[Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts

Melvin Carvalho melvincarvalho at gmail.com
Mon Dec 17 08:24:19 UTC 2012


On 17 December 2012 03:18, Jeff Garzik <jgarzik at exmulti.com> wrote:

> On Sun, Dec 16, 2012 at 4:15 PM, Melvin Carvalho
> <melvincarvalho at gmail.com> wrote:
> > On 3 December 2012 20:35, Mike Koss <mike at coinlab.com> wrote:
> >> It would also be really nice to migrate to textual representations of
> data
> >> structures as opposed to binary ones.  The most successful internet
> >> standards are based on text, making them that much more accessible for
> >> developers to deal with them.   JSON would be my preferred candidate.
> >>
> >> Why don't we sign the text representation of a (utf8) JSON, rather than
> >> some complex encoding standard of JSON?  That way the signatures are
> simple
> >> - and you need only retain the original textual representation of a
> message
> >> to validate the signature (as well as the decoded version, if you don't
> want
> >> to alway re-parse the message when writing programs that use it).
>
> > Binary formats can be challenging to deal with and convert to other
> formats.
> > The experiences in the PKI world of ASN.1 have not been great, in terms
> of
> > interop.  It tends to create islands and silos.  This is probably one of
> the
> > reasons why X.509 and GPG are fragmented and why we dont really have a
> > widely deployed web of trust on the net.  Another reason is simply lack
> of
> > developer resources to make tools.  In that respect I think JSON offers
> > significant advantages, though I am interested in the security issues
> > raised.
>
> I thought this had already been covered up-thread?
>
> When creating something that must be hashed and/or compared, the data
> structure must be created and reproduced precisely, byte-for-byte.
> JSON offers significant -disadvantages- in this regard.  With JSON,
> you would therefore require an additional middle layer, between JSON
> and application, ensuring that all fields are output in the same
> order, all whitespace is not only perfectly preserved -- but reliably
> generates identical whitespace output for identical inputs, given two
> separate JSON implementations.
>

Apologies if I am a bit late to the thread.  I bumped into someone that
suggested I take a look at it.  Will try and catch up!

You raise a good point.

Is there no good canonicalization algorithm / library for JSON?

I think that provided that each JSON object has an identifier,
canonicalization of JSON is not that hard.

Then when you hash or sign the canonical form they can be compared reliably.


>
> --
> Jeff Garzik
> exMULTI, Inc.
> jgarzik at exmulti.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20121217/7cc6ab2d/attachment.html>


More information about the bitcoin-dev mailing list