- From: Michael Weiß <mixis@filts.net>
- Date: Sat, 3 Nov 2018 17:25:57 +0100
- To: public-credentials@w3.org
- Message-Id: <532C27D5-0D48-428C-BAC2-D7A09BEF9EAE@filts.net>
> On Nov 2, 2018, at 07:50, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > > On 2018-11-02 07:28, Chris Boscolo wrote: >> On Thu, Nov 1, 2018 at 8:51 AM Dave Longley <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>> wrote: >> On 10/29/2018 06:20 PM, Chris Boscolo wrote: >> > IMO, it just seems unsafe to allow data that has been signed to be >> > modified in any way and still produce the same signature. >> To be clear that particular comment isn't criticizing that canonicalization needs to be done, it is criticizing that it needs to be done prior to verifying the signature. It was in response to Manu's comment that the JSON can be modified with whitespace after it has been signed. > > This seems to me like a completely generic computing problem. If the receiver's system is broken and vulnerable to input data errors all bets are off. Even if we assume a flawless receiver, there is more computation to be done before the receiver can drop invalid data. If we also assume non malicious senders, there still remains a case for canonical data on the wire, that hopefully is compact, easy and fast to parse.
Received on Saturday, 3 November 2018 16:26:23 UTC