Signing data structures the wrong way

๐Ÿ”’ "Domain Separation in IDL: The Wrong Way to Sign Data Structures"

Signing data structures requires careful consideration to ensure authenticity and integrity, but a common approach in IDL (Interface Description Language) falls short by neglecting domain separation, leading to potential security vulnerabilities. This oversight can compromise the trustworthiness of signed data. Proper domain separation is crucial for secure data exchange.

guid

https://news.ycombinator.com/item?id=47605677

source_url

https://blog.foks.pub/posts/domain-separation-in-idl/

author_name

malgorithms

id: 1338
uid: XdeKu
insdate: 2026-04-02 01:05:40
title: Signing data structures the wrong way
additional: ๐Ÿ”’ "Domain Separation in IDL: The Wrong Way to Sign Data Structures"

Signing data structures requires careful consideration to ensure authenticity and integrity, but a common approach in IDL (Interface Description Language) falls short by neglecting domain separation, leading to potential security vulnerabilities. This oversight can compromise the trustworthiness of signed data. Proper domain separation is crucial for secure data exchange.
category: Hacker News
md5:
guid: https://news.ycombinator.com/item?id=47605677
source_url: https://blog.foks.pub/posts/domain-separation-in-idl/
updated:
image:
author_name: malgorithms
author_link:

No Items Found.

Add Comment
Type in a Nick Name here
 
Other Items in Hacker News
I think Anthropic and OpenAI have found product-market fit Canada to order military plane fleet from Sweden in shift from US suppliers Reflex (YC W23) Is Hiring SWEs, Growth, and GTM Roles Gemini, Gophers, and Fingers. Oh My Alternative Internets Beyond HTTPS SimCity 3k in 4k (2025) Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction Valve raises Steam Deck prices by more than $200 What Apple and Google are doing to your push notifications On Labubu and the Hyperreal YouTube to automatically label AI-generated videos Claude Code as a Daily Driver: Claude.md, Skills, Subagents, Plugins, and MCPs All of human cooking compressed into 2 megabytes Go: Support for Generic Methods Mini Micro Fantasy Computer I'm Tired of Talking to AI Private Equity Bought America's Essential Services XLIDE: VBA without excel Incident with Pull Requests, Issues, Git Operations and API Requests Italy region: +200% tax on datacenters built in green/agricultural areas That Methyl Methacrylate Tank The worst job interview I ever had Sonny Rollins, jazz saxophonist, has died Stripe is friendly to โ€œfriendly fraudโ€ Tunecat: Simple Internet Radio TSDuck: Open-source toolkit for MPEG-TS analysis and manipulation Gear Commit: Dev gadget box personalized from GitHub activity Show HN: Posthorn, self-hosted mail without the mail server Chemistry behind the Garden Grove chemical tank Big tech's anti-labor playbook has come for Wikipedia From Rust to Ruby Xiaomi MiMo-v2.5 price drops 99% โ€“ AI pricing war Cloudflare Flagship The OSS Sabotage Manual Became Corporate Best Practice AI Tools Are Only as Good as Your Judgment โ€“ and That's the Point Sonny Rollins, Jazz's Saxophone Colossus and Greatest Improvisor, Dead at 95 Erin Brockovich made a map to track data centers around the country Stripe is friendly to "friendly fraud" C64 Basic: Game Map Overhead "Camera View" Launch HN: Minicor (YC P26) โ€“ Windows desktop automations at scale Language Models Need Sleep The Ballad of TIGIT Uber, Lyft drivers in Massachusetts form first US ride-share union What color is your function? (2015) Is "colorectal cancer" rising in "young people"? The real cost of owning a home Sage Care (YC S24) Is Hiring Software Engineers Stop Advertising in Your Commits Logseq Doctor: Heal your flat old Markdown files before importing them to Logseq Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal Incident with Actions and Pages
Other Categories in HNews
hacker news
Search HNews
Search HNews by entering your search text above.
Welcome

This is my test area for webdev. I keep a collection of code here, mostly for my reference. Also if i find a good link, i usually add it here and then forget about it. more...

You could also follow me on twitter. I have a couple of youtube channels if you want to see some video related content. RuneScape 3, Minecraft and also a coding channel here Web Dev.

If you found something useful or like my work, you can buy me a coffee here. Mmm Coffee. โ˜•

โค๏ธ๐Ÿ‘ฉโ€๐Ÿ’ป๐ŸŽฎ

๐Ÿชฆ 2000 - 16 Oct 2022 - Boots
Random Quote
I believe that in order to better your knowledge base, it takes a lot of failing in order to succeed. I don't consider anything a failure as long as you get back up and you learn from your own mistakes.
Unknown
Latest News
## ๐Ÿš€ AI Giants Hit Bullseye: Anthropic & OpenAI Achieve Product-Market Fit Anthropic and OpenAI have reached a significant milestone, finding product-market fit with their AI technologies, which means their products effectively meet the needs of their customers, driving growth and adoption. This achievement showcases the practical value of their innovations, enabling businesses and individuals to leverage AI for enhanced productivity and efficiency. With this alignment of product and market needs, these companies are poised to transform industries and shape the future of technology.