Problem
RFC 8785 JCS gives DRS deterministic bytes only after the JSON value is well-defined. Duplicate object keys are a sharp edge: parsers may silently keep the first value, keep the last value, or behave differently across languages. If TypeScript, Go, and Rust parse duplicate-key JSON differently before canonicalization, signatures, body binding, and hash checks can drift.
What to do
Add strict duplicate-key rejection anywhere untrusted JSON is parsed before JCS or verification semantics are applied. Cover at least:
- SDK/JWT payload parsing where relevant
- verifier
/verify request body parsing
- body binding JSON parsing
- conformance fixtures for duplicate keys
Acceptance criteria
- duplicate-key JSON is rejected, not silently normalized
- Rust, Go, and TypeScript have tests for duplicate-key rejection where they parse untrusted JSON
- conformance fixtures include duplicate-key cases
- docs state that DRS accepts only duplicate-key-free JSON before JCS
- existing RFC 8785 vectors still pass
Out of scope
- changing from JSON/JCS to CBOR
- accepting non-JSON request bodies
Problem
RFC 8785 JCS gives DRS deterministic bytes only after the JSON value is well-defined. Duplicate object keys are a sharp edge: parsers may silently keep the first value, keep the last value, or behave differently across languages. If TypeScript, Go, and Rust parse duplicate-key JSON differently before canonicalization, signatures, body binding, and hash checks can drift.
What to do
Add strict duplicate-key rejection anywhere untrusted JSON is parsed before JCS or verification semantics are applied. Cover at least:
/verifyrequest body parsingAcceptance criteria
Out of scope