Cryptobox review: signature scope

[oberstet]

WAMP-cryptobox works by computing a signature over and encrypting a bytes serialization of the following:

payload = {
    u'uri': uri,
    u'args': args,
    u'kwargs': kwargs
}

• https://github.com/crossbario/autobahn-python/blob/master/autobahn/wamp/cryptobox.py#L197
• https://github.com/crossbario/autobahn-python/blob/master/autobahn/wamp/protocol.py#L738

However, the URI is the only WAMP metadata that is included and checked under the signature.

The design question is: is that signature scope (uri/args/kwargs) enough?

Are there other things besides uri/args/kwargs a receiving client would expect to be untampered under end-to-end encryption (by being part of the stuff that goes into signature)?

Essentially, everything not under the scope of the signature must be treated "untrusted" by the receiving peer. Any intermediary WAMP router between the sending and the receiving peer might have tampered with stuff not under the signature.

---

Implementation wise the main thing to check is: is the URI contained within the bytes under the signature (still) the same as the URI in the WAMP message envelope? If not, someone tampered with the URI, and this should be treated as "fatal".