- From: Daniel Hardman <daniel.hardman@evernym.com>
- Date: Tue, 1 Jan 2019 13:34:54 -0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAFBYrUqrOPqq7sy104wFPKY2f1CvNvB0nWDokez6KbbCLTDgYQ@mail.gmail.com>
Sites like virustotal.com deal in hashes constantly. They distinguish algorithms for hashes based on the output size (MD5 has one size digest, SHA2 has another size, SHA256 another size, etc). I assume we feel like adding a prefix is important because this technique is not adequate? On Tue, Jan 1, 2019 at 11:02 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > Hi all (bcc: Protocol Labs Research Division), > > The Multihash specification was drafted before/during the last RWoT and > has been released as an IETF Internet-Draft. The specification is > intended to be a joint work product of Protocol Labs (IPFS and > Filecoin), the W3C Digital Verification Community Group, and the W3C > Credentials Community Group... which means we need to decide if we're > adopting it as a Work Item in the CCG. > > So, what problem does Multihash solve and why do we care? > > Our community depends on cryptographic hashes to generate short > fingerprints for files and data. These fingerprints look like this as > binary data: > > 0x0a4ec6f1629e49262d7093e2f82a3278 > > While that may look like gobbledygook to a human reader, it's enough for > a computer to uniquely identify, for example, one picture among all of > the other trillions of pictures on the Web. We use these fingerprints > when working with Verifiable Credentials, DIDs, public keys, and > evidence data (images, PDFs, etc.) that are linked to VCs. > > The problem is that we don't know what sort of cryptographic hash > function generated the hash above, so we need to put an identifier at > the front of that cryptographic hash. That's basically what Multihash > does: it provides a mechanism to identify how cryptographic hashes were > generated. > > This is useful because if we have a cryptographic hash identifier, we > can design upgradability into the systems we're building today. > Cryptographic hashing systems are broken every 10 years or so -- they > have a shelf life and will eventually need to be upgraded. Building this > concept of upgradability into our systems, especially DIDs and VCs, is a > good engineering practice and the Multihash spec enables us to do just > that. It's a fairly short 10 page spec and can be found here: > > https://tools.ietf.org/html/draft-multiformats-multihash-00 > > This email is a request to the Chairs to add this to the next meeting > Agenda for the CCG and adopt it as a work item. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches > >
Received on Tuesday, 1 January 2019 20:35:27 UTC