search

w3c-ccg / multihash

An IETF Internet Draft for the Multihash data format
https://w3c-ccg.github.io/multihash/index.xml
Other
10 stars 8 forks source link

Have you considered using CBOR? #16

Open dwaite opened 3 years ago

dwaite commented 3 years ago

A CBOR equivalent of the SHA-256 hash might be

# tag (279;"SHA-256 hash") , byte array(32), data
0xd90117 5820  41dd7b6443542e75701aa98a0c235951a28a0d851b11564d20022ab11d2589a8

While this uses three more bytes than the example given in the document, it has the advantage of not requiring some additional parser and being usable directly in a CBOR document without additional bytes for framing as a byte array or tagging as a multihash.

ChristopherA commented 3 years ago

@dwaite:

I struggle when multihash and CBOR are mixed. I'm ok with multihash as a text encoding format for binary data, but when multihash is put into a CBOR object (and apprently there are some CBOR tags already registered for multihash inside of CBOR), when CBOR itself is an encoding format for binary data, it just feels seems off to me.

From a security perspective I'm also concerned that there is now twice the attack surface — a multihash parser and a CBOR parser.

I'd like to see more guidance on where it is best to use multihash instead of CBOR.