Da Capo: JSON "clear text" signatures

Anders Rundgren anders.rundgren.net at gmail.com
Sun Jan 28 09:48:17 UTC 2018


The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization.  The plan is having a BOF session at the next IETF in London.

This scheme builds on EcmaScript JSON processing rules for data normalization which only rely on JSON.parse() and JSON.stringify().

A thorny issue for implementers is though serializing the JSON "Number" type.

An with Node.js, Chrome, Firefox, Safari (unfortunately not entirely compatible...) solution is currently available in "Nashorn":
http://hg.openjdk.java.net/jdk8/jdk8/nashorn/file/096dc407d310/src/jdk/nashorn/internal/objects/NativeNumber.java

It would be great if such support could for example be included as a static method in java.lang.Double, making Java and EcmaScript/JavaScript 100% interoperable with respect to this feature, the rest is actually close to trivial.

thanx,
Anders
https://github.com/OAI/OpenAPI-Specification/issues/1464#issue-291622705


More information about the security-dev mailing list