I am also needing the ability to have signatures embedded in the JSON and have multiple groups sign various individual or holistic parts of the JSON structure.
I found this page, and from a first read it looks like it gets me some of the way to what I am needing. https://cyberphone.github.io/doc/security/jcs.html <https://cyberphone.github.io/doc/security/jcs.html> Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Oct 10, 2018, at 3:02 PM, Nathaniel McCallum <[email protected]> wrote: > > I can't speak for the WG. However, I think such is unnecessary. It is > long standing custom, when working with JSON (with or without JOSE), > to serialize without whitespace and with sorted keys. Every single > JSON implementation I've ever come across gives you the ability to do > this. > On Wed, Oct 10, 2018 at 4:49 PM Bret Jordan <[email protected]> wrote: >> >> Would this WG be open to working on a solution to sign JSON (not a byte >> stream) and define a canonical representation for said JSON? >> >> >> Thanks, >> Bret >> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 >> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can >> not be unscrambled is an egg." >> >> On Oct 10, 2018, at 1:15 PM, Nathaniel McCallum <[email protected]> >> wrote: >> >> JWS signs a byte stream, not JSON. If you want to use a JWS to sign >> JSON data it is your responsibility to ensure that both sides produce >> an equivalent byte stream. >> On Wed, Oct 10, 2018 at 3:04 PM Bret Jordan <[email protected]> wrote: >> >> >> Dear WG, >> >> I was reading through RFC 7515 to see if it would work for a project I am >> working on. Basically the need to sign and resign a JSON object. However, >> in RFC 7515 there does not seem to be any definition for serializing a >> canonical form of JSON. This means that two organizations that serialize it >> differently would produce two different signatures. >> >> Super simple example >> >> { “type” : “house”, “size” : “1000 sq feet” } >> >> >> >> Or >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> >> Or >> >> {“type”:“house”,“size”:“1000 sq feet”} >> >> >> >> Or (tabs not spaces) >> >> { >> “type” : “house”, >> “size” : “1000 sq feet” >> } >> >> >> All four of these JSON structures would produce a different signature as >> defined by RFC 7515. What am I missing? >> >> >> Thanks, >> Bret >> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 >> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can >> not be unscrambled is an egg." >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >>
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
