Am I right to say that the signing of an SSB message relies on JSON.stringify()'s implementation details? From what I see, the source code relies on JS objects being order-preserving (and JSON.stringify() respecting that).

yes, although there is a PR somewhere that fixes the order of the properties in the metadata at least.

But won't that break the whole chain? As in, the signatures will change, right?

by fixing the order, i mean it makes explicit the order that is now used by all currently valid messages - meant to prevent unintentionally breaking replication if the js engine stops respecting the property insert order for json stringify in the future, as i understand it. so it wouldn't affect things currently.

Do you have a link to that PR?

@ub|k: found it. not actually a PR but @ezdiy opened an issue and put a code snippet here: https://github.com/ssbc/ssb-feed/issues/11#issue-222020256
blobbifying that page, ftw: ssb-feed-issue-11.html

came from this discussion: %Bw6sVzo...

We use json-stable-stringify atm but will be switching to Protocol Buffers (and the implied object order) this year. You could also use something like an OrderedMap from immutable (and transit to serialize it).