npub18369m6ejyjfh47ths7qrlvqcu8jvyzxnuysx72cpvg95jfvt9l0s5z8jp6 (npub1836…8jp6) As long as the semantics are equivalent for all implementations, I'm not too concerned about binary equality—that's a level of canonicalization that I think would generally be a functionality concern rather than a security concern.
I don't have a specific attack in mind. I'm just aware that Alice and Bob disagreeing on the semantics of a message is bad. :-P And structured messages are known to be trouble.
I had another thought about how to prevent these issues: Test data. If you offer a selection of "test vectors" you can include known canonicalization issues and specify that they should cause parse failures. Free unit tests is a very attractive thing for implementers. :-)
varx/tech /
npub13c…u3sx0
2023-10-27 21:39:27
in reply to nevent1q…zg2s
Author Public Key
npub13cavz8sul0get8lllzwszm7j5mq4n3ygpn60uqn54su99csl9wyqeu3sx0Published at
2023-10-27 21:39:27Event JSON
{
"id": "7b2b38b83f08131edebda9e368c19091d57e720f930802f5f8dceadcb377beba",
"pubkey": "8e3ac11e1cfbd1959ffff89d016fd2a6c159c4880cf4fe0274ac3852e21f2b88",
"created_at": 1698442767,
"kind": 1,
"tags": [
[
"p",
"3c745deb3224937af97787803fb018e1e4c208d3e1206f2b01620b49258b2fdf",
"wss://relay.mostr.pub"
],
[
"p",
"4b06a99655066ca3e1a19ecc4bd5c5fd5d0f106a319a8cfb3c414bdff9e17c27",
"wss://relay.mostr.pub"
],
[
"e",
"eef98e7ce0e762b038b57dcb410279711b04d34fdfff588d252a809d0765067f",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/varx/statuses/111309145222942341",
"activitypub"
]
],
"content": "nostr:npub18369m6ejyjfh47ths7qrlvqcu8jvyzxnuysx72cpvg95jfvt9l0s5z8jp6 As long as the semantics are equivalent for all implementations, I'm not too concerned about binary equality—that's a level of canonicalization that I think would generally be a functionality concern rather than a security concern.\n\nI don't have a specific attack in mind. I'm just aware that Alice and Bob disagreeing on the semantics of a message is bad. :-P And structured messages are known to be trouble.\n\nI had another thought about how to prevent these issues: Test data. If you offer a selection of \"test vectors\" you can include known canonicalization issues and specify that they should cause parse failures. Free unit tests is a very attractive thing for implementers. :-)",
"sig": "fb1681a11c192406fd004b4d32b078281686c208e2ae7e2115b5cd8b738e7b1ce66618abc1a3ccdf1d4e4bbc0de8eee93c5a791ffa7a513dde916151d022ead8"
}