OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: On-line Demo/Test of JSON Clear Text Signatures




Precondition: Valid JSON data as described on http://www.json.org has been received.

Restriction: The only permitted (and required) escape sequences are \\ and \" because JSON supplied as a part of a web-page must anyway be escaped according to web-rules, while JSON supplied through HTTP etc. only needs to be parsable.

Another reason for this somewhat radical step is that the JSON world appears to be severely divided on escapes sequences in general:

The canonicalization steps are as follows:
- Whitespace is removed which in practical terms means removal of all characters outside of quoted strings having a value <= ASCII space
- Properties are sorted in lexical UNICODE order using their unescaped form.  Zero-length properties are not allowed
- The JSON object associated with the Signature is recreated using the actual textual data.  Rationale: Numbers are ambiguously defined in JSON which means that encoding and decoding most likely will differ among JSON implementations.  There is another, more subtle issue as well.  If a sender for example assigns a large number such as 0.99999999999999999999 to a JSON property there is a possibility that a receiver due to limitations in arithmetic precision rather interprets it as 1.0.  To cope with these potential problems, a compliant parser must preserve the original textual representation internally in order to perform proper canonicalization


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]