IETF Logo Mail Archive

Re: [Multiformats] Multiformats Considered Harmful

Melvin Carvalho <melvincarvalho@gmail.com> Wed, 06 September 2023 08:36 UTC

Return-Path: <melvincarvalho@gmail.com>
X-Original-To: multiformats@ietfa.amsl.com
Delivered-To: multiformats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34AC8C14CE52 for <multiformats@ietfa.amsl.com>; Wed, 6 Sep 2023 01:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.844
X-Spam-Level:
X-Spam-Status: No, score=-1.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48eqtWCQ5oSj for <multiformats@ietfa.amsl.com>; Wed, 6 Sep 2023 01:36:14 -0700 (PDT)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01CCCC14CF1B for <Multiformats@ietf.org>; Wed, 6 Sep 2023 01:36:13 -0700 (PDT)
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-58caaedb20bso34793507b3.1 for <Multiformats@ietf.org>; Wed, 06 Sep 2023 01:36:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693989373; x=1694594173; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9TbvLArwOMShbPE4VhwoSIhPx1u4JcAmCGte3jzzXiE=; b=kXuTtrZVyaOrZbLTWvodOr86AVFIf0zzXksQmcrk1WdbXjXHz0rLbhx6H9yC9Glz24 MsVawLhu+9Opxyo/OaONiPCom4y+Qfg50oyTbBZL7Iktpr3Fzvy3sjxZ4iOIeJLJKzOT HyjK/HuNgOetpH+UWNxM4CPkROTqb9movz4Q7Bgkvp7e62OyWEFlPO6460KIXlXtTcMy DQjCWFswn3DSY15b9lKO7eHnXrxrTYbheOXgGDktafYXemSps2waq2RI8uF8F/8pct16 j9PeV6gfVafg0/Ozx1x8NGi4+N0TPh5eSzu0beoJ2OMUi71sA8JYNCejOYzjh37oN4s0 VxAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693989373; x=1694594173; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9TbvLArwOMShbPE4VhwoSIhPx1u4JcAmCGte3jzzXiE=; b=ToSVRr0gXFMbQla9Drts/IZSYaRnVt50eoYNKd9ocIGyMSBcAbZB3owhQq9IE8vOaQ cVfPXrRi1MJ5Y5pafMPjLwCXgrjPQL0KQZ3b7BkTE3m0OeLXY3PhW3j7blqNqsEP/Lz2 t9DGcGSWP4voIqRQm0ix1rJxLTcVaeaWsEDjWXAiCANkayANjL3npjzIXXNwWYO/rpfE s+En+2Sy+fCzK/s2X7PKLS96+Lw7Dj8lwKhCIBJlA7dQDUgcsTTSV4s1CJ5KLojA6rk9 ryBspMgCqcMOErLnoFzws3JuJS+hq7++DrSmdg6EkDIDDdUPdADutlbTwMDbGKcBGtul Bfsw==
X-Gm-Message-State: AOJu0YwlpD4pf5B2NowVzonkVEOjCnsiyq4I62ms/uukYAC39d0kkVmj pOXhOv2CHMEACQUwBvhrTnnGNZHWx9BNVYXmZsY=
X-Google-Smtp-Source: AGHT+IEwRsPiXanWjiAJr8/sS/wuUY872GGnJv7C++cGwHwiS12lrA04PSkmiQFc7DjGn70PHVAtUTl0bMyB6tbtijQ=
X-Received: by 2002:a0d:ea90:0:b0:584:4bbb:963b with SMTP id t138-20020a0dea90000000b005844bbb963bmr17621796ywe.15.1693989372780; Wed, 06 Sep 2023 01:36:12 -0700 (PDT)
MIME-Version: 1.0
References: <MW4PR02MB74285C15BBD628DD5F637C2EB7EFA@MW4PR02MB7428.namprd02.prod.outlook.com>
In-Reply-To: <MW4PR02MB74285C15BBD628DD5F637C2EB7EFA@MW4PR02MB7428.namprd02.prod.outlook.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 06 Sep 2023 10:36:00 +0200
Message-ID: <CAKaEYhKUgrMz8BUu9caQ5TjTjsVPgWCzzTOd0SAgZFXLCZnMvA@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Cc: "Multiformats@ietf.org" <Multiformats@ietf.org>, Murray Kucherawy <superuser@gmail.com>, Barry Leiba <barryleiba@computer.org>, Francesca Palombini <francesca.palombini@ericsson.com>, Roman Danyliw <rdd@cert.org>, Paul Wouters <paul.wouters@aiven.io>
Content-Type: multipart/alternative; boundary="000000000000d1657c0604aca247"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multiformats/ENfYCfiMRxOtjsD2_luyNTqzWQg>
Subject: Re: [Multiformats] Multiformats Considered Harmful
X-BeenThere: multiformats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion related to the various Multiformats data formats <multiformats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multiformats>, <mailto:multiformats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multiformats/>
List-Post: <mailto:multiformats@ietf.org>
List-Help: <mailto:multiformats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multiformats>, <mailto:multiformats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2023 08:36:18 -0000

st 6. 9. 2023 v 4:03 odesílatel Michael Jones <michael_b_jones@hotmail.com>
napsal:

