- From: Tony Arcieri <tony@chain.com>
- Date: Tue, 7 Feb 2017 18:06:50 -0800
- To: David Nicol <davidnicol@gmail.com>
- Cc: public-interledger@w3.org
Received on Wednesday, 8 February 2017 02:29:58 UTC
On Mon, Jan 30, 2017 at 7:49 AM, David Nicol <davidnicol@gmail.com> wrote: > having just read that linked document, it seems like the missing piece is > a requirement for normalizing the JSON some how before making the digest > which will get signed. Strong normalization before digestion is needed to > have meaningful signatures on JSON data. This can mean concatenating some > subset of the elements of the message in some particular order -- > essentially rewriting it as Bencoded, just to sign it -- or normalizing the > JSON in such a way that the consumer of the JSON can renormalize the data > structure they're going to get in such a way that they can check its > digest, and then its signature. > There's an alternative to canonicalization: content-aware hashing that's independent of the encoding. Some examples are: - Ben Laurie's objecthash: https://github.com/benlaurie/objecthash - Peter Todd's proofmarshal: https://github.com/petertodd/python-proofmarshal/blob/master/__init__.py
Received on Wednesday, 8 February 2017 02:29:58 UTC