Dear WG,
I was reading through RFC 7515 to see if it would work for a project I am
working on. Basically the need to sign and resign a JSON object. However, in
RFC 7515 there does not seem to be any definition for serializing a canonical
form of JSON. This means that two organizations that serialize it differently
would produce two different signatures.
Super simple example
{ “type” : “house”, “size” : “1000 sq feet” }
Or
{
“type” : “house”,
“size” : “1000 sq feet”
}
Or
{“type”:“house”,“size”:“1000 sq feet”}
Or (tabs not spaces)
{
“type” : “house”,
“size” : “1000 sq feet”
}
All four of these JSON structures would produce a different signature as
defined by RFC 7515. What am I missing?
Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not
be unscrambled is an egg."
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
