> ---------- > From: [email protected] [mailto:[email protected]] On Behalf Of > Anders Rundgren > Sent: Sunday, 1 September 2013 7:05 PM > > New name and updated documentation. > > https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON- > Clear-Text-Signature-Scheme.pdf > > Enjoy!
Anders, This is quite an attractive approach — as long as canonicalization works. A canonical JSON form is viable, though many are reluctant to consider it due to historical challenges with canonical XML (and DER). The canonical form described in JCS is not precise enough. It doesn't discuss escapes in strings (eg "/" vs "\/" vs"\u002f" vs "\u002F"). I'm not sure what "UTF-8 order" is: sorting on Unicode scalar values would be better. Sorting in descending order (Z before A) is a strange (poor) choice. JCS doesn't define a canonical form for numbers, instead a receiver must keep the original form. That effectively means you cannot use any "normal" parser (that returns an int or double when parsing a number). JSON.stringify [ECMAScript v5.1; http://www.ecma-international.org/ecma-262/5.1/#sec-15.12.3] already precisely defines 1 form for any number or string. Add sorting object elements (and using lower-case for \uxxxx escapes) and you have great basis for a highly-interoperable JSON c14n spec. [see a discussion on the IETF JSON WG list: http://www.ietf.org/mail-archive/web/json/current/msg00134.html] -- James Manger _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
