If a BOF happens in Prague I will try to join. (Thanks Jim for the concert information on how to move this forward.)
Cheers //Samuel On Sat, Nov 3, 2018 at 1:55 PM Bret Jordan <[email protected]> wrote: > I would love to attend the BOF in Prague on this topic. > > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that > can not be unscrambled is an egg." > > On Nov 3, 2018, at 11:52 AM, Anders Rundgren < > [email protected]> wrote: > > On 2018-10-29 14:38, Tim Bray wrote: > > I like Samuel Erdtman's idea of starting with an open-source > implementation. If I see one of those, with a convincing set of test > cases, I'd be inclined to make the case for spinning up a working group. > The argument isn't "Would it be useful?" it's "Can it be done?" So, start > by proving it can. > > > Things are progressing: > https://github.com/dotnet/coreclr/pull/20707#issuecomment-435536433 > A coming version of the .NET platform should then be fully compatible with > the proposed scheme. > > Anyway, since there are two quite distinct ways of addressing this topic, > I'm thinking about a BoF session in Prague as a possible next step. > > WDYT? > > Anders > > On Mon., Oct. 29, 2018, 1:33 a.m. Anders Rundgren < > [email protected] <mailto:[email protected]> > wrote: > On 2018-10-28 21:32, Samuel Erdtman wrote: > > In my opinion we can create a good canonicalization format for JSON > to be used to sign cleartext JSON. > > > > As can be seen on this list many are skeptical so my approach would > be to publish easy to use open source implementations. > Yes, and part of that is supplying test data like: > https://github.com/cyberphone/json-canonicalization/tree/master/testdata > The Microsoft folks developing "Chakra" (their JS engine) already use > the 100 million reference values. > > If we do that and there is real interest then we might be able to > convince people here about the need. In line with this ambition I have done > the JS and Java publications. This might also show there is no actual > interest and then that is also an outcome. > Well, another part of the standards puzzle is getting early work into > real products and services. > FWIW, I'm personally involved in a couple of efforts using clear text > JSON signatures: > - Saturn, an open payment authorization scheme based on an enhanced > "four corner" trust model which aims giving banks an upper hand against > Apple Pay, Google Pay, PayPal, etc. > - Mobile ID, an open, PKI-based, multi-issuer mobile authentication and > signature solution for e-governments. > Regards, > Anders > > Best regards > > //Samuel > > > > > > On Mon, Oct 22, 2018 at 8:44 AM Carsten Bormann <[email protected] > <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > On Oct 22, 2018, at 04:47, David Waite < > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > wrote: > > > > > > intermittent interoperability failures until a new language > runtime release which revises the numerical print and parse functions > > > > Note that this is not a theoretical concern, as CVE-2010-4476 > and CVE-2010-4645 amply demonstrate, nicely underscored by the > re-occurrence of the latter in > https://www.exploringbinary.com/php-converts-2-2250738585072012e-308-incorrectly/ > > > > Grüße, Carsten > > > > _______________________________________________ > > jose mailing list > > [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto: > [email protected]>> > > https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/jose > > > >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
