On 2018-03-16 08:52, C. Scott Ananian wrote:
See http://wiki.laptop.org/go/Canonical_JSON -- you should probably at least
mention unicode normalization of strings.
Yes, I could add that unicode normalization of strings is out of scope for this
specification.
You probably should also specify a validator: it doesn't matter if you emit
canonical JSON if you can tweak the hash of the value by feeding non-canonical
JSON as an input.
Pardon me, but I don't understand what you are writing here.
Hash functions only "raison d'être" are providing collision safe checksums.
thanx,
Anders
--scott
On Fri, Mar 16, 2018 at 3:16 AM, Anders Rundgren <[email protected]
<mailto:[email protected]>> wrote:
Dear List,
Here is a proposal that I would be very happy getting feedback on since it
builds on ES but is not (at all) limited to ES.
The request is for a complement to the ES "JSON" object called
canonicalize() which would have identical parameters to the existing stringify() method.
The JSON canonicalization scheme (including ES code for emulating it), is
described in:
https://cyberphone.github.io/doc/security/draft-rundgren-json-canonicalization-scheme.html
<https://cyberphone.github.io/doc/security/draft-rundgren-json-canonicalization-scheme.html>
Current workspace: https://github.com/cyberphone/json-canonicalization
<https://github.com/cyberphone/json-canonicalization>
Thanx,
Anders Rundgren
_______________________________________________
es-discuss mailing list
[email protected] <mailto:[email protected]>
https://mail.mozilla.org/listinfo/es-discuss
<https://mail.mozilla.org/listinfo/es-discuss>
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
