scuttlebutt-protocol-guide icon indicating copy to clipboard operation
scuttlebutt-protocol-guide copied to clipboard

Published 20 hours ago verified publisher icon ssbc

Order of JSON keys

Open retog opened this issue 2 years ago • 0 comments

According to RFC8259 specifying the JavaScript Object Notation (JSON) Data Interchange Format:

An object is an unordered collection of zero or more name/value pairs, where a name is a string and a value is a string, number, boolean, null, object, or array.

The protocol guide seems however to assume that the keys have an order:

  • The canonical formatting instructions for signing/hashing do not specify an ordering
  • Regarding the signature it says:

It must be the last entry in the dictionary

Possible resolution:

  • Do nothing: "we know what we mean by JSON, it's not what RFC says but we don't care"
  • Explicitly say that this is "ordered JSON" and some additional constraints apply to the ones specified in the RFC
  • Specify how the keys are to be ordered for the canonical serialization and remove the constraint regarding the position of the signature. This could be done with a transition phase or exception for old content in which the order provided in the message is used.

retog avatar Jul 09 '21 10:07 retog