W3C home > Mailing lists > Public > public-interledger@w3.org > February 2017

Re: JSON-RPC vs. YASMIN. Was: A Critical Analysis of REST APIs for "Transaction Systems"

From: Tony Arcieri <tony@chain.com>
Date: Tue, 7 Feb 2017 18:06:50 -0800
Message-ID: <CANnD4AgoWce+ciuSY2Y4qhJdB8er7_spiHx-h5Y6pVoN-zrb4w@mail.gmail.com>
To: David Nicol <davidnicol@gmail.com>
Cc: public-interledger@w3.org
On Mon, Jan 30, 2017 at 7:49 AM, David Nicol <davidnicol@gmail.com> wrote:

> having just read that linked document, it seems like the missing piece is
> a requirement for normalizing the JSON some how before making the digest
> which will get signed. Strong normalization before digestion is needed to
> have meaningful signatures on JSON data. This can mean concatenating some
> subset of the elements of the message in some particular order --
> essentially rewriting it as Bencoded, just to sign it -- or normalizing the
> JSON in such a way that the consumer of the JSON can renormalize the data
> structure they're going to get in such a way that they can check its
> digest, and then its signature.
>

There's an alternative to canonicalization: content-aware hashing that's
independent of the encoding.

Some examples are:

   - Ben Laurie's objecthash: https://github.com/benlaurie/objecthash
   - Peter Todd's proofmarshal:
   https://github.com/petertodd/python-proofmarshal/blob/master/__init__.py
Received on Wednesday, 8 February 2017 02:29:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 February 2017 02:30:00 UTC