On Wed, Jan 28, 2015 at 01:14:58PM -0500, Phillip Hallam-Baker wrote:
> <JSON-BLOB> [Separator] <content-blob>
I'll bite.
Why not:
<metadata JSON> <separator> <signature> <content>
> Advantages:
>
> * Can read the metadata for a file etc with a plain ASCII editor or command
> line tools like cat, more, etc.
>
> * Avoids the need to BASE64 armor the content. So if the content is JSON or
> other ASCII/Unicode text it remains readable in an ASCII/Unicode editor.
Why even have to base64-encode the signature?
> * Can add signatures, digests and other metadata items to content in a
> simple regular fashion.
Ah. Hmm, right! It'd have ot be:
<metadata JSON> <separator> <signature> <content> [<extra signatures>]
or
<metadata JSON> <separator> <content> [<signatures>]
or as you suggest, put the [base64-encoded] signatures in the metadata.
> Right now, the IETF spec for describing content metadata is based on
> RFC822. And by 'based on', I mean that it is a find the needle in the RFC
> haystack approach. RFC822 style content headers as currently used have
> several disadvantages:
>
> * It is a flat structure, headers can have attributes but trying to add
> more structure is painful.
Flat structure has its advantages.
A while back I posted a list of kinds of encodings, asking if there was
any I'd missed. I did miss one important one myself: Lustre's RPC.
Lustre's RPC doesn't support seqeuences-within-sequences-within-
sequences like all the others do. It's more like a single top-level
sequence of fixed- and variable-length things, where the fixed-length
ones contain C-like structs (with all-fixed-length fields), and the
variable-length ones containing only things like filenames. (Bulk data
is sent separately, via RDMA-like protocols.)
The main advantage to this is that all the critical length checks go in
one place in the code.
Whereas a JSON blob is not flat. It could be arbitrarily deep.
> * It is a historical artifact and content metadata headers are mixed in
> with protocol metadata headers without rhyme or reason.
>
> * It is not JSON and JSON is the spec we are now converging on for this
> type of work. It has all the expressive capabilities of XML and ASM.1
> without the insanities and stupid. It is as easy to read and write as
> RFC822 but without the limitations.
Meh. It's just one of many suitable encodings. Pick one, any one.
> The spec itself would be simple, its
> basically draft-ietf-json-text-sequence applied to a sequence of one json
> object and one content blob.
Pretty much, yes (but it's not the same: the blob would not be a JSON
blob).
> JSON sequence specifies that "A JSON text sequence consists of any number
> of JSON texts, all encoded in UTF-8, each prefixed by an ASCII Record
> Separator (0x1E), and each ending with an ASCII Line Feed character (0x1A)"
>
> This is not ideal for JSON Container. We would prefer that the character
> which is illegal in a JSON document be the one that is the separator
> between the header and content.
Just make it:
RS JSON-blob LF FS content
(That would be as close as this could get to being a JSON text
sequence while also being sufficiently different.)
> Applying this in a Web Service is very simple, our messages now have the
> form:
>
> POST / HTTP/1.1
> Host: example.com
> Content-Type: application/json-container
> Content-Length: 666
>
> { "Signature" : "wefwkjefkljwehfjklwhejkflh" }
>
> <0x1E>{ "Service-Type" : "acme.ws",
> "Transaction-ID" : "2h23roih23oih23orh",
> "Register" : { ....<web service parameters here> ... } }
OK, but why not put all of this into the headers anyways?
> Notice how we have just developed a format that allows us to sign a
> complete code distribution including content data very easily. This is
> obviously out of scope for ACME but the fact that an approach transfers so
> neatly to a completely different problem suggests that it is the right
> track.
Wasn't JOSE about this sort of thing?
Nico
--
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
