On Tue, Jun 11, 2013 at 12:32 PM, Carsten Bormann <[email protected]> wrote:
> On Jun 11, 2013, at 18:04, Richard Barnes <[email protected]> wrote: > > > you also need x == bad_stuff(x). > > I thought the point of the JSON.stringify() was that > > x == JSON'.parse(bad_stuff(JSON.stringify(x))) > > is easier to achieve than > > x == bad_stuff(x) > > just as > > x == base64url_decode(bad_stuff(base64url_encode(x))) > > is easy to achieve. > > Grüße, Carsten > Well, this is all happening within the context of a JSON object. The question at hand is about a particular field in that object. That field is input to a signature validation, so the sender and receiver need to agree on what octet string it represents. So the question is, if "x.signedThing" is the field that goes into the signature algorithm, does x.signedThing == JSON'.parse(bad_stuff(JSON.stringify(x))).signedThing ? We might also allow for some simple normalization of x.signedThing, e.g., converting to UTF-8. --Richard
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
