W3C home > Mailing lists > Public > public-interledger@w3.org > February 2017

Re: JSON-RPC vs. YASMIN. Was: A Critical Analysis of REST APIs for "Transaction Systems"

From: Ryan Fugger <arv@ryanfugger.com>
Date: Tue, 7 Feb 2017 21:17:38 -0800
Message-ID: <CAD83BY1Za52-W+Q45R+WrPR_z42B5bE939a=k6+p8xNJgE31=w@mail.gmail.com>
To: Stefan Thomas <stefan@ripple.com>
Cc: Tony Arcieri <tony@chain.com>, David Nicol <davidnicol@gmail.com>, Interledger Community Group <public-interledger@w3.org>
How important is canonicalization in this case?  Why not just keep the
original raw message bytes around for whenever you need to verify the

On Tue, Feb 7, 2017 at 7:19 PM, Stefan Thomas <stefan@ripple.com> wrote:

> Great point, Tony! I think objecthash is a really good candidate for us to
> adopt for the payment request hashing used in IPR[1] and KEP[2].
> [1] https://github.com/interledger/rfcs/blob/master/
> 0011-interledger-payment-request/0011-interledger-payment-request.md
> [2] https://gist.github.com/sharafian/df7a4b7e2ff000248800b113f06f549a
> On Tue, Feb 7, 2017 at 6:31 PM Tony Arcieri <tony@chain.com> wrote:
> On Mon, Jan 30, 2017 at 7:49 AM, David Nicol <davidnicol@gmail.com> wrote:
> having just read that linked document, it seems like the missing piece is
> a requirement for normalizing the JSON some how before making the digest
> which will get signed. Strong normalization before digestion is needed to
> have meaningful signatures on JSON data. This can mean concatenating some
> subset of the elements of the message in some particular order --
> essentially rewriting it as Bencoded, just to sign it -- or normalizing the
> JSON in such a way that the consumer of the JSON can renormalize the data
> structure they're going to get in such a way that they can check its
> digest, and then its signature.
> There's an alternative to canonicalization: content-aware hashing that's
> independent of the encoding.
> Some examples are:
>    - Ben Laurie's objecthash: https://github.com/benlaurie/objecthash
>    - Peter Todd's proofmarshal: https://github.com/petertodd/python-
>    proofmarshal/blob/master/__init__.py
>    <https://github.com/petertodd/python-proofmarshal/blob/master/__init__.py>
Received on Wednesday, 8 February 2017 05:18:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:14:00 UTC