[issue26229] Make number serialization ES6/V8 compatible
Anders Rundgren
report at bugs.python.org
Tue Feb 2 15:31:58 EST 2016
Anders Rundgren added the comment:
In ES6/V8-compatible implementations which include "node.js", Chrome, Firefox, Safari and (of course) my Java reference implementation you can take a cryptographic hash of a JSON object with a predictable result.
That is, this request is in no way limited to JCS.
Other solutions to this problem has been to create something like XML's canonicalization which is much more complex.
The JSON RFC is still valid, it just isn't very useful for people who are interested in security solutions. The predictable property order introduced in ES6 makes a huge difference! Now it is just the number thing left...
The other alternative is dressing your JSON objects in Base64 to maintain a predictable signature like in IETF's JOSE. I doubt that this is going to be mainstream except for OpenID/OAuth which JOSE stems from.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26229>
_______________________________________
More information about the Python-bugs-list
mailing list