IETF Logo Mail Archive

Re: [Multiformats] Multiformats Considered Harmful

bumblefudge von CASA <bumblefudge@learningproof.xyz> Fri, 08 September 2023 03:44 UTC

Return-Path: <bumblefudge@learningproof.xyz>
X-Original-To: multiformats@ietfa.amsl.com
Delivered-To: multiformats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0CB5C1516FF for <multiformats@ietfa.amsl.com>; Thu, 7 Sep 2023 20:44:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=learningproof.xyz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9ndorCPL6Ei for <multiformats@ietfa.amsl.com>; Thu, 7 Sep 2023 20:44:33 -0700 (PDT)
Received: from mail-4022.proton.ch (mail-4022.proton.ch [185.70.40.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F53C1516F3 for <multiformats@ietf.org>; Thu, 7 Sep 2023 20:44:32 -0700 (PDT)
Date: Fri, 08 Sep 2023 03:44:26 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=learningproof.xyz; s=protonmail; t=1694144670; x=1694403870; bh=iUbGuVRHhCYSWTeOoapuK5V+RW7w6YeE8Qwp1rSN/wE=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=dvZkPqq0ub85WrLVbMlx7B2M/onsMOgWHKPyC3LTMK61GT0vqmN3dzgbA5xbtOXAC H/mBZNt+GqmBodu+8hw38iYq5q3hcEuBb6rtEUMqSANE89Tsop8N6/Ci9UzgFbkpfb 9dnwQZvd4o+3Tcba8r4AJZnSOz3QaR4+Gppq91ISobwdoEDr+PceReYQyO3nhuBddV feqevTaC9veG48gkTx+N5vM78A+/aZuGtIo7BVB4oq/KcJzEEeH1hFra3hvKSXGcVu 0+WdGMDlXTv4ZuxVopRpZf7knuWAruwnr+OUrI1BP24hhsD6HfoLdyvfbBcSyxYVou Nv0/5fV9dpujQ==
To: "multiformats@ietf.org" <multiformats@ietf.org>
From: bumblefudge von CASA <bumblefudge@learningproof.xyz>
Message-ID: <bZsJHv4xeIRThj0Hxah4AW_2_f-JR41FwLOZLy9cki2SluPHw3AC-xIKgj01wsvRAxGVNXr4WEXxOoSo9knOLAIkEUGTwncZ0-Ks0Uu--mk=@learningproof.xyz>
Feedback-ID: 85909410:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_kMMgNbnaPysBdSXqlyw6vbrm99eVm1shPH6J6aeOKu4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multiformats/wvVjTGZBHTwx_6lf5bY04SM_w9Y>
Subject: Re: [Multiformats] Multiformats Considered Harmful
X-BeenThere: multiformats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion related to the various Multiformats data formats <multiformats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multiformats>, <mailto:multiformats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multiformats/>
List-Post: <mailto:multiformats@ietf.org>
List-Help: <mailto:multiformats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multiformats>, <mailto:multiformats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 03:44:38 -0000

Dear Orie:

Thanks for your two emails expanding on Mike's arguments with your experiences implementing at W3C: showing your notes in such detail is generous and helpful. Unfortunately, however, my answers to your version aren't much different than my answers to Mike's. The argument is 80% politics and 20% helpful suggestions for improving the submitted documents.

Most of the politics are W3C politics or otherwise external to IETF. I do not think the IESG should be burdened by what a W3C WG is enabled to do if IETF hardens a version of a widely-deployed protocol used in P2P data systems. Appealing to the IETF leadership's feelings about the DID/VC work or about blockchains smacks of guilt-by-association, since neither DIDs nor key discovery nor blockchains in general nor Filecoin specifically are targeted use-cases or mentioned in the documents under discussion. The insinuation that my volunteer work on DIDs at W3C or my dayjob preaching standardization in the blockchain salt mines "motivates" "[moving] multibase to an organization that can be referenced normatively" is an ad hominem cherry on an off-topic sundae.

The remaining IETF politics relate to a having-cake-and-eating-it-too claim about duplicative protocols. Either multiformats is *entirely* duplicative and redundant, in which case it could be argued to be harmful to the established protocols with which it shares some goals, or it *partially* overlaps with those protocols, in which case it complements them and could enable new combinations if sliced thinly and hardened well. Your two emails go back and forth on this question, both arguing that multiformats is "basically just" a CBOR tagging pattern grafted onto a protobuf trunk AND arguing that the current proposal isn't duplicative in itself, i.e. that the real harm lies many RFCs down the road when it gets profiled in ways that come closer to directly competing with IETF's current headliners. But if these proposed RFCs are just the foundations and those later downstream profiles are the problem, why not block those future RFCs and let other things be built on these foundations? It's a "time machine to kill Hitler" argument, which flatters multiformats in how much harm it imagines multiformats doing.

As for breakage, I already addressed this twofold: I want breakage balanced against costs to legacy production deployments like any other specification-hardening work, and I want work items sequenced so as not to unduly stack the cards against breakage if it proves necessary.

