W3C home > Mailing lists > Public > public-interledger@w3.org > February 2017

Re: JSON-RPC vs. YASMIN. Was: A Critical Analysis of REST APIs for "Transaction Systems"

From: Ryan Fugger <arv@ryanfugger.com>
Date: Tue, 7 Feb 2017 21:17:38 -0800
Message-ID: <CAD83BY1Za52-W+Q45R+WrPR_z42B5bE939a=k6+p8xNJgE31=w@mail.gmail.com>
To: Stefan Thomas <stefan@ripple.com>
Cc: Tony Arcieri <tony@chain.com>, David Nicol <davidnicol@gmail.com>, Interledger Community Group <public-interledger@w3.org>
How important is canonicalization in this case?  Why not just keep the
original raw message bytes around for whenever you need to verify the
signature?

On Tue, Feb 7, 2017 at 7:19 PM, Stefan Thomas <stefan@ripple.com> wrote:

> Great point, Tony! I think objecthash is a really good candidate for us to
> adopt for the payment request hashing used in IPR[1] and KEP[2].
>
> [1] https://github.com/interledger/rfcs/blob/master/
> 0011-interledger-payment-request/0011-interledger-payment-request.md
>
> [2] https://gist.github.com/sharafian/df7a4b7e2ff000248800b113f06f549a
>
> On Tue, Feb 7, 2017 at 6:31 PM Tony Arcieri <tony@chain.com> wrote:
>
> On Mon, Jan 30, 2017 at 7:49 AM, David Nicol <davidnicol@gmail.com> wrote:
>
> having just read that linked document, it seems like the missing piece is
> a requirement for normalizing the JSON some how before making the digest
> which will get signed. Strong normalization before digestion is needed to
> have meaningful signatures on JSON data. This can mean concatenating some
> subset of the elements of the message in some particular order --
> essentially rewriting it as Bencoded, just to sign it -- or normalizing the
> JSON in such a way that the consumer of the JSON can renormalize the data
> structure they're going to get in such a way that they can check its
> digest, and then its signature.
>
>
> There's an alternative to canonicalization: content-aware hashing that's
> independent of the encoding.
>
> Some examples are:
>
>    - Ben Laurie's objecthash: https://github.com/benlaurie/objecthash
>    - Peter Todd's proofmarshal: https://github.com/petertodd/python-
>    proofmarshal/blob/master/__init__.py
>    <https://github.com/petertodd/python-proofmarshal/blob/master/__init__.py>
>
>
Received on Wednesday, 8 February 2017 05:18:34 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 February 2017 05:18:35 UTC