On 2020-07-31, at 09:25, Aura Tuomas <tuomas.a...@aalto.fi> wrote: > > That is, my biggest concern with both JSON and CBOR is (4) the lack of > canonical binary serialization. IN EAP-NOOB, we need to receive a serialized > data message, extract some fields and subtrees, compose an HMAC input out of > these parts of the data, and reliably compute always the same HMAC on it. The > easy but flawed implementation would be to decode the received message, > extract the selected parts, and then re-encode them, but the lack of > canonical encoding means that the resulting byte string could be different in > different encoder/decoder implementations.
rfc7049bis (in IETF last call, ends 2020-08-14) provides rules for deterministic encoding (called canonical in RFC 7049). I am not a big fan of protocols that require its use, but if that is your design, CBOR has the support. Grüße, Carsten _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
