Via @QuinnWilton (who previously worked as a "security researcher"):
And re: duplicate keys, the attack I have in mind, which I have launched against real systems, is somehow getting a signature for something like: {user: "quinn", admin: false} Where the signature canonicalization of {user: "quinn", admin: false, admin: true} leads to {user: "quinn", admin: false}, but the JSON parser decodes {user: "quinn", admin: true}
This directly exploits a permissive parser by appending a new field to an already signed payload. We can add the option to append the HMAC of the original raw bytes in payload, and sign over that.
Something that came up in a canonicalization discussion over on https://github.com/ucan-wg/invocation/pull/1, and that we may be able to solve for everyone here:
Via @QuinnWilton (who previously worked as a "security researcher"):
This directly exploits a permissive parser by appending a new field to an already signed payload. We can add the option to append the HMAC of the original raw bytes in payload, and sign over that.
Where the multiformat varsig is then something like:
FAQ
Why Not a CID?
An outer CID (which includes the signature) is not enough here, because someone can append a field and change the CID reference.