That is not a risk. Let us look at the spec, in particular the part that defines the “public key” for canister signatures:
The
BIT STRINGfieldsubjectPublicKeyis the blob|signing_canister_id| · signing_canister_id · seed, where|signing_canister_id|is the one-byte encoding of the the length of thesigning_canister_idand·denotes blob concatenation.
The key only depends on the signing_canister_id and a canister-chosen seed. No information about the subnet is used. In fact, we will be moving the Internet Identity canister to a new subnet soon, which is only possible due to the described property.
I don’t, unfortunately. It’s a mess, since you have to first encode the argument as Candid, then you have to assemble the ingress message as CBOR and compute the request id. I was saying that it’s possible, not that it’s easy…
Well the canister can use the HTTP request API to make a query call to itself. And then it could use the HTTP request API to submit the request to the boundary node. So once we have HTTP queries, the canister can do this.
But yeah, all this wouldn’t be necessary if canisters could control neurons directly.