IETF Logo Mail Archive

[Multiformats] Multiformats Considered Harmful

Michael Jones <michael_b_jones@hotmail.com> Wed, 06 September 2023 02:03 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: multiformats@ietfa.amsl.com
Delivered-To: multiformats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68575C1522AF for <multiformats@ietfa.amsl.com>; Tue, 5 Sep 2023 19:03:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.972
X-Spam-Level:
X-Spam-Status: No, score=-0.972 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djC6kRR83r2j for <multiformats@ietfa.amsl.com>; Tue, 5 Sep 2023 19:03:34 -0700 (PDT)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04olkn2099.outbound.protection.outlook.com [40.92.45.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 090E4C1522A0 for <Multiformats@ietf.org>; Tue, 5 Sep 2023 19:03:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HCPMFAVJLy0LOOUp/NwqK/+vDq/9L2YaWdVBF0XntlJs8Llb1QLlY/R/2oCSBSLcHy4asW9VKZZ/WmY8lRpoPRa3750ordmsJoV10gXxOTBG0ph9kJOU25udtz7Rl6a/hY4Wd1jHbpO0fXUNMD2SOagJM34MeRZ/oryUqK3fFrIZhhQLYbzk9mXAJhc3B5tUA0iBYzL8XRV0wSMpturUHmCeXsPcLEVoEVHnpctePMv/hPRuIAa0iL2L0mGKNPj0wokvNj7E00bjnxC9npA74vSqkpx7DUChGsA1M+bfZJlmuXWw/uNhdt60z8OB9CGFcKJx03Wy4yeN5BBYV6Z9cg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZwnCnrQH+Yag2tsF4r/FKLrQ6yLPJHlZBoOVrPm5ZxU=; b=SlgnoH9KEqj0MHvckhMt8trU35gRmpKbRE/h97qXMm2eGH1vo9qwczEr9V6kR9LVNfu5Ap4GLEkK9moYTBnZOEjlSOh1xgL8MfPUR8DDHyfQuktmABVWRzjxb1Nm5eUuI5na4sOEzOb0UlDL5yxM950raTCr7AzrJuA+CxcBqhbZn8xcObJ0180cU/hoGaBYcEX3B2r7kPrqnASN9MA8yvwYtk8/+itx98OdOifJODkFGVxm/XumrYOKDlkIElAkPw69sd7LOHCGMuu6RNkMq8OQYPkuRLq4R4b/3k9RVv/pii+7aCZN53CeCJE/29DnWFOA0oBnOeN6fbsQK+ONOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZwnCnrQH+Yag2tsF4r/FKLrQ6yLPJHlZBoOVrPm5ZxU=; b=us9sKqF4xwCsPHndH6xVfzNfmnTMue2zN5y10YK/oABn96b4A23u0PbN/EKt7LpL5iCnpMzhp3jk4mfg+U46H/YsDfBJmhF3N5l2myd/kIf3mbO3nrc5VDgT5TQecGVcVzLsIbrPf1/Mn+YX9wv7hqdIYc1iZYL1kbQDR4PvaIRsLAJicanLiEAix9RRlPlD42SpC02TMzFYrX6fekMq24l1i5S4UNg217ftfD22usGMXdkxuE4+XW/mkntMaDFWtnQ9BrABie3Gaup6KZ/at0V9VUYZwD/77lgSF3OYd4rjrmLWiKKycFKSDBEpkaD2Lf8dU7+1IQMNstKLDOdIbQ==
Received: from MW4PR02MB7428.namprd02.prod.outlook.com (2603:10b6:303:71::5) by CH2PR02MB6757.namprd02.prod.outlook.com (2603:10b6:610:a5::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34; Wed, 6 Sep 2023 02:03:29 +0000
Received: from MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7]) by MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7%7]) with mapi id 15.20.6699.035; Wed, 6 Sep 2023 02:03:29 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "Multiformats@ietf.org" <Multiformats@ietf.org>
CC: Murray Kucherawy <superuser@gmail.com>, Barry Leiba <barryleiba@computer.org>, Francesca Palombini <francesca.palombini@ericsson.com>, Roman Danyliw <rdd@cert.org>, Paul Wouters <paul.wouters@aiven.io>
Thread-Topic: Multiformats Considered Harmful
Thread-Index: AdngY0G2EEkSJQrVSjGitvNBIl2pDg==
Date: Wed, 06 Sep 2023 02:03:29 +0000
Message-ID: <MW4PR02MB74285C15BBD628DD5F637C2EB7EFA@MW4PR02MB7428.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [aGVdAayP+ncO/vrwu2P/5pBsRd90ZhSiPm+aX2UCiPMFBphbSXu40id1UlS2dJb2Spq0Cg7yfQk=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR02MB7428:EE_|CH2PR02MB6757:EE_
