Da Capo: JSON "clear text" signatures

Anders Rundgren anders.rundgren.net at gmail.com
Sun Jan 28 09:48:17 UTC 2018

The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization.  The plan is having a BOF session at the next IETF in London.

This scheme builds on EcmaScript JSON processing rules for data normalization which only rely on JSON.parse() and JSON.stringify().

A thorny issue for implementers is though serializing the JSON "Number" type.

An with Node.js, Chrome, Firefox, Safari (unfortunately not entirely compatible...) solution is currently available in "Nashorn":

It would be great if such support could for example be included as a static method in java.lang.Double, making Java and EcmaScript/JavaScript 100% interoperable with respect to this feature, the rest is actually close to trivial.


More information about the security-dev mailing list