Duncan Coutts

I suspect for minimal support there may be more changes required than just the command names. As I discussed with @DanielG at the recent hackathon, this is an opportunity to...

@yihuang no, it's important that people _not be mislead_ into thinking that there is a canonical representation. There is **not** a canonical representation. When you sign or hash the data,...

Exactly. The spec is the CDDL, and there is no need for other interoperable implementations to serialise in exactly the same way so long as they follow the CDDL specification.

It's a very bad security practice to check signatures or hashes on re-serialised data. It must only be done on the original bytes. Otherwise it leads to all sorts of...

> In Ogmios, and tools in general, I've now taken the habit to always rely on raw binary data and to also carry along those raw data in the API,...

I know the hardware ledger people want to serialise the txs themselves, rather than checking a serialised tx that is passed in to them. For that reason they have created...

> the ledger hardware wallets will deserialize the tx to show data to the user, and then when it comes to sign things, it re-serializes to their choice of encoding...

I'll fix this now by re-signing the mirrors file. Will provide an update here when it's done. But yes it would be wise to hand out a couple more operational...

Ok, next step is to upload it: ``` { "signatures": [{"keyid":"280b10153a522681163658cb49f632cde3f38d768b736ddbc901d99a1a772833","method":"ed25519","sig":"9YaOmIr/m1oSrYkITopMthF8pExyqmjHCDXPytt2DqDYB/5NlYUDXtXNr1Y1yTKglLNEE2+c720N2un0lnEQCg=="}], "signed": { "_type": "Mirrorlist", "expires": "2023-06-01T23:59:59Z", "mirrors": [ { "urlbase": "http://hackage.fpcomplete.com/" }, { "urlbase": "http://objects-us-east-1.dream.io/hackage-mirror/" } ], "version": 9...

BTW, I agree giving operational keys to folks from the HF is a good idea. The root key holders will need to issue and sign an updated root.json that lists...