Closed kostko closed 4 years ago
Cannot fix. And I'm not sure the value of it.
The spec suggests that Canonical mode could use different rules (for different libraries), but they should be consistent per library. Data encoded by a different library should still be decoded by go-codec, because it's valid cbor. go-codec just had to be consistent when it outputs, along the guidelines in the spec.
It would be useful to support a strict mode for decoding which would basically treat any non-canonical encoding as malformed. The rationale is similar to what is described in CBOR RFC 7049, Section 3.10, e.g., use of CBOR in authenticated data structures where byte-for-byte equality during deserialization/serialization round-trips is important.