On Mon, Mar 09, 2009 at 10:58:02AM +1030, Antony Blakey wrote: > > On 09/03/2009, at 10:51 AM, Noah Slater wrote: > >> What does canonicalisation have to do with crypto signing procedures? > > From Jen's proposal: > >> Moreover, the same JSON object can be represented by different >> sequences of bytes, since key/value pairs may be rearranged, >> whitespace added or removed, and different encodings used. It's >> possible for the byte representation to change in transit, if the >> document is parsed into a data structure and then re-serialized. This >> would prevent the recipient from being able to verify the signature. So >> the signature has to be generated from a canonical representationof the >> JSON, which we can define as:
Oh right, I'm not sure I see the immediate use case for this then. Canonicalisation is a tough nut to crack, I would avoid it if possible. Where's the harm in singing specific serialisations? -- Noah Slater, http://tumbolia.org/nslater
