Return-Path: 
 <user-return-3938-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 69083 invoked from network); 9 Mar 2009 00:33:33 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 9 Mar 2009 00:33:33 -0000
Received: (qmail 5698 invoked by uid 500); 9 Mar 2009 00:33:30 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 5656 invoked by uid 500); 9 Mar 2009 00:33:30 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 5645 invoked by uid 99); 9 Mar 2009 00:33:30 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Mar 2009 17:33:30 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [80.68.94.123] (HELO tumbolia.org) (80.68.94.123)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Mar 2009 00:33:21 +0000
Received: from nslater by tumbolia.org with local (Exim 4.69)
	(envelope-from <nslater@tumbolia.org>)
	id 1LgTQT-0000L5-5q
	for user@couchdb.apache.org; Mon, 09 Mar 2009 00:33:01 +0000
Date: Mon, 9 Mar 2009 00:33:01 +0000
From: Noah Slater <nslater@apache.org>
To: user@couchdb.apache.org
Subject: Re: Proposal for digital signatures of documents
Message-ID: <20090309003301.GE361@tumbolia.org>
Mail-Followup-To: user@couchdb.apache.org
References: <283A6EDD-6701-4A6A-88AE-8B97E6D11D9E@mooseyard.com>
 <B9C0BDBB-27A5-45C8-9CBF-A3506EB3FB13@gmail.com>
 <20090309002113.GD361@tumbolia.org>
 <55679AE8-0200-40B9-AC7D-0249E4FECC3B@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55679AE8-0200-40B9-AC7D-0249E4FECC3B@gmail.com>
X-Noah: Awesome
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Checked: Checked by ClamAV on apache.org

On Mon, Mar 09, 2009 at 10:58:02AM +1030, Antony Blakey wrote:
>
> On 09/03/2009, at 10:51 AM, Noah Slater wrote:
>
>> What does canonicalisation have to do with crypto signing procedures?
>
> From Jen's proposal:
>
>> Moreover, the same JSON object can be represented by different
>> sequences of bytes, since key/value pairs may be rearranged,
>> whitespace added or removed, and different encodings used. It's
>> possible for the byte representation to change in transit, if the
>> document is parsed into a data structure and then re-serialized. This
>> would prevent the recipient from being able to verify the signature. So
>> the signature has to be generated from a canonical representationof the
>> JSON, which we can define as:

Oh right, I'm not sure I see the immediate use case for this then.

Canonicalisation is a tough nut to crack, I would avoid it if possible.

Where's the harm in singing specific serialisations?

-- 
Noah Slater, http://tumbolia.org/nslater