In general, what's the best way to have signatures over dictionaries without canonicalization attacks or parser mismatch?
Dictionaries seem to be *really* susceptible to this—with a repeated key, two implementations might disagree on whether the first or the second key "wins" (or simply on whether the data is even parseable).
Approaches I can imagine:
- Specify that implementations *really ought to* reject anything with repeated keys, weird Unicode sequences in keys, etc.
- Avoid maps entirely, and instead have lists of pairs (which implementers *definitely won't* just feed into a dictionary)
- Use data formats that are really strict in their spec about how to handle repeated keys, and ensure that all the major libraries for that format follow the spec
- Something protocol-level, like asking the implementers to pretty-please re-serialize the data and ensure it hasn't changed
Am I missing some option?
varx/tech /
npub13c…u3sx0
2023-10-24 00:32:41
Author Public Key
npub13cavz8sul0get8lllzwszm7j5mq4n3ygpn60uqn54su99csl9wyqeu3sx0Seen on
wss://relay.nostr.bandPublished at
2023-10-24 00:32:41Event JSON
{
"id": "f84e534269679d482364e0981be0d6fa834385ebce5620337498f0a31f2d1a90",
"pubkey": "8e3ac11e1cfbd1959ffff89d016fd2a6c159c4880cf4fe0274ac3852e21f2b88",
"created_at": 1698107561,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/varx/statuses/111287177173518545",
"activitypub"
]
],
"content": "In general, what's the best way to have signatures over dictionaries without canonicalization attacks or parser mismatch?\n\nDictionaries seem to be *really* susceptible to this—with a repeated key, two implementations might disagree on whether the first or the second key \"wins\" (or simply on whether the data is even parseable).\n\nApproaches I can imagine:\n\n- Specify that implementations *really ought to* reject anything with repeated keys, weird Unicode sequences in keys, etc.\n- Avoid maps entirely, and instead have lists of pairs (which implementers *definitely won't* just feed into a dictionary)\n- Use data formats that are really strict in their spec about how to handle repeated keys, and ensure that all the major libraries for that format follow the spec\n- Something protocol-level, like asking the implementers to pretty-please re-serialize the data and ensure it hasn't changed\n\nAm I missing some option?",
"sig": "5d0da51258bbd42f7dbe832dc6f2af9183a465a5190ca72ac5e7c898e0c45c8e6733f4881ff074852dda91baf887f83f9cde77cd6f69815e92ead2566d9da2d5"
}