Security Review Finding — MEDIUM Priority
Source: Krillnotes Security Review v1.0.1 (April 2026)
Location: krillnotes-core/src/core/invite.rs:117-121
Description
verify_payload() uses serde_json::to_string() for canonicalization, which may not be deterministic across serde_json versions (float formatting, escape sequences).
Impact
If serde_json changes its serialization output between versions (e.g., float formatting, Unicode escapes), signatures created with one version could fail verification with another. This is a forward-compatibility concern for the sync protocol.
Recommendation
- Consider using a canonical JSON serializer (e.g.,
serde_jcs implementing RFC 8785) for signature payloads
- At minimum, document the canonicalization strategy and pin
serde_json behavior expectations
- Add tests that verify round-trip canonicalization stability
Acceptance Criteria
Security Review Finding — MEDIUM Priority
Source: Krillnotes Security Review v1.0.1 (April 2026)
Location:
krillnotes-core/src/core/invite.rs:117-121Description
verify_payload()usesserde_json::to_string()for canonicalization, which may not be deterministic acrossserde_jsonversions (float formatting, escape sequences).Impact
If
serde_jsonchanges its serialization output between versions (e.g., float formatting, Unicode escapes), signatures created with one version could fail verification with another. This is a forward-compatibility concern for the sync protocol.Recommendation
serde_jcsimplementing RFC 8785) for signature payloadsserde_jsonbehavior expectationsAcceptance Criteria
serde_jcsor add explicit tests pinning currentserde_jsonbehavior