x-ms-office365-filtering-correlation-id: 42f5c478-d98d-49bf-c20d-08dbae7d76e2
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1xpf2eRVic2iLTf9yz3kZ59pgFi1qDLyuqlsph0/nNfc7XhLYjpp2vcwqfUXIQS7o/P4uXC5qysYqu4swu8/wis4KnMHfsX19vLrNDhhBofSt6aCdmXqZa9lzqXSdDvIS9Exc4/gtlY4G93J0jq6c7cKBPW9eowjM7qr9Jb6Gp242mOHtqtrJ3/XWOYue/bgSsEw9eHGrsCj5ths8g/evmXRGwGYYGiyW/zZLt5FjSzrxBnCJz5ay0bL8SWDhL4M3sF3leo+TlL0wg5PMaHkSGSgshKtACzRR6BYPGqgYNA2B0zbEUExVWff0wmmiot8pBsc+P7OrvajkMf7Fu8sDmD7ZhEttyXcjXVyyg9OYc2gD2zKr9sne54WCM3z26pw3lyKlp7NsgVQgNXngWV7tC03ypkW/Wdvv8zO0BRJthmYmsBbQVaJwybyvPRzPCAuFcbBUYX5Y5VDhq3PPrGSHGSmphQ+Huw1ShS8HeAEJO0xjHTQ4zYI46mHH+/AiX4fZ8+AxIiL9rUaLb6UlnDu4B6HKBhH4BwjlF9rGG+MT432Xm0iFh34CsCWfxWhCMVC2Yn7rX4hHfQk5fqDp3QxPMruUTLuC9gwtWjPEswYUK4=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: J2NaeE7W7t0/4b7ypPrym/nNdHcuMBd24ZKx/isyAdtcMfveq4qllmLYKhh1JgTN/cpHgYsAxvdkkWAnoTWZkCuFI91yst2DZ0IbuqYAPPkt2vB9GQFSqAg3SdpmWH6gG2BSR5cXtUXZFdeijFCZgej25rCagKeoZ61lhEc4HgQQhgKdhpSxtJKMqrYmSgBmIsRpfenvVtpKFK3HOhXjzMpEb8TyC41Z7RiBzqVxLWss8+8DiWSICBH9EziZ0fnxE9TUB2wnPMrf86Ug3hlWQujythPTUrqJnkDJ+ku17RFJoSMZB3e4S7JEUxDRDAJOUW1WxG2Pnba7cP3UYAK+e1uJNvNnQyW+x4ATPuLgEiJBtimgDN0yOLLnpfqe69TbxxqsOUlIWEYNaggaru5stz3MEo/kfVrLiKdebCaHj1qOHeiF1xdnNbkesGqZ8g8TbM+HFpp3bk/l/5whZCyxFAuXLkrFW5bFkr293oyNk6glt+9bJShdL1bRNKqI7bDgNWHI4XdPhY2rxuKgSWvg0txPEWfx1coZ0r93NiHNjw2n1/1H3/T9n84M9tCrh5KqJAJ9SAp3SJkSyWSRjpeIHnSgnccisujJ+DdsT6Ii9tEDuURxxKxcaBarHjPzi/3cIkVLpqiS3wrq9ceCvMR4tUtZl3BYc2EthIlSKkaNBheopsRK96H87bfn57fb2qjxRQYlN4MrxFQ5Qpi0hCDfIz/rdy2e9isEj02en6BfVCXr7lMFW7qB/pRH/hBSH8bijJbL3iXkp4sdB0qIQfC/9HlxP3TEBVP0lq6B6+1DhOoNe+AY9lqWoP1sG22L9NVMbUhrityBh67KZpbh6xnMqp9hGLtgHzHSdWXPm9sFN3eOEPMUnPRVBTxfh1KA/CFGstDPy5TssgTduUCTt+M32/hnvJxfhx1y+baPDx8Wkip6/usW3Ddf4boCUjKpkXCXgzcYfgfI+TPjpOkWZ5QqckQWDLLzYcST/Y5MD20qQ4Vfpql5DfXu5Lt2QTOm7EB1L9enNvXDuVBT6fZyttbuvJhoOC0+MMedhu/iXDwiptwFEmLO2pcmH3k/Gb4puI4ArC1rNbWZl8wBPVKqaTxbIiv+U2Oe8+m/mZjDVWN8qvtWbtTR+O/3W/7oacX27uEXyESvLUdVdERJMv44827FYP81IXaN/GerUOXSNGCs+Sxvf3wIsHy8yIGT0ajCWSga7zSud6Z2B184eEIJs9+fqLmtcZ8eTWF8dA6qkfgzClmHTzJ27IGPpAEeUZuq3IZwV247ywXAQ95MUh5U3cY8ugRuTwJUN8UDVYXXzGJRjyU=
Content-Type: multipart/alternative; boundary="_000_MW4PR02MB74285C15BBD628DD5F637C2EB7EFAMW4PR02MB7428namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR02MB7428.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 42f5c478-d98d-49bf-c20d-08dbae7d76e2
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Sep 2023 02:03:29.1449 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR02MB6757
Archived-At: <https://mailarchive.ietf.org/arch/msg/multiformats/KqdFPgjbUcYhc4dHoWqQrUFGi08>
Subject: [Multiformats] Multiformats Considered Harmful
X-BeenThere: multiformats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion related to the various Multiformats data formats <multiformats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multiformats>, <mailto:multiformats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multiformats/>
List-Post: <mailto:multiformats@ietf.org>
List-Help: <mailto:multiformats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multiformats>, <mailto:multiformats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2023 02:03:38 -0000