> While I usually reserve my time and energy for advancing good ideas, I’m
> making an exception to publicly state the reasons why I believe “
> multiformats <https://github.com/msporny/charter-ietf-multiformats/>”
> should not be considered for standardization by the IETF.
>
> 1. Multiformats institutionalize the failure to make a choice, which is
> the opposite of what good standards do. Good standards make choices about
> representations of data structures resulting in interoperability, since
> every conforming implementation uses the same representation. In contrast,
> multiformats enable different implementations to use a multiplicity of
> different representations for the same data, harming interoperability.
> https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03#appendix-D.1 defines
> 23 equivalent and non-interoperable representations for the same data!
>
> 2. The stated purpose of “multibase
> <https://www.ietf.org/archive/id/draft-multiformats-multibase-08.html>”
> is “*Unfortunately, it’s not always clear what base encoding is used;
> that’s where this specification comes in. It answers the question: Given
> data ‘d’ encoded into text ‘s’, what base is it encoded with?*”, which is
> wholly unnecessary. Successful standards DEFINE what encoding is used
> where. For instance,
> https://www.rfc-editor.org/rfc/rfc7518.html#section-6.2.1.2 defines that
> “x” is base64url encoded. No guesswork or prefixing is necessary or useful.
>
> 3. Standardization of multiformats would result in unnecessary and
> unhelpful duplication of functionality – especially of key representations.
> The primary use of multiformats is for “publicKeyMultibase” – a
> representation of public keys that are byte arrays. For instance, the only
> use of multiformats by the W3C DID spec <https://www.w3.org/TR/did-core/> is
> for publicKeyMultibase. The IETF already has several perfectly good key
> representations, including X.509, JSON Web Key (JWK), and COSE_Key. There’s
> not a compelling case for another one.
>
> 4. publicKeyMultibase can only represent a subset of the key types used in
> practice. Representing many kinds of keys requires multiple values – for
> instance, RSA keys require both an exponent and a modulus. By comparison,
> the X.509, JWK, and COSE_Key formats are flexible enough to represent all
> kinds of keys. It makes little to no sense to standardize a key format that
> limits implementations to only certain kinds of keys.
>
> 5. The “multihash
> <https://www.ietf.org/archive/id/draft-multiformats-multihash-07.html>”
> specification relies on a non-standard representation of integers called
> “Dwarf”. Indeed, the referenced Dwarf document lists itself as being at
> http://dwarf.freestandards.org/ – a URL that no longer exists!
>
> 6. The “Multihash Identifier Registry” at
> https://www.ietf.org/archive/id/draft-multiformats-multihash-07.html#mh-registry duplicates
> the functionality of the IANA “Named Information Hash Algorithm Registry”
> at
> https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg,
> in that both assign (different) numeric identifiers for hash functions. If
> multihash goes forward, it should use the existing registry.
>
> 7. It’s concerning that the draft charter
> <https://msporny.github.io/charter-ietf-multiformats/> states that “*Changing
> current Multiformat header assignments in a way that breaks backward
> compatibility with production deployments*” is out of scope. Normally
> IETF working groups are given free reign to make improvements during the
> standardization process.
>
> 8. Finally, as a member of the W3C DID and W3C Verifiable Credentials
> working groups, I will state that it is misleading for the draft charter to
> say that “*The outputs from this Working Group are currently being used
> by … the W3C Verifiable Credentials Working Group, W3C Decentralized
> Identifiers Working Group…*”. The documents produced by these working
> groups intentionally contain no normative references to multiformats or any
> data structures derived from them. Where they are referenced, it is
> explicitly stated that the references are non-normative.
>

+1 Appreciate the list, Mike.

I'd lean towards a spec that focused a bit more on current deployments,
rather than speculations of what might get deployed, in future.


>
>
>                                                 -- Mike
>
>
>
> P.S.  This was also posted at https://self-issued.info/?p=2408 and
> https://www.linkedin.com/posts/selfissued_github-mspornycharter-ietf-multiformats-activity-7105001423574077441-6tcS,
> referenced from https://twitter.com/selfissued/status/1699234431293370376,
> and filed as an issue at
> https://github.com/msporny/charter-ietf-multiformats/issues/2.
>
>
> --
> Multiformats mailing list
> Multiformats@ietf.org
> https://www.ietf.org/mailman/listinfo/multiformats
>

v2.23.0 | Report a Bug | By Email