IETF Logo Mail Archive

Re: [dispatch] Demonstration of W3C Implementer Support for Multibase at IETF (was: Re: Finding a home for Multibase and Multihash)

Manu Sporny <msporny@digitalbazaar.com> Mon, 27 March 2023 00:05 UTC

Return-Path: <msporny@digitalbazaar.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BE2C151548 for <dispatch@ietfa.amsl.com>; Sun, 26 Mar 2023 17:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digitalbazaar.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUAPKscRxaQ6 for <dispatch@ietfa.amsl.com>; Sun, 26 Mar 2023 17:05:35 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8CFCC15154E for <dispatch@ietf.org>; Sun, 26 Mar 2023 17:05:24 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id y85so3182787iof.13 for <dispatch@ietf.org>; Sun, 26 Mar 2023 17:05:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalbazaar.com; s=google; t=1679875524; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=dAAmuuqGZOqOt1+Lx7w5var9aMGsKFLL6YfUoDKVHWg=; b=vx2NQRZlhtGFhepoX/UXM2tV5r/aKSitQuR5DMnhmrS833EXbRiw69XVCK//fEJOU4 a6DykeX0JKyPhU2JrTx9QNJERyTlLWdh1KGXk4qMPxQooXOFGl3K2Ee55vyNS9yjmAxJ SFWkk7S8ZZzUUw07G83RQWUaFxkYoJnYZVvsMptZFTsrKdKsP41XtNl9rpyK5L/u7om7 xqD/e24T0SnLwL4V2PkRqTGNI+LBxyBH5Mb70EegyNgQoFtcXbO5WT+GEREsmm647A4r KlKIhqVGqVJ2OzHvSam815h5r85RrJ04LMPnGNq3wG32g0bwX0mxQOzUJwNB1T3QINFK DxMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679875524; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dAAmuuqGZOqOt1+Lx7w5var9aMGsKFLL6YfUoDKVHWg=; b=QyvKIo8xN3/3qpCwk7fCr2goafUrABU7DQ3/DBWPCSmWhsVDMRS3WmJFeWZiZbK5dc 5N2mxDQOlgOI38dIOeVmVrBDmd2EeEBFCBEL4ciVFZglLKHZmSKf+A9hWaf4Vod2o/XL IQ8YdcLs09yS/7TEy44dh4ZRpJ4b8YbylUCWtLCHCVNPod+GXYL5aCMu0gl2x/3y6m4p uIRdcnhA9qOCQ4H0jMtmG+DPkjkUrZKT2MZ+/XexYpnhgrpRuqvkrvnj8InncZYaNcq7 jOSM/5HnFciT7xOBktzpu6WSKLeczbwmVgxEsU+wqWH9POApvLEncNIV+8ZppzCs/lCc F6Ag==
X-Gm-Message-State: AO0yUKWVD00dxswpUzjQgBfzbBhuvLAaBVlXmbNoXRueJdzgCijxrtOf apamUWmh9oQ8COaxri4ubRFaPA0REJO5/t9lvemTPezixEPh+trbcBg=
X-Google-Smtp-Source: AK7set8hLHcyGAUWsdal+ABS0E6Zn4bJ7RcEJIXXn3Wq49nd5iKMxJ/UE17KQdQwW7ecXeGbR09MPVgyvZalkLw21qE=
X-Received: by 2002:a5e:9901:0:b0:745:8ffc:8051 with SMTP id t1-20020a5e9901000000b007458ffc8051mr3778933ioj.2.1679875523791; Sun, 26 Mar 2023 17:05:23 -0700 (PDT)
MIME-Version: 1.0
References: <c9e0219c-0bca-32ab-56b4-ead9427e7578@gmail.com> <CAMBN2CScMLz9UzB-Fzp2NKPhZ-t4D0rZ72DnDPLPiVYAJ0Wt8A@mail.gmail.com> <FA71DB2D93B4DB5EBECA3F8C@PSB>
In-Reply-To: <FA71DB2D93B4DB5EBECA3F8C@PSB>
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 26 Mar 2023 20:04:47 -0400
Message-ID: <CAMBN2CQ40hM5ngSRQZ8DvkVhonEesLxw=3n-evWKi0ReDnQdaA@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: dispatch@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/0LGXVAf3GHd07XIlOD2v9INUF3o>
Subject: Re: [dispatch] Demonstration of W3C Implementer Support for Multibase at IETF (was: Re: Finding a home for Multibase and Multihash)
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 00:05:39 -0000

On Sun, Mar 26, 2023 at 3:56 PM John C Klensin <john-ietf@jck.com> wrote:
> (1) If  this work is being actively pursued in W3C, why is it
> also being pursued in the IETF?  Or, if one prefers, if it is
> being brought to the IETF, why is it also being pursued in W3C?

