Da Capo: JSON "clear text" signatures

Hannes Wallnöfer hannes.wallnoefer at oracle.com
Mon Jan 29 13:52:16 UTC 2018


Hi Anders,

I think I lack the context required to understand what you’re asking for. Can you explain how transmitting numbers/doubles in JSON should work and how the static method you’re asking for would enable this?

Also, is there a document somewhere describing the IETF standardization work you’re talking about?

Thanks,
Hannes

> Am 28.01.2018 um 10:48 schrieb Anders Rundgren <anders.rundgren.net at gmail.com>:
> 
> The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization.  The plan is having a BOF session at the next IETF in London.
> 
> This scheme builds on EcmaScript JSON processing rules for data normalization which only rely on JSON.parse() and JSON.stringify().
> 
> A thorny issue for implementers is though serializing the JSON "Number" type.
> 
> An with Node.js, Chrome, Firefox, Safari (unfortunately not entirely compatible...) solution is currently available in "Nashorn":
> http://hg.openjdk.java.net/jdk8/jdk8/nashorn/file/096dc407d310/src/jdk/nashorn/internal/objects/NativeNumber.java
> 
> It would be great if such support could for example be included as a static method in java.lang.Double, making Java and EcmaScript/JavaScript 100% interoperable with respect to this feature, the rest is actually close to trivial.
> 
> thanx,
> Anders
> https://github.com/OAI/OpenAPI-Specification/issues/1464#issue-291622705



More information about the security-dev mailing list