Re: Adopting the Multihash spec as a work item? from Melvin Carvalho on 2019-01-02 (public-credentials@w3.org from January 2019)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 2 Jan 2019 08:22:53 +0100
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAKaEYhKU_Dyg2YYp95+jHLiD4Kuob493ZA7zcBb3mijM9VBu8A@mail.gmail.com>

On Tue, 1 Jan 2019 at 19:02, Manu Sporny <msporny@digitalbazaar.com> wrote:

> Hi all (bcc: Protocol Labs Research Division),
>
> The Multihash specification was drafted before/during the last RWoT and
> has been released as an IETF Internet-Draft. The specification is
> intended to be a joint work product of Protocol Labs (IPFS and
> Filecoin), the W3C Digital Verification Community Group, and the W3C
> Credentials Community Group... which means we need to decide if we're
> adopting it as a Work Item in the CCG.
>
> So, what problem does Multihash solve and why do we care?
>
> Our community depends on cryptographic hashes to generate short
> fingerprints for files and data. These fingerprints look like this as
> binary data:
>
> 0x0a4ec6f1629e49262d7093e2f82a3278
>
> While that may look like gobbledygook to a human reader, it's enough for
> a computer to uniquely identify, for example, one picture among all of
> the other trillions of pictures on the Web. We use these fingerprints
> when working with Verifiable Credentials, DIDs, public keys, and
> evidence data (images, PDFs, etc.) that are linked to VCs.
>
> The problem is that we don't know what sort of cryptographic hash
> function generated the hash above, so we need to put an identifier at
> the front of that cryptographic hash. That's basically what Multihash
> does: it provides a mechanism to identify how cryptographic hashes were
> generated.
>
> This is useful because if we have a cryptographic hash identifier, we
> can design upgradability into the systems we're building today.
> Cryptographic hashing systems are broken every 10 years or so -- they
> have a shelf life and will eventually need to be upgraded. Building this
> concept of upgradability into our systems, especially DIDs and VCs, is a
> good engineering practice and the Multihash spec enables us to do just
> that. It's a fairly short 10 page spec and can be found here:
>
> https://tools.ietf.org/html/draft-multiformats-multihash-00
>
> This email is a request to the Chairs to add this to the next meeting
> Agenda for the CCG and adopt it as a work item.
>

Does not RFC 6920 (Naming things with hashes) already have this property

https://datatracker.ietf.org/doc/rfc6920/

And furthermore, has the advantage of a way to dereference the hash using
HTTP.

Are there any substantial advantages to the multiformats RFC?


>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>
>

Received on Wednesday, 2 January 2019 07:23:28 UTC