Re: Updated: Re: Giving up on XML DSig => JSON from Jeffrey Walton on 2013-08-31 (public-webcrypto-comments@w3.org from August 2013)

From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 31 Aug 2013 16:13:02 -0400
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CAH8yC8=oRuEr_XPLFLU9KwRXYOh4YjEbx93H3w4U9e+4m9djbA@mail.gmail.com>

On Sat, Aug 31, 2013 at 4:08 PM, Jeffrey Walton <noloader@gmail.com> wrote:
> On Sat, Aug 31, 2013 at 2:57 PM, Anders Rundgren
> <anders.rundgren.net@gmail.com> wrote:
>> Hi,
>> Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
>>
>> Canonicalization:
>> - Remove whitespace
>> - Unescape "strings"
>> - Sort properties
> Where, precisely, is the signature or signatures placed in light of
> the fact that everything minus the SignatureValue is sorted?
My bad... let me finish this one (Google's new web editor really
sucks, especially on a Mac). From the Public Key example on page 3/5:

   "Public Key"
   {
      "RSA" : ...
   }

   "Public Key"
   {
      "EC" : ...
   }

Should that message be rejected because "Public Key"::"RSA" follows
"Public Key"::"EC" in sort order?

Jeff

Received on Saturday, 31 August 2013 20:13:28 UTC