The Multiformats work is being used in W3C draft specifications, and
ideally, our specs at W3C would benefit from a stable reference to a
few Multiformats specs and registries instead of what they're doing
now, which is picking and choosing subsets and documenting them
directly in each specification. The Multibase and Multihash I-Ds are
each, a very light spec that establishes a registry. Since IANA does
registries pretty well, and since Multiformats are "lower in the
stack" than most W3C specs, IETF felt like a natural place for the
work.

AFAIK, there are no W3C members that I know of that have plans to
standardize Multiformats at W3C. The preference is to have
Multiformats RFCs at IETF, including IANA registries, that W3C specs
can refer to in a normative way.

> If the work being brought to
> each body is sufficiently distinct that such problems would be
> avoided (note the HTTP / HTML distinction as an example), can
> you clearly explain the distinction and the boundary between the
> two?

Yes, the assertion is that the work is sufficiently distinct. The W3C
specifications would normatively refer to some of the Multiformats
RFCs and registries established at IETF.

To provide an example, a W3C specification would say something like:
"The cryptographic hash for the `foo` property is encoded as a
Multibase-encoded Multihash value where the multibase header is 'u'
(base64url-no-pad) and the multihash header is 0x16 (SHA3-256) as
defined in RFCxxxx and RFCyyyy, respectively."

> Noting that the IETF has almost never
> been the endorser under the first type of arrangement or been
> part of a task-specific Joint Development Agreement, would you
> suggest one or the other in this case?

As is probably evident from the first two answers, a Joint Development
Agreement would probably be unnecessary as the separation between the
two pieces of work are fairly clean.

> (4) As I read them, some of the endorsements imply that
> organizations are either deploying, or ready to deploy, these
> specifications already.  For example, I read "currently
> implement, use, or foresee" in one of the messages you posted.
> At least the first two would imply that the specs are finished
> and not expected to change.  If so, what value would you expect
> work in the IETF to add?

The IETF would create a stable reference for the specification and a
more stable registry for the work. The multibase and multihash
registry currently exists as a CSV table in a Github repository that
is being maintained by a few individuals. The table largely mirrors an
IANA registry and so having a more permanent home for the table
(rather than a Github repo) would make it possible for us to reference
something from the W3C specifications instead of pulling in parts of
the table into the W3C specifications in an ad-hoc manner.

> Conversely, if the IETF were to go to
> work on the specs, find issues, and make changes, are those who
> have already deployed committed (presumably without
> foreknowledge of what the changes might be) to quickly retrofit
> them into their implementations or would we end up with
> inconsistent implementations, all claiming to be the
> authoritative one?

Given the nature of the specifications, which are effectively var-int
encoded headers, there isn't much that could change at this point. I
do expect that if there were severe deficiencies found, that the
implementation community would want to change... but that would
effectively boil down to two general changes:

* We decide to use something other than varint to encode the header values.
* We decide to change the meaning of certain entries that have been
broadly deployed.

I expect the latter to be far more likely than the former, and (like
all things), it would become a discussion between the IETF group and
the implementers during the RFC drafting process.

> And, for those who "foresee a need", does
> their endorsement constitute a commitment to eventually deploy
> implementations consistent with whatever the IETF reaches rough
> consensus about?

At present, I believe the commitment is to eventually deploy
implementations that are consistent with whatever the IETF reaches
through rough consensus. As I said above, given the type of
specifications we're talking about, the risk of things changing
greatly isn't as high as it is with other specifications.

If things change drastically, like with any specification, we can't
predict how support for a concrete I-D today would translate into
support for a significantly different RFC in the future.

All that said, I believe much of the support extended for the work and
the I-Ds that exist today would also apply for whatever that comes out
of the IETF process.

Did that answer each of your questions, John?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

v2.23.0 | Report a Bug | By Email