Follow

Canonical serialization is pretty important for cryptographic message signing. Canonical CBOR is closest to a standard, but its in a pretty bad shape:
- FIDO2 aims to use their own version and not the one defined in the RFC: fidoalliance.org/specs/fido-v2
- A bunch of libraries use different ordering: JS `cbor`/`borc` and Rust `serde_cbor` with only the last one making any claims related to canonicality.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
mas.to

Hello! mas.to is a general-topic, mainly English-speaking instance. We're enthusiastic about Mastodon and aim to run a fast, up-to-date and fun Mastodon instance.