Domain Separation in IDL: Snowpack's approach to secure signing and canonical encodings
Summary
Domain separation bugs are a long-standing problem in cryptographic serialization. The article argues for embedding random, immutable domain separators into the IDL (via Snowpack) to ensure the signed data type is unambiguous across protocols, and demonstrates how this enables canonical encodings and forward/backwards compatibility. It includes practical examples in Go/TypeScript and discusses real-world vulnerabilities and tooling.