[Json] I-D: draft-rundgren-json-canonicalization-scheme-00

Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 16 March 2018 05:46 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E03F7124BFA for <json@ietfa.amsl.com>; Thu, 15 Mar 2018 22:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5u_cRgTNRM7x for <json@ietfa.amsl.com>; Thu, 15 Mar 2018 22:46:27 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAA9D1200F1 for <json@ietf.org>; Thu, 15 Mar 2018 22:46:26 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id e194so848527wmd.3 for <json@ietf.org>; Thu, 15 Mar 2018 22:46:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language; bh=a8v25rOrrixs2mRMfKr6wLBquECnSW6L09oOJZnmRfY=; b=SOh6mfPL5U5msmculsEyMNS2gzvYqqwFHqgchdOICV+gLMiPgWSr5+aQhfzL5eP/DS Uur1u7cjkcSkbFcClP8BqA8qthw66I1D0ps95WTCifb2XqZM26lrGX1D4KDQKMJUC5tn u0HrMAofossVm304ujlsCNct3xYW8xLlKS8LmHx1j+u8Ib1jD1Y6XU+ny1yf1LNTD39i 8FMDcgxCI0ffbM/s1ktR+I0XzEa3Km3Ysw105NeVShI1wMHucCpY3oFxsoqo7aR4JIOa AS0ee9TxLi7ERwETlyJWZRaROi0cXbI/nt3TLnlvNmzCHmRdjm8UaJNUe6GCM+H7TOoC nhkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language; bh=a8v25rOrrixs2mRMfKr6wLBquECnSW6L09oOJZnmRfY=; b=MxKQcC8WPG4iHI+7SoumWYHMxyiCuQFZiID/u9Uy+e1CsPEajfzI/FfTI0Odl+PkJD tGkvGUSv+erRGSW1JTIkj33wmj1uDYcKbcHhwTdBQf7ooEikW0QD5KCry/mfIJVDy47/ M2HnsfH/a2V/eKE7Onqgztraod0GIyuPrV0XACznYrmb50pGsAxiZhz1oefbV6j60uyn l1MgLKsKLo3A1mOTVTxJ4xUtWP/Sd1Cp7Y+lRxfbXupp1VVQ4JGYddgNOgNouhkg9CPC aKi0dnnjkmUEZv75+Ur/koWnD8PfUWMLuJoKClBsd4//VxaBS9OC/gBMvYHdPizYIc5D m64Q==
X-Gm-Message-State: AElRT7F703J0p0hdyKKdKgkGf0HxI9kjNAgUwC7H8b9CGkZDDbrh2oit ZeYSxn3uQnrjCJWczLlmVFs=
X-Google-Smtp-Source: AG47ELt8gz6m2bbJqnF9cblxSAWMVb67XTE/OlfOdHyL8EIP5ylSCWtz7p1nurvyreqW7vrm3tydmw==
X-Received: by 10.80.178.134 with SMTP id p6mr1042641edd.35.1521179185280; Thu, 15 Mar 2018 22:46:25 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id w16sm3336878edd.61.2018.03.15.22.46.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Mar 2018 22:46:24 -0700 (PDT)
To: "json@ietf.org" <json@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <65d998cb-8aed-205b-98bd-ac1297310a50@gmail.com>
Date: Fri, 16 Mar 2018 06:46:20 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------C8D6BDF83EF4968C6574A8A5"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/json/nJFkcKqG-im13X5tzITROWxMVIY>
Subject: [Json] I-D: draft-rundgren-json-canonicalization-scheme-00
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/json/>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 05:46:30 -0000

No, this I-D has not yet been submitted to the IETF but it is available anyway :-)

    Abstract

        Cryptographic operations like hashing and signing depend on that the
        target data does not change during serialization, transport, or
        parsing.  By applying the rules defined by JCS (JSON Canonicalization
        Scheme), data provided in the JSON [RFC8259] format can be exchanged
        "as is", while still being subject to secure cryptographic
        operations.  JCS achieves this by exploiting the strict operation of
        the JSON serialization method defined in ECMAScript beginning with
        version 6 [ES6].

        The intended audiences of this document are JSON tool vendors, as
        well as designers of JSON based cryptographic solutions.

Current draft:
https://cyberphone.github.io/doc/security/draft-rundgren-json-canonicalization-scheme.html

Workspace:
https://github.com/cyberphone/json-canonicalization

I would be VERY happy to get some feedback on this!
If you have any interest in co-authoring, I'm open to suggestions.

Thanx,
Anders

// ES6 based JSON canonicalizer
'use strict';
var canonicalize = function(object) {

     var buffer = '';
     serialize(object);
     return buffer;

     function serialize(object) {
         if (object !== null && typeof object === 'object') {
             if (Array.isArray(object)) {
                 buffer += '[';
                 let next = false;
// Array - Maintain element order
                 object.forEach((element) => {
                     if (next) {
                         buffer += ',';
                     }
                     next = true;
// Recursive call
                     serialize(element);
                 });
                 buffer += ']';
             } else {
                 buffer += '{';
                 let next = false;
// Object - Sort properties before serializing
Object.keys(object).sort().forEach((property) => {
                     if (next) {
                         buffer += ',';
                     }
                     next = true;
// Properties are just strings - Use ES6
                     buffer += JSON.stringify(property);
                     buffer += ':';
// Recursive call
                     serialize(object[property]);
                 });
                 buffer += '}';
             }
         } else {
// Primitive data type - Use ES6
             buffer += JSON.stringify(object);
         }
     }
};