On 2018-10-11 22:05, Bret Jordan wrote:
Anders,
I really like what you have done with this. I am trying to figure out if it
will work 100% for my needs, or if it will need some tweaking. If it does
work, then I think we should really try and figure out how we get your work
standardized.
Thanx Bret!
The https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01 I-D
provides quite a lot of features including an extension option that can be used
for adding possibly missing functionality.
There is one thing that is good to know for anyone thinking about standardizing
Canonical JSON and that's the fact that canonicalization also can be performed
on the text level as described by:
https://gibson042.github.io/canonicaljson-spec/
This has the advantage that it is very simple and supports the entire JSON RFC
without restrictions.
So why didn't I took this [superficially obvious] route? There are several
reasons for that:
A downside of source level canonicalization is that it doesn't integrate with
JSON parsers and serializers.
https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 was
explicitly designed to eventually be an option of a standard JSON serializer as
it already is in my Java reference implementation.
Another issue is that it is unclear what the value is with using the JSON "Number" format
outside of the IEEE range. In fact, it excludes parsers like JavaScript's JSON.parse() unless
JavaScaript would be updated to always use a "BigNumber" as fundamental numeric type.
Regards,
Anders
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
