing out this, it is apparently always a very good idea testing concepts with other knowledgeable people before you actually start building something :-)
I guess the ES committee wasn't entirely happy about having to adjust their spec. due to improper reliance on JavaScript property order by parts of the development community. But they probably did the right thing.
I'm thinking in a similar way. Why let an edge-case spoil all the fun? Maybe the ES6 vendors implement the same broken ToString algorithm or the improved version mentioned as a note after the section you referred to? I won't research this issue now because I consider Ecma the sole "owner" of this problem :-)
So this is my (latest) suggestion for an upgraded in-object JSON clear-text signature specification:
"Due to limitations in the EcmaScript V6 [ECMA-262] specification regarding
the ToString(number) method, it is for interoperability reasons RECOMMENDED
to utilize a maximum of 18 digits of precision for non-integer Numbers."
It sure isn't pretty but since "business messaging" can't even use JSON/ES numbers for expressing monetary amounts, it is hardly a show-stopper.
Anders Rundgren
>
> James Manger
>
> -----Original Message-----
> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Anders Rundgren
> Sent: Monday, 26 October 2015 2:33 AM
> To: jose@ietf.org; json@ietf.org
> Subject: Re: [jose] EcmaScript V6 - Defined Property Order
>
> Since the ES6 Number type is 64-bit IEEE, there's no need to worry about number canonicalization either if you base the signature system on ES6 which seems like a pretty safe bet.
>
> http://www.ecma-international.org/ecma-262/6.0/index.html#sec-tostring-applied-to-the-number-type
>
> That is, AFAICT, clear-text in-object JSON signatures are already compatible with ES6 (and I must drop my "number preservation" stuff...).
>
> Folks working with constrained devices will probably settle for CBOR.
>
> On 2015-10-25 10:08, Anders Rundgren wrote:
>> http://www.ecma-international.org/ecma-262/6.0/index.html#sec-ordinary-object-internal-methods-and-internal-slots-ownpropertykeys
>>
>> I can't say I'm able "deciphering" the ES6 specification but it seems that the largest base of JSON parsers (the browsers), now are compliant with in-object JSON clear-text signature schemes of the kind I have proposed (pushing maybe...), albeit with some (IMO for practical purposes insignificant) limitations:
>>
>> - Integer property names doesn't work.
>> - Numeric values would have to be normalized.
>>
>> Java, Python, and C# already manages this as well.
>>
>> Yay!
>>
>> Anders
>>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
- [Json] EcmaScript V6 - Defined Property Order Anders Rundgren
- Re: [Json] EcmaScript V6 - Defined Property Order Anders Rundgren
- Re: [Json] [jose] EcmaScript V6 - Defined Propert… Manger, James
- Re: [Json] [jose] EcmaScript V6 - Defined Propert… John Cowan
- Re: [Json] [jose] EcmaScript V6 - Defined Propert… Anders Rundgren