scuttlebutt-protocol-guide
scuttlebutt-protocol-guide copied to clipboard
Order of JSON keys
According to RFC8259 specifying the JavaScript Object Notation (JSON) Data Interchange Format:
An object is an unordered collection of zero or more name/value pairs, where a name is a string and a value is a string, number, boolean, null, object, or array.
The protocol guide seems however to assume that the keys have an order:
- The canonical formatting instructions for signing/hashing do not specify an ordering
- Regarding the signature it says:
It must be the last entry in the dictionary
Possible resolution:
- Do nothing: "we know what we mean by JSON, it's not what RFC says but we don't care"
- Explicitly say that this is "ordered JSON" and some additional constraints apply to the ones specified in the RFC
- Specify how the keys are to be ordered for the canonical serialization and remove the constraint regarding the position of the signature. This could be done with a transition phase or exception for old content in which the order provided in the message is used.