All that said, I thank you for bringing an implementer's perspective on switching costs and protocol abundance-- the burden of proof is on the working group to document better the benefits and complementarity to prior art, and I'm sorry to hear that you are not yet seeing enough of either to support the work.

Warm regards,
__juan

On 06/09/2023 21:46, Orie Steele wrote:

> I'll comment in the context of the experience working with multicodec and multibase at W3C.
>
> And include a few folks I spoke with regarding this topic at the last IETF.
>
> We implemented support for publicKeyMultibase, and helped register the NIST curves in order to be able to do "key translation" required to use Decentralized Identifiers or Verifiable Credentials.
>
> https://github.com/multiformats/multicodec/pull/190
>
> We've also used multibase encoded "proofValue" in JSON-LD / RDF to encode various kinds of Data Integrity Proofs:
>
> https://github.com/w3c/vc-data-integrity
>
> The 2 primary points of connection to W3C for this work are "encoding key representations" and "encoding signature / proof values"... not just encoding hashes as strings, although that is also commented on https://github.com/search?q=repo%3Aw3c%2Fvc-data-integrity%20digestMultibase&type=code ...
>
> I'd add that digestMultibase is positioned as competing with digestSRI, and the W3C working group has no consensus on if it's worth not being compatible with SRI... In very much the same way the working group can't agree to recommend using publicKeyMultibase over publicKeyJwk... It's possible that might change in the current verifiable credentials working group, if it does not, that would also prove my general point regarding helpfulness.
>
> W3C specifications do not require, prefer or recommend multibase.
>
> Data Integrity - https://github.com/w3c/vc-data-integrity which is on track to become a technical recommendation is, afaik, the sole exception to this, `proofValue` MUST be encoded as multibase... This is a part of what is motivating the need to move multibase to an organization that can be referenced normatively by W3C, without producing their version of a downref.
>
> Some members of W3C want to position multibase keys and signatures as recommendations, and there seems to be a good amount of overlap with folks wanting to position data integrity proofs, which are similar to xml digital signatures, as the recommended way to encode verifiable credentials with security.
>
> Everything these folks are recommending can be solved for with standards that are available today, many of which have lots of off the shelf implementations and are widely adopted in protocols for moving JSON based data models (JOSE, OAuth, OIDC).
>
> Having spent a lot of time implementing support for multibase in the context of DIDs and VCs our conclusion is that they are not "worth the switching cost" relative to JOSE... COSE support is worth the switching cost, but it's not compatible with the W3C Data Model approach which is based on JSON-LD and RDF.
>
> The primary point I want to make is this:
>
> Adding many ways to do the same thing, with very little benefit over the existing ways is not helpful.
>
> Adding new ways to do old things that are not an improvement worth paying to upgrade too, is also not helpful.
>
> It creates a fertile garden bed of bugs and consulting opportunities, which can reduce security and drive up costs for regulators and commercial markets needing to implement standards, without benefiting end users, who we are here to serve.
>
> To be clear, there is nothing wrong with preferring base58btc over base64url, or uvarint prefixing over cbor tagging... But there is a lot wrong with forcing verifiers and relying parties to support "every binary encoding format multiplied by every registered public key or hash type"... it's better to not publish a standard, than it is to do this.
>
> I don't see how multiformats does not leave the verifier or relying party holding this bag, along with all the other burdens they are required to carry already (JOSE, COSE, etc...), and if they can't handle it, or they handle only part of it, the consumer / end user does not get the benefit.
>
> I don't think the work should be done... If it is done, or continues to be done (since it's happening at W3C regardless of progress in IETF), I think it will continue to cause harm to the use cases that it's supposedly being done to support.
>
> Specifically ensuring end users can control their own identifiers and credentials, and that verifiers (governments, organizations, hardware systems and other users) can automate compliance requirements built on digital trust ecosystems.
>
> I have a lot of respect for the people involved with the work, in particular Protocol Labs & Digital Bazaar, even if I don't think this particular approach should become an IETF standard.
>
> Regards,
>
> OS
>
> On Wed, Sep 6, 2023 at 3:45 AM Carsten Bormann <cabo@tzi.org> wrote:
>
>> RFC 6256, which was used in the bundle protocol v6, before they switched to CBOR for v7
>>
>> Sent from mobile, sorry for terse
>>
>>> On 6. Sep 2023, at 10:09, Carsten Bormann <cabo@tzi.org> wrote:
>>
>>> Leb128 (not sure that the drafts call it by its common name) is the little endian variant of sdnv, which we do have as an rfc (please look that up for me…)
>>
>> --
>> Multiformats mailing list
>> Multiformats@ietf.org
>> https://www.ietf.org/mailman/listinfo/multiformats
>
> --
>
> ORIE STEELEChief Technology Officerwww.transmute.industries
>
> https://transmute.industries

---
bumblefudge
janitor [@Chain Agnostic Standards Alliance](https://github.com/chainagnostic/CASA)
contractable via [learningProof UG](https://learningproof.xyz)
mostly berlin-based

v2.23.0 | Report a Bug | By Email