Canonical form for signing S-expressions

[rivest@theory.lcs.mit.edu (Ron Rivest)]

There needs to be a canonical form for signing S-expressions.  That is,
a way of interpreting an S-expression as a sequence of bytes to be fed
into a hash function.  This byte sequence does not need to be the same
as the byte sequence used to transmit the S-expression, nor does it need
to be the same as the memory layout of the S-expression.  It should be
easy to generate from whatever memory layout you use for S-expressions,
and it should be compact, so as to keep the hashing efficient.  (I note that
the production of the canonical form byte-string can be done piecemeal, as
most hash functions can take their input in chunks.)

Given these requirements and considerations, I have heard no technical
arguments against the following proposal, and I suggest we go with it.
	-- represent all byte strings "verbatim" as e.g.
		#3:abc
	   with #,hexadecimal length,colon,byte-string 
	   (Using this format gives maximum efficiency for long byte strings.)
	-- represent lists with parentheses
	-- use no spaces to separate elements, and no fragmentation of
	   byte strings.

Example: The S-expression 
	(a b (cd e fgh)) 
has canonical form for signing
	(#1:a#1:b(#2:cd#1:e#3:fgh))

Agreed?

	Ron Rivest

---

Follow-Ups:

• Re: Canonical form for signing S-expressions
• From: Paul Leyland <pcl@sable.ox.ac.uk>
• Re: Canonical form for signing S-expressions
• From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
• Re: Canonical form for signing S-expressions
• From: Alan Barrett <apb@iafrica.com>

---

• Prev by Date: Re: Comments on I-D requirement document
• Next by Date: canonical form for S-expressions / binary form
• Prev by thread: Re: Tag Conditionals (was Re: Delegation and Policy)
• Next by thread: Re: Canonical form for signing S-expressions
• Index(es):
  • Main
  • Thread