Author anders.rundgren.net@gmail.com
Recipients anders.rundgren.net@gmail.com, eric.smith, ezio.melotti, mark.dickinson, pitrou, rhettinger
Date 2016-02-02.20:31:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1454445118.13.0.87309432274.issue26229@psf.upfronthosting.co.za>
In-reply-to
Content
In ES6/V8-compatible implementations which include "node.js", Chrome, Firefox, Safari and (of course) my Java reference implementation you can take a cryptographic hash of a JSON object with a predictable result.

That is, this request is in no way limited to JCS.

Other solutions to this problem has been to create something like XML's canonicalization which is much more complex.

The JSON RFC is still valid, it just isn't very useful for people who are interested in security solutions.  The predictable property order introduced in ES6 makes a huge difference!  Now it is just the number thing left...

The other alternative is dressing your JSON objects in Base64 to maintain a predictable signature like in IETF's JOSE.  I doubt that this is going to be mainstream except for OpenID/OAuth which JOSE stems from.
History
Date User Action Args
2016-02-02 20:31:58anders.rundgren.net@gmail.comsetrecipients: + anders.rundgren.net@gmail.com, rhettinger, mark.dickinson, pitrou, eric.smith, ezio.melotti
2016-02-02 20:31:58anders.rundgren.net@gmail.comsetmessageid: <1454445118.13.0.87309432274.issue26229@psf.upfronthosting.co.za>
2016-02-02 20:31:58anders.rundgren.net@gmail.comlinkissue26229 messages
2016-02-02 20:31:58anders.rundgren.net@gmail.comcreate