[langsec-discuss] TJSON: Tagged JSON with Rich Types

Tony Arcieri bascule at gmail.com
Tue Oct 25 22:15:49 UTC 2016

I wanted to give LANGSEC a sneak peek of a project I've been working on
with Ben Laurie before circulating it more widely:


It's a set of security-oriented type annotations added to JSON. The idea is
to support cross-format content hashes which are the same regardless of if
data is serialized in a binary format like Protobufs, MessagePack, or BSON,
or in TJSON. The intended content hash algorithm is Ben Laurie's objecthash:


We have also disallowed some of the more notable sharp edges for JSON
security, such as repeated member names in JSON objects. If there are any
other notable problems you think should be addressed, I'd be curious to
hear them.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20161025/e9374df1/attachment.html>

More information about the langsec-discuss mailing list