As of the next release, we will be requiring all-lowercase JSON keys, and no duplicate keys, in the JWS wrapper (the content of POST bodies).
We have checked the logs and it appears that no current clients will suffer from this problem, but if you know that your client is submitting capitalized or duplicate keys in the JWS result, please fix them now.
In the medium term, we plan to deprecate this for the JWS-protected bodies as well. If your client is emitting uppercase or duplicate keys in the JWS-protected body, please fix your clients ASAP.