Canonical serialization is pretty important for cryptographic message signing. Canonical CBOR is closest to a standard, but its in a pretty bad shape:
- FIDO2 aims to use their own version and not the one defined in the RFC: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ctap2-canonical-cbor-encoding-form
- A bunch of libraries use different ordering: JS `cbor`/`borc` and Rust `serde_cbor` with only the last one making any claims related to canonicality.