Tracked follow-up from the June 2026 org-wide security hardening review. Wave 1/2 fixes are merged and published; this is remaining hardening.
The SDK signs over the record including cnf (correct), but some doc snippets historically excluded it. Make the normative pre-image definition explicit in the spec so all implementations agree (recommend: include cnf, exclude only signature). Confirm SDK + spec + all docs match.
Tracked follow-up from the June 2026 org-wide security hardening review. Wave 1/2 fixes are merged and published; this is remaining hardening.
The SDK signs over the record including
cnf(correct), but some doc snippets historically excluded it. Make the normative pre-image definition explicit in the spec so all implementations agree (recommend: includecnf, exclude onlysignature). Confirm SDK + spec + all docs match.