I would look at creating a new working group in the IETF rather than using an existing one.
1. Get a personal draft published 2. Find a cadre of people who are interested and think it is solvable 3. Write a charter 4. Talk to the ADs about getting the WG formed by holding a BOF The first three should be really easy to do. The fourth may take a bit of work but should be doable. The trick with the IETF is to find people who want to work on things and not to worry over much about the people who don’t think it is solvable. If necessary write the charter to say you are not going to cover some things or that you are going to require specific environments for your solution. The tighter the requirements the easier the solution but the less harder it might be to get the cadre of people. You should be looking at 1) one or more authors, 2) half a dozen or more reviewers, 3) at least a couple of people who think they are going to get this implemented. Jim From: jose <[email protected]> On Behalf Of Bret Jordan Sent: Sunday, October 28, 2018 8:04 PM To: Samuel Erdtman <[email protected]> Cc: Anders Rundgren <[email protected]>; Kathleen Moriarty <[email protected]>; [email protected]; [email protected]; Carsten Bormann <[email protected]>; [email protected]; Phil Hunt <[email protected]> Subject: Re: [jose] Canonical JSON form Oh there is real need. Several standards and implementations inside the IETF and outside the IETF in other SDOs need this. So in my view there are a few options: 1) Try and convince a working group here in the IETF that this is a good idea so we can actually work on it. 2) Work on this in another SDO outside the IETF (ETSI, OASIS, ITU, etc etc etc) 3) Do this work as an industry standard similar to what happened between W3C and WHATWG. I would personally prefer that this work be done here in the IETF. But there seems to be a lot of resistance here. I am willing to work on this and help make this a reality. There is a lot of great prior work on this. Maybe we can have a meeting in Prague? Or I can setup a Telepresence WebEx after Bangkok and all those that are interested can join and we can discuss next steps. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Oct 28, 2018, at 2:32 PM, Samuel Erdtman <[email protected] <mailto:[email protected]> > wrote: In my opinion we can create a good canonicalization format for JSON to be used to sign cleartext JSON. As can be seen on this list many are skeptical so my approach would be to publish easy to use open source implementations. If we do that and there is real interest then we might be able to convince people here about the need. In line with this ambition I have done the JS and Java publications. This might also show there is no actual interest and then that is also an outcome. Best regards //Samuel On Mon, Oct 22, 2018 at 8:44 AM Carsten Bormann <[email protected] <mailto:[email protected]> > wrote: On Oct 22, 2018, at 04:47, David Waite <[email protected] <mailto:[email protected]> > wrote: > > intermittent interoperability failures until a new language runtime release > which revises the numerical print and parse functions Note that this is not a theoretical concern, as CVE-2010-4476 and CVE-2010-4645 amply demonstrate, nicely underscored by the re-occurrence of the latter in https://www.exploringbinary.com/php-converts-2-2250738585072012e-308-incorrectly/ Grüße, Carsten _______________________________________________ jose mailing list [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
