Canonicalization
                           What is Canonicalization?
--------------------------------------------------------------------------------

Canonicalization
================

2 min read

/-------------------------------------------------------------[ibzan: thinking]\
|                                                    What is canonicalization? |
\------------------------------------------------------------------------------/

/[jacobi: typing]--------------------------------------------------------------\
| Canonicalization is the process of taking multiple pieces of data and        |
| serializing it together in an unambiguous way. If any of the pieces change,  |
| then the output is also changed. This is especially useful in verifying data |
| that can be reorganized in transit.                                          |
\------------------------------------------------------------------------------/

/[cendyne: you-got-it]---------------------------------------------------------\
| For example, see Google Cloud Storage - Canonical Requests [L1] (archived    |
| [L2]) and AWS - Create a signed AWS API request [L3] (archived [L4]).        |
\------------------------------------------------------------------------------/

/[cendyne: wtf-is-going-on]----------------------------------------------------\
| In practice, canonicalization is an incredibly difficult process to get      |
| right. See Duo Finds SAML Vulnerabilities Affecting Multiple Implementations |
| [L5] (archived [L6]), where Kelby shares a vulnerability that affects        |
| multiple SAML implementations.                                               |
\------------------------------------------------------------------------------/

/[cendyne: uhh]----------------------------------------------------------------\
| Do not blame the users or library authors when the same issue keeps          |
| appearing. Instead, the specification and technology is prone to misuse. So, |
| alternatives should be considered.                                           |
\------------------------------------------------------------------------------/

--------------------------------------------------------------------------------

 [L1]: https://cloud.google.com/storage/docs/authentication/canonical-requests
 [L2]: https://archive.vn/J8yHR
 [L3]: https://docs.aws.amazon.com/general/latest/gr/create-signed-request.html
 [L4]: https://archive.vn/OivEV
 [L5]: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-
       implementations
 [L6]: https://archive.vn/qoAa1