Would this WG be open to working on a solution to sign JSON (not a byte stream) and define a canonical representation for said JSON?
Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 1:15 PM, Nathaniel McCallum <[email protected]> wrote: > > JWS signs a byte stream, not JSON. If you want to use a JWS to sign > JSON data it is your responsibility to ensure that both sides produce > an equivalent byte stream. > On Wed, Oct 10, 2018 at 3:04 PM Bret Jordan <[email protected]> wrote: >> >> Dear WG, >> >> I was reading through RFC 7515 to see if it would work for a project I am >> working on. Basically the need to sign and resign a JSON object. However, >> in RFC 7515 there does not seem to be any definition for serializing a >> canonical form of JSON. This means that two organizations that serialize it >> differently would produce two different signatures. >> >> Super simple example >> >> { “type” : “house”, “size” : “1000 sq feet” } >> >> >> >> Or >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> >> Or >> >> {“type”:“house”,“size”:“1000 sq feet”} >> >> >> >> Or (tabs not spaces) >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> All four of these JSON structures would produce a different signature as >> defined by RFC 7515. What am I missing? >> >> >> Thanks, >> Bret >> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 >> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can >> not be unscrambled is an egg." >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
