varx/tech on Nostr: nprofile1q…rk39d Yeah, it's a canonicalization issue—really the main one, as far ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq8369m6ejyjfh47ths7qrlvqcu8jvyzxnuysx72cpvg95jfvt9l0sgrk39d (nprofile…k39d) Yeah, it's a canonicalization issue—really the main one, as far as I'm concerned. There are more esoteric things like tags, disagreement on the lax parsing of nonconforming messages, etc. but key repetition is the big source of parser mismatch. vulnerabilities You see it all the time on the web, where some HTTP frameworks take the first query parameter for a given key, and some take the last. -.-
It's actually not about having multiple valid signatures, but about having one signed blob of CBOR decoding to multiple logical messages.
I actually don't have a specific scenario in mind where this causes a problem in my protocol, but I'd still like to avoid it just in case. (Where it gets really exciting is in ledger protocols e.g. with cryptocurrency.)
It's actually not about having multiple valid signatures, but about having one signed blob of CBOR decoding to multiple logical messages.
I actually don't have a specific scenario in mind where this causes a problem in my protocol, but I'd still like to avoid it just in case. (Where it gets really exciting is in ledger protocols e.g. with cryptocurrency.)