Re: Canonical form for signing S-expressions

[Alan Barrett <apb@iafrica.com>]

Ron Rivest <rivest@theory.lcs.mit.edu> said:
> There needs to be a canonical form for signing S-expressions. 

Yes.

> Example: The S-expression 
> 	(a b (cd e fgh)) 
> has canonical form for signing
> 	(#1:a#1:b(#2:cd#1:e#3:fgh))

See draft-bernstein-netstrings-02.txt for an alternative idea,
basically using <ASCII-decimal length><":"><binary stuff><",">
where you have <"#"><ASCII-hex length><":"><binary stuff>.

That way, if we keep the parentheses and just encode the atoms, your
example comes out as

	(a b (cd e fgh)) 
	(1:a,1:b,(2:cd,1:e,3:fgh))

For on-the-wire encoding, there might be some advantage to pre-declaring
the length of each parenthesised group (in the hopes of making memory
allocation easier), something like this: 

	(a b (cd e fgh)) 
	30:(1:a,1:b,16:(2:cd,1:e,3:fgh),),

Although the canonical form for signature does not need to be the same
as an on-the-wire form, it seems to me that making them the same would
be convenient from a code-sharing point of view.

I don't have strong opinions on decimal versus hex, but I do like the
robustness and legibility that are added by having a comma after the end
of the counted string in Dan Bernstein's netstrings proposal. 

--apb (Alan Barrett)

---

Follow-Ups:

• Re: Canonical form for signing S-expressions
• From: Derek Atkins <warlord@mit.edu>
• Re: Canonical form for signing S-expressions
• From: Carl Ellison <cme@cybercash.com>

References:

• Canonical form for signing S-expressions
• From: rivest@theory.lcs.mit.edu (Ron Rivest)

---

• Prev by Date: Re: Canonical form for signing S-expressions
• Next by Date: Re: Canonical form for signing S-expressions
• Prev by thread: Re: Canonical form for signing S-expressions
• Next by thread: Re: Canonical form for signing S-expressions
• Index(es):
  • Main
  • Thread