- From: Ron Garret <ron@flownet.com>
- Date: Sat, 7 Sep 2013 22:35:55 -0700
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-identity@w3.org" <public-identity@w3.org>
Similar, but using Ed25519, with signatures rendered as QR codes for easy verification: http://dswi.net/esign/ On Sep 7, 2013, at 4:07 AM, Anders Rundgren wrote: > https://mobilepki.org/jcs/home > > Enjoy! > > Canonicalization > > Precondition: Valid JSON data as described on http://www.json.org has been received. > > Restriction: The only permitted (and required) escape sequences are \\ and \" because JSON supplied as a part of a web-page must anyway be escaped according to web-rules, while JSON supplied through HTTP etc. only needs to be parsable. > > Another reason for this somewhat radical step is that the JSON world appears to be severely divided on escapes sequences in general: > http://stackoverflow.com/questions/6011012/making-json-not-escape-forward-slashes. > > The canonicalization steps are as follows: > - Whitespace is removed which in practical terms means removal of all characters outside of quoted strings having a value <= ASCII space > - Properties are sorted in lexical UNICODE order using their unescaped form. Zero-length properties are not allowed > - The JSON object associated with the Signature is recreated using the actual textual data. Rationale: Numbers are ambiguously defined in JSON which means that encoding and decoding most likely will differ among JSON implementations. There is another, more subtle issue as well. If a sender for example assigns a large number such as 0.99999999999999999999 to a JSON property there is a possibility that a receiver due to limitations in arithmetic precision rather interprets it as 1.0. To cope with these potential problems, a compliant parser must preserve the original textual representation internally in order to perform proper canonicalization > > Anders >
Received on Sunday, 8 September 2013 05:36:19 UTC