I've recently realized that JSON Web Signature and Encryption can sign
and encrypt arbitrary payloads. Only the metadata (headers) are in JSON
format.
While I do not appreciate/understand how constrained some devices can be
but I wonder if there could be any significant win by replacing the JSON
metadata with the binary equivalent, it is likely in 80% there will be
two/three headers max with some of those headers are the hints on how to
process the payloads thus bearing no memory requirements...
Cheers, Sergey
On 05/07/14 18:34, Tim Bray wrote:
If you move from JSON to something that’s not JSON, you lose a whole lot
of super-developer-friendly libraries and tooling, all very
fully-debugged and performant; and you also lose interchange
opportunities. So you should be really sure that you actually get a
significant advantage in one or more of performance, code size, or data
size.
I personally just haven’t seen the evidence that the binary-ness of a
format guarantees really significant wins. Specifically, my experience
is that time spent deserializing message formats into program data
structures is often dominated by memory management code. I’m not saying
that some sort of binary JSON-like message format is necessarily bad,
but I am saying that the costs are significant, and you should insist on
quantitative evidence of a win before you impose those costs on your
community.
On Fri, Jul 4, 2014 at 4:26 PM, John Mattsson
<[email protected] <mailto:[email protected]>> wrote:
One of the outcomes (from a breakout session) of the recent W3C workshop
on the Web of Things (http://www.w3.org/2014/02/wot/) were that for
constrained devices, more lightweight alternatives to JSON are desired.
It was discussed that one of the binary JSON formats (e.g. RFC7049 CBOR)
would be better alternatives for constrained devices using 802.15.4, and
that e2e secure binary JSON would be needed in some applications and
architectures.
Is anyone aware of any work on securing binary JSON?
John Mattsson
----------------------------------------------------
JOHN MATTSSON
MSc Engineering Physics, MSc Business Administration and Economics
Ericsson IETF Security Coordinator
Senior Researcher, Security
_______________________________________________
jose mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
--
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