While I usually reserve my time and energy for advancing good ideas, I'm making an exception to publicly state the reasons why I believe "multiformats<https://github.com/msporny/charter-ietf-multiformats/>" should not be considered for standardization by the IETF.

1. Multiformats institutionalize the failure to make a choice, which is the opposite of what good standards do. Good standards make choices about representations of data structures resulting in interoperability, since every conforming implementation uses the same representation. In contrast, multiformats enable different implementations to use a multiplicity of different representations for the same data, harming interoperability. https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03#appendix-D.1 defines 23 equivalent and non-interoperable representations for the same data!

2. The stated purpose of "multibase<https://www.ietf.org/archive/id/draft-multiformats-multibase-08.html>" is "Unfortunately, it's not always clear what base encoding is used; that's where this specification comes in. It answers the question: Given data 'd' encoded into text 's', what base is it encoded with?", which is wholly unnecessary. Successful standards DEFINE what encoding is used where. For instance, https://www.rfc-editor.org/rfc/rfc7518.html#section-6.2.1.2 defines that "x" is base64url encoded. No guesswork or prefixing is necessary or useful.

3. Standardization of multiformats would result in unnecessary and unhelpful duplication of functionality - especially of key representations. The primary use of multiformats is for "publicKeyMultibase" - a representation of public keys that are byte arrays. For instance, the only use of multiformats by the W3C DID spec<https://www.w3.org/TR/did-core/> is for publicKeyMultibase. The IETF already has several perfectly good key representations, including X.509, JSON Web Key (JWK), and COSE_Key. There's not a compelling case for another one.

4. publicKeyMultibase can only represent a subset of the key types used in practice. Representing many kinds of keys requires multiple values - for instance, RSA keys require both an exponent and a modulus. By comparison, the X.509, JWK, and COSE_Key formats are flexible enough to represent all kinds of keys. It makes little to no sense to standardize a key format that limits implementations to only certain kinds of keys.

5. The "multihash<https://www.ietf.org/archive/id/draft-multiformats-multihash-07.html>" specification relies on a non-standard representation of integers called "Dwarf". Indeed, the referenced Dwarf document lists itself as being at http://dwarf.freestandards.org/ - a URL that no longer exists!

6. The "Multihash Identifier Registry" at https://www.ietf.org/archive/id/draft-multiformats-multihash-07.html#mh-registry duplicates the functionality of the IANA "Named Information Hash Algorithm Registry" at https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg, in that both assign (different) numeric identifiers for hash functions. If multihash goes forward, it should use the existing registry.

7. It's concerning that the draft charter<https://msporny.github.io/charter-ietf-multiformats/> states that "Changing current Multiformat header assignments in a way that breaks backward compatibility with production deployments" is out of scope. Normally IETF working groups are given free reign to make improvements during the standardization process.

8. Finally, as a member of the W3C DID and W3C Verifiable Credentials working groups, I will state that it is misleading for the draft charter to say that "The outputs from this Working Group are currently being used by ... the W3C Verifiable Credentials Working Group, W3C Decentralized Identifiers Working Group...". The documents produced by these working groups intentionally contain no normative references to multiformats or any data structures derived from them. Where they are referenced, it is explicitly stated that the references are non-normative.

                                                -- Mike

P.S.  This was also posted at https://self-issued.info/?p=2408 and https://www.linkedin.com/posts/selfissued_github-mspornycharter-ietf-multiformats-activity-7105001423574077441-6tcS, referenced from https://twitter.com/selfissued/status/1699234431293370376, and filed as an issue at https://github.com/msporny/charter-ietf-multiformats/issues/2.

v2.23.0 | Report a Bug | By Email