[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Canonical form for signing S-expressions

There needs to be a canonical form for signing S-expressions.  That is,
a way of interpreting an S-expression as a sequence of bytes to be fed
into a hash function.  This byte sequence does not need to be the same
as the byte sequence used to transmit the S-expression, nor does it need
to be the same as the memory layout of the S-expression.  It should be
easy to generate from whatever memory layout you use for S-expressions,
and it should be compact, so as to keep the hashing efficient.  (I note that
the production of the canonical form byte-string can be done piecemeal, as
most hash functions can take their input in chunks.)

Given these requirements and considerations, I have heard no technical
arguments against the following proposal, and I suggest we go with it.
	-- represent all byte strings "verbatim" as e.g.
	   with #,hexadecimal length,colon,byte-string 
	   (Using this format gives maximum efficiency for long byte strings.)
	-- represent lists with parentheses
	-- use no spaces to separate elements, and no fragmentation of
	   byte strings.

Example: The S-expression 
	(a b (cd e fgh)) 
has canonical form for signing


	Ron Rivest