Thanks for filing this, we've been focusing on catching up with the format but haven't worked on this part yet (and actually I hadn't realized now it's possible).

Yeah, I was trying to find it in the spec and was having a hard time too. :-) We should revise the spec to make this clearer.

Thanks for noticing!

(kinuko@ made a suggestion to dump my progress/thoughts here. here I'm trying to follow her suggestion :)

The current implementation snapshot, namely b1, embeds the original representation within a CBOR map. This format makes it tricky to implement this using Chromium without encode(decode(hdrs)) using cbor_writer.cc , since we can't mix "raw cbor bytes" and unencoded "CBORValue"s.

I'll follow up with a chromium WIP CL that will workaround the issue by not using cbor_writer.cc to encode the top-level map, but we probably would want to change the message encoding in the near future.

[1] https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-01#section-3.5

Filed https://github.com/WICG/webpackage/issues/276 for spec chage

CL https://chromium-review.googlesource.com/c/chromium/src/+/1154767

Thanjs Kouhei.  If changing the spec further could make this easier (potentially across implementations) and Jeffrey and others are onboard I prefer waiting the spec change before changing the impl.

(I suppose we will need to cut another snapshot though if we do that)

Let me try to enumerate possible actions from here.

1. Land CL c#9 to avoid enc(dec(msg)) from b1, make spec change so avoid enc(dec(msg)) is easier, and snapshot b2.
[pro] b1 will still be OT-able without security compromise.

1'. Land CL c#9 to avoid enc(dec(msg)) from b1, change spec wording to discourage enc(dec()), but keep the end result format to be the same. 
[pro] We don't have to snapshot b2

2. Keep b1 impl as is, make spec change and snapshot b2, Chromium will avoid enc(dec(msg)) from b2. (but will enc(dec()) when parsing b1).
[pro] We may need to forbid b1 in the Origin Trials (only accept >=b2)

davidben: What would your preference be of the c#12 options?

davidben: Would you mind answering c#13? I'd really appreciate your input here since this affects if we will make b2 cut or not.

Hrm. I see. Doing things with sub-elements in DER is straightforward because DER got length prefixes right. But CBOR messed this up, which makes this is actually kind of a nuisance.

Changing the specification does seem like a good idea, especially since specification changes are relatively cheap at this stage. I don't have strong feelings between (1) and (2).

(Now I'm tempted to write myself a CBOR parser to better understand how to parse this thing efficiently... next time we design one of this things, can we just use ASN.1? The data model is janky, but it avoided the serialization mistakes in CBOR, and we have a robust performant implementation in BoringSSL's openssl/bytestring.h header. You need ASN.1 to implement web packaging anyway because the ECDSA signatures are encoded in DER.)

Thanks!

I'm going to proceed with the option 2 in c#12, that is:
- Change the format spec so that enc(dec(cbor)) can be easily avoided in its impl.
  - Specifically, I'm going to merge https://github.com/WICG/webpackage/pull/287 or its minor mod
- Snapshot b2, which is incompatible with b1
  - kouhei will update impl draft in github and then publish it in IETF repo.
  - kouhei will communicate internal/external parties about the change
- Implement multi-versioning support:
  - in Chrome M70, so that it will still accept b1 in addition to b2 for a while, and switch parsing mode adequately
  - in golang reference impl, so that it can emit b1 and b2

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0e992a784aeda624fa9fdae2d7c94608728b993b

commit 0e992a784aeda624fa9fdae2d7c94608728b993b
Author: Kouhei Ueno <kouhei@chromium.org>
Date: Fri Aug 24 08:10:03 2018

SignedExchange: Switch to b2 format parser.

Before this CL, Signed Exchange parser implementation in Chromium
expected the b1 format [spec-b1].

This CL switches the parser implementation to expect the updated
specification which we will snapshot as the b2 format in near future,
and deprecate support for parsing the b1 format.

Overview:
- The magic strings and version specifiers are changed from b1 -> b2.
- RequestUrl was a part of cbor_headers in b1, but is now located in the prologue section.
  - As a result, SignedExchangePrologue is now split into two: {BeforeFallbackUrl, FallbackUrlAndAfter}
- Signature message bytes are now encoded using custom binary format (was CBOR in b1)
  - cbor_headers no longer go through enc(dec(original_bytes)), fixes  crbug.com/863499 

Note: fallbackUrl redirect on parse fail ( crbug.com/874323  ) is to be addressed in separate CL.

[spec-b1] https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-01

Bug: 803774,  863499 ,  876968 
Change-Id: Ib172411e075472dcaae21af9c7460af5b5cf4e52
Reviewed-on: https://chromium-review.googlesource.com/1183053
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#585754}
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_cert_fetcher_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_certificate_chain.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_certificate_chain_fuzzer.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_certificate_chain_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_consts.h
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_envelope.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_envelope.h
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_envelope_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_handler.h
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_prologue.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_prologue.h
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_prologue_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_signature_header_field.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_signature_header_field_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_signature_verifier.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/browser/web_package/signed_exchange_signature_verifier_unittest.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/generate-test-sxgs.sh
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.com_invalid_test.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.com_invalid_test.sxg.mock-http-headers
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.org_hello.txt.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.org_noext_test.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.org_test.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/data/sxg/test.example.org_test.sxg.mock-http-headers
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/content/test/fuzzer/signed_exchange_envelope_fuzzer.cc
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/fallback-to-another-sxg.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/generate-test-sxgs.sh
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-cert-not-found.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-invalid-validity-url.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-location-origin-trial.php
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-location.sxg
[modify] https://crrev.com/0e992a784aeda624fa9fdae2d7c94608728b993b/third_party/blink/tools/apache_config/mime.types