Spec clarification on canonicalization for signing

The [spec says](https://github.com/ucan-wg/spec/blob/main/README.md?plain=1#L526)

> All UCANs MUST be canonically encoded with [DAG-CBOR](https://ipld.io/specs/codecs/dag-cbor/spec/) for signing.

However the [canonicalization spec says](https://github.com/ucan-wg/canonicalization)

> Per the [core UCAN spec](https://github.com/ucan-wg/spec), all implementations MUST support JWT encoding. This provides a common representation that all implementations can understand. JWT canonicalization allows for alternate encodings to convert to and from the standard JWT format, retain the JWT signature scheme, and so on.

and in the encoding steps,

> [dag-json](https://ipld.io/specs/codecs/dag-json/spec/) encoding MUST be used

The [rs-ucan implementation](https://github.com/ucan-wg/rs-ucan/blob/83528cc050fa15592eaa5fd0a33a4a170bc2c9b9/ucan/src/builder.rs#L88) seems to reflect this, canonicalizing the payload to a dag-json JWT for signing.

Is dag-json the canonical encoding for signing?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Spec clarification on canonicalization for signing #187

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Spec clarification on canonicalization for signing #187

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions