Proposed revisions to the signed JSON-LD format

To whom it may concern,

This is in regard to the Linked Data Signatures 1.0 draft specification at:  https://w3c-dvcg.github.io/ld-signatures/

I’m working on a project that will rely on signed JSON-LD credentials.  I see the disclaimer that “This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.”  However, we need to move forward, with or without a codified standard in place.  So, it only makes sense to contribute to what may become a codified standard in the future.

In reviewing the formats proposed in this draft, I’m concerned that the current format requires the signer to modify signed content (section 7.1 step 5), then expects the receiver to restructure the signed content in order to re-create a hash of the signed content (section 7.2 step 3).  The goal of digital signatures is to verify that content hasn’t changed since it was signed.  While the steps in sections 7.1 and 7.2 are theoretically workable, these modifications seem to go counter to the goals of digital signatures.  In addition, I’ve heard that while “canonicalizing” is available for XML, it isn’t available for JSON.  

Attached is a proposal for modifying the signed JSON-LD structure to eliminate (or minimize) the need for modifying signed content.

I hope that you find these proposed revisions useful for your purposes.

Thanks,
Kevin