[Cryptography] DIME // Pending Questions // Seeking Your Input

Phillip Hallam-Baker phill at hallambaker.com
Sun Mar 1 08:47:16 EST 2015

On Fri, Feb 27, 2015 at 5:57 PM, ianG <iang at iang.org> wrote:

> On 27/02/2015 16:08 pm, Ladar Levison wrote:
>> Hi,
> 1. While I’ve identified the majority of the functionality associated
>> with the access protocol (DMAP), my attempts to document the specifics
>> keep getting sidelined by a single question: */should DMAP be a line
>> based protocol, like IMAP (and POP, and SMTP), or should it be designed
>> as a JSON-RPC protocol, like the Magma camelface, or JMAP?/* See:
>> https://github.com/lavabit/magma.classic/raw/master/docs/
>> magma.web.api.pdf
> For my money, binary.  Line-based or JSON are good if you are working with
> lots of random implementations of low quality, but for security work, it is
> easier to work in binary.  Be precise about sodding everything.



Pretty much the whole Web Services world is going to JSON because it is a
simple data model that is widely supported. Unlike XML there is pretty much
only one way to serialize a data stream on the wire rather than fifty.

Which is why some of us suggested that we would like a binary encoding for
the JSON data model so that an encoder could emit either and a decoder
could read either.

I wrote this up as:


JSON only uses 7 bit ASCII code points for control data. That leaves 128+
data points for tagging binary data types which is more than enough.

All that is really essential to encode crypto data nicely is an option to
encode text strings and data blobs as length-data items. JSON-B adds those
plus binary integers and floats. There is also a compression option to
allow the text headers to be dispensed with and a data variant with more
floating point types.

For security reasons, only atoms are encoded in length-data format. Lists
are delimited by an end list control. This produces much more reliable
coding and avoids read past end of buffer errors.

In particular, a decoder can verify the syntactic correctness of each token
in the stream in a single pass using only the data previously read.
Checking correctness of an ASN.1 file is a real horrorshow because an inner
length encoding can be inconsistent with either an outer or an inner one.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150301/2aef2c3a/attachment.html>

More information about the cryptography mailing list