Signed JavaScript/JSON Objects using ES6

For some reasons the folks at Ecma specifying EcmaScript (aka JavaScript) gave in to the (probably somewhat uneducated) developer community who wanted properties to enumerate in "creation order" rather than in an unspecified/random fashion.

Although most likely entirely unintended, this opens the door to ultra-simple, in-object signature schemes that (unlike JOSE) does not force you "dressing" messages in Base64 just because you need a signature.

http://webpki.org/ietf/draft-rundgren-predictable-serialization-for-json-tools-00.html#rfc.section.3.3

I have used this scheme (modulo floating point) in practice for more than a year with all the major browsers without any hiccups but now it feels much better since the "black magic/guessing" is gone :-)

Anders

Received on Tuesday, 27 October 2015 14:10:48 UTC