I'm really confused by some of the assumptions in this whole thread, sorry. In what scenario would a client touch the string it authenticates and parsed JSON from before sending it back to the server later? This argument seems to assume that I have to throw away the string I've parsed or somehow reconstruct the same JSON and create the HMAC myself locally, which seems odd.
I think I may have answered your confusion in a different thread (I'm not sure I parsed your comment correctly though), but: this is about a problem that specifically occurs when you have JSON (or some other structured format) that needs to have the signature in-band. You're right that it's way easier (the first list of three bullet points, as you mentioned inthe other comment thread) if you can just shiv the tag on the outside.
Perhaps a more familiar case where this happens is SAML assertions with inline signatures?
Yeah, thanks, since you likely encountered these scenarios I guess we're just looking at it from very different viewpoints and some of mine might be lost in translation.
Luckily the number of times I've had to invent signing schemes or even integrate SAML is limited. :)
