Informational: a known, intentional divergence between this crate and the section 05:159 enforcement point for a small-order or non-canonical canary.runtime_pubkey.
Section 05:157/159: the strict profile (canonical encoding, non-small-order) for K_runtime.pub is "enforced when a document is verified under the key", and a failure is reported as E_SIG_VERIFICATION. For K_origin.pub, which verifies no document in v1, enforcement is structural at Stage 9 origin binding with E_BIND_ORIGIN (upstream AMB-17).
This crate additionally rejects a small-order / non-canonical canary.runtime_pubkey early, at Stage 8 canary structural validation, with E_CANARY_INVALID (validate_canary_structure calls validate_runtime_pubkey_strict). The rationale is defense-in-depth: without it, a manifest declaring a bad runtime key would pass Stages 6/8/9 and the violation would surface only on the first content fetch. Failing at canary-structure time aligns the rejection with manifest acceptance.
Net effect, for a manifest carrying a small-order or non-canonical canary.runtime_pubkey:
- this crate rejects the manifest at Stage 8 with
E_CANARY_INVALID;
- the section 05:159-favored reading (and the Java reference implementation) defers to content/transaction verification under that key and reports
E_SIG_VERIFICATION.
The conformance corpus does not currently exercise this case, so both implementations pass the rc.37 corpus; the divergence is latent.
No fix is proposed. Options for the record:
- Keep the extra-strict Stage 8 check (defense-in-depth) and document the divergence (this issue).
- Defer to section 05:159: drop the Stage 8 runtime_pubkey strict check and rely on content-verify
E_SIG_VERIFICATION.
- Raise an upstream ambiguity to bless an early, manifest-acceptance-time rejection point for
K_runtime.pub (analogous to the AMB-17 resolution for K_origin.pub) and pin a diagnostic.
Filed for visibility; no action is required for rc.37 conformance.
Informational: a known, intentional divergence between this crate and the section 05:159 enforcement point for a small-order or non-canonical
canary.runtime_pubkey.Section 05:157/159: the strict profile (canonical encoding, non-small-order) for
K_runtime.pubis "enforced when a document is verified under the key", and a failure is reported asE_SIG_VERIFICATION. ForK_origin.pub, which verifies no document in v1, enforcement is structural at Stage 9 origin binding withE_BIND_ORIGIN(upstream AMB-17).This crate additionally rejects a small-order / non-canonical
canary.runtime_pubkeyearly, at Stage 8 canary structural validation, withE_CANARY_INVALID(validate_canary_structurecallsvalidate_runtime_pubkey_strict). The rationale is defense-in-depth: without it, a manifest declaring a bad runtime key would pass Stages 6/8/9 and the violation would surface only on the first content fetch. Failing at canary-structure time aligns the rejection with manifest acceptance.Net effect, for a manifest carrying a small-order or non-canonical
canary.runtime_pubkey:E_CANARY_INVALID;E_SIG_VERIFICATION.The conformance corpus does not currently exercise this case, so both implementations pass the rc.37 corpus; the divergence is latent.
No fix is proposed. Options for the record:
E_SIG_VERIFICATION.K_runtime.pub(analogous to the AMB-17 resolution forK_origin.pub) and pin a diagnostic.Filed for visibility; no action is required for rc.37 conformance.