Message259427
In ES6/V8-compatible implementations which include "node.js", Chrome, Firefox, Safari and (of course) my Java reference implementation you can take a cryptographic hash of a JSON object with a predictable result.
That is, this request is in no way limited to JCS.
Other solutions to this problem has been to create something like XML's canonicalization which is much more complex.
The JSON RFC is still valid, it just isn't very useful for people who are interested in security solutions. The predictable property order introduced in ES6 makes a huge difference! Now it is just the number thing left...
The other alternative is dressing your JSON objects in Base64 to maintain a predictable signature like in IETF's JOSE. I doubt that this is going to be mainstream except for OpenID/OAuth which JOSE stems from. |
|
Date |
User |
Action |
Args |
2016-02-02 20:31:58 | anders.rundgren.net@gmail.com | set | recipients:
+ anders.rundgren.net@gmail.com, rhettinger, mark.dickinson, pitrou, eric.smith, ezio.melotti |
2016-02-02 20:31:58 | anders.rundgren.net@gmail.com | set | messageid: <1454445118.13.0.87309432274.issue26229@psf.upfronthosting.co.za> |
2016-02-02 20:31:58 | anders.rundgren.net@gmail.com | link | issue26229 messages |
2016-02-02 20:31:58 | anders.rundgren.net@gmail.com | create | |
|