Re: [jose] Canonical JSON form

Mon, 29 Oct 2018 01:34:17 -0700 

On 2018-10-28 21:32, Samuel Erdtman wrote:

In my opinion we can create a good canonicalization format for JSON to be used 
to sign cleartext JSON.

As can be seen on this list many are skeptical so my approach would be to 
publish easy to use open source implementations.


Yes, and part of that is supplying test data like: 
https://github.com/cyberphone/json-canonicalization/tree/master/testdata
The Microsoft folks developing "Chakra" (their JS engine) already use the 100 
million reference values.



If we do that and there is real interest then we might be able to convince 
people here about the need. In line with this ambition I have done the JS and 
Java publications. This might also show there is no actual interest and then 
that is also an outcome.


Well, another part of the standards puzzle is getting early work into real 
products and services.

FWIW, I'm personally involved in a couple of efforts using clear text JSON 
signatures:
- Saturn, an open payment authorization scheme based on an enhanced "four 
corner" trust model which aims giving banks an upper hand against Apple Pay, Google 
Pay, PayPal, etc.
- Mobile ID, an open, PKI-based, multi-issuer mobile authentication and 
signature solution for e-governments.

Regards,
Anders


Best regards
//Samuel


On Mon, Oct 22, 2018 at 8:44 AM Carsten Bormann <[email protected] 
<mailto:[email protected]>> wrote:

    On Oct 22, 2018, at 04:47, David Waite <[email protected] 
<mailto:[email protected]>> wrote:
     >
     > intermittent interoperability failures until a new language runtime 
release which revises the numerical print and parse functions

    Note that this is not a theoretical concern, as CVE-2010-4476 and 
CVE-2010-4645 amply demonstrate, nicely underscored by the re-occurrence of the 
latter in 
https://www.exploringbinary.com/php-converts-2-2250738585072012e-308-incorrectly/

    Grüße, Carsten

    _______________________________________________
    jose mailing list
    [email protected] <mailto:[email protected]>
    https://www.ietf.org/mailman/listinfo/jose



_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to