Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Anders Rundgren
On 2018-03-18 20:23, Mike Samuel wrote:     F.Y.I: Using ES6 serialization methods for JSON primitive types is headed for standardization in the IETF. https://www.ietf.org/mail-archive/web/jose/current/msg05716.html

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Anders Rundgren
On 2018-03-18 21:06, Mike Samuel wrote: On Sun, Mar 18, 2018, 4:00 PM Anders Rundgren mailto:anders.rundgren@gmail.com>> wrote: On 2018-03-18 20:23, Mike Samuel wrote: >     It is possible that I don't understand what you are asking for here since I have no experience with toJSON

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Mike Samuel
On Sun, Mar 18, 2018, 4:00 PM Anders Rundgren wrote: > On 2018-03-18 20:23, Mike Samuel wrote: > > It is possible that I don't understand what you are asking for here > since I have no experience with toJSON. > > > > Based on this documentation > > > https://developer.mozilla.org/en-US/do

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Anders Rundgren
On 2018-03-18 20:23, Mike Samuel wrote: It is possible that I don't understand what you are asking for here since I have no experience with toJSON. Based on this documentation https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Mike Samuel
On Sun, Mar 18, 2018 at 12:50 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > On 2018-03-18 15:13, Mike Samuel wrote: > >> >> >> On Sun, Mar 18, 2018 at 2:14 AM, Anders Rundgren < >> anders.rundgren@gmail.com > >> wrote: >> >> Hi Guys, >>

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread C. Scott Ananian
IMO it belongs, at the level of a SHOULD recommendation when the data represented is intended to be a Unicode string. (But not a MUST because neither Javascript's 16-bit strings nor the 8-bit JSON representation necessarily represent Unicode strings.) But I've said this already. --scott On Sun,

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Anders Rundgren
On 2018-03-18 19:08, C. Scott Ananian wrote: On Fri, Mar 16, 2018 at 9:42 PM, Anders Rundgren mailto:anders.rundgren@gmail.com>> wrote: Scott A: https://en.wikipedia.org/wiki/Security_level "For example, SHA-256 offers 128-bit colli

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread C. Scott Ananian
On Fri, Mar 16, 2018 at 9:42 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > Scott A: > https://en.wikipedia.org/wiki/Security_level > "For example, SHA-256 offers 128-bit collision resistance" > That is, the claims that there are cryptographic issues w.r.t. to Unicode > Normalizatio

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Anders Rundgren
On 2018-03-18 15:13, Mike Samuel wrote: On Sun, Mar 18, 2018 at 2:14 AM, Anders Rundgren mailto:anders.rundgren@gmail.com>> wrote: Hi Guys, Pardon me if you think I was hyperbolic, The discussion got derailed by the bogus claims about hash functions' vulnerability. I didn't

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-18 Thread Mike Samuel
On Sun, Mar 18, 2018 at 2:14 AM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > Hi Guys, > > Pardon me if you think I was hyperbolic, > The discussion got derailed by the bogus claims about hash functions' > vulnerability. > I didn't say I "think" you were being hyperbolic. I asked wh

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-17 Thread Anders Rundgren
Hi Guys, Pardon me if you think I was hyperbolic, The discussion got derailed by the bogus claims about hash functions' vulnerability. F.Y.I: Using ES6 serialization methods for JSON primitive types is headed for standardization in the IETF. https://www.ietf.org/mail-archive/web/jose/current/m

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-17 Thread Mike Samuel
On Fri, Mar 16, 2018 at 9:42 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > > > On my part I added canonicalization to my ES6.JSON compliant Java-based > JSON tools. A single line did 99% of the job: > https://github.com/cyberphone/openkeystore/blob/jose-compati > ble/library/src/o

Re: Summary of Input. Re: JSON.canonicalize()

2018-03-17 Thread Mike Samuel
On Fri, Mar 16, 2018 at 9:42 PM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > Scott A: > https://en.wikipedia.org/wiki/Security_level > "For example, SHA-256 offers 128-bit collision resistance" > That is, the claims that there are cryptographic issues w.r.t. to Unicode > Normalizatio

Summary of Input. Re: JSON.canonicalize()

2018-03-16 Thread Anders Rundgren
Scott A: https://en.wikipedia.org/wiki/Security_level "For example, SHA-256 offers 128-bit collision resistance" That is, the claims that there are cryptographic issues w.r.t. to Unicode Normalization are (fortunately) incorrect. Well, if you actually do normalize Unicode, signatures would indeed