On 09/03/2009, at 10:51 AM, Noah Slater wrote:
What does canonicalisation have to do with crypto signing procedures?
From Jen's proposal:
Moreover, the same JSON object can be represented by different
sequences of bytes, since key/value pairs may be rearranged,
whitespace added or removed, and different encodings used. It's
possible for the byte representation to change in transit, if the
document is parsed into a data structure and then re-serialized.
This would prevent the recipient from being able to verify the
signature. So the signature has to be generated from a canonical
representationof the JSON, which we can define as:
Antony Blakey
-------------
CTO, Linkuistics Pty Ltd
Ph: 0438 840 787
The fact that an opinion has been widely held is no evidence whatever
that it is not utterly absurd.
-- Bertrand Russell
