Open dwaite opened 3 years ago
@dwaite:
I struggle when multihash and CBOR are mixed. I'm ok with multihash as a text encoding format for binary data, but when multihash is put into a CBOR object (and apprently there are some CBOR tags already registered for multihash inside of CBOR), when CBOR itself is an encoding format for binary data, it just feels seems off to me.
From a security perspective I'm also concerned that there is now twice the attack surface — a multihash parser and a CBOR parser.
I'd like to see more guidance on where it is best to use multihash instead of CBOR.
A CBOR equivalent of the SHA-256 hash might be
While this uses three more bytes than the example given in the document, it has the advantage of not requiring some additional parser and being usable directly in a CBOR document without additional bytes for framing as a byte array or tagging as a multihash.