-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make base32 CIDv1 the default for go-ipfs #4143
Comments
Good arguments, especially the one about GoogleSafeBrowsing's false-positives for public gateways 👍 CIDv1 format is strongly related to discussion at ipfs/in-web-browsers: Tackle identifying origins with (or without?) fs: paths. I was unable to find definitive, final decision on which exact encoding will be used apart from @lgierth initially pondering "base16 or base32" and @samholmes suggesting base32 with Crockford's Encoding. Was the decision made elsewhere? |
Thank you for creating this issue, @kyledrake. I agree with your proposal, we can take the opportunity that we are bringing CID to the world for the first time to get base32 as the new default. If not handled internally correctly (i.e using the string format vs the binary format) it will add significant overhead, but that is just something we can change internally to make sure that we use memory efficiently. |
I'm strongly in favour of making base32 the general default encoding for CIDs everywhere. We need base32 for the ipfs:// URL scheme, and it'd suck if people had to deal with different CID encodings, or even have to use converter tools. |
And, I think we haven't had any decision on it -- we just sticked with base58 as that was the original encoding used from the beginning. |
Yeah, that was pretty much how the decision got made. Still in time to change though. |
Well I'm all for it :):) |
Notes on Base 32 EncodingWhat would it take to get a new base added to the multibase table? Specifically, what would it take to add Crockford's Encoding to the table. As of commenting, it appears RFC4648 and z-base-32 are the only base 32 encodings included in the multibase spec. An added reason to push for Crockford's Base32 is that it meets the same criteria as Base58Check, the base58 encoding Bitcoin uses for bitcoin addressses:
It seems to be like Crockford's Base32 naturally fits the same goals as Base58Check with the added feature of being case-insensitive. |
Let's use whatever base32 variant Javascript and (less important) other programming languages use as their default base32. (I assume it's Crockford's) |
Notes on URLs and URI SchemesFrom what I can tell, there is no obvious direction for solving issues surrounding URI Schemes and browser origin policies coupled with them thus far. However, my rough proposal is up for further commenting. However, my inclination is to specify an alternative format and standard from URI. Then, leave it up to implementations to bridge this new format to a purposed URI scheme. Although a hack at the implementation level, it would open up an opportunity to re-think what a web address could be. Maybe a multiresource standard should be defined and added to the multiformats basket? |
@lgierth I don't know if there is a default base32 encoding in Javascript. If you would consider Javascript's native toString Number method:
It appears toString uses Base 32 Encoding with Extended Hex Alphabet from RFC4648. Other than this, the Javascript community modules include many variants of base32 encodings; among them is Crockford's. So, it's safe to say that it's not an obscure encoding at the least. |
I am not sold that Crockford's Base32 is better than than rfc4648 (that we already use the to in the flatfs datastore) but I don't see any problem with adding an entry to the table and implementing it in go-multibase. Step one would be to open an issue here: https://github.com/multiformats/multibase/issues. |
Worth noting is that there's several different flavors of base32, including (my personal favorite) one that Nintendo games used that was designed to avoid profanity. I'm kindof indifferent as to which version gets used. I chose RFC because it's a standard, it's been around a while, nginx-misc-module supports it, and it probably has the widest support across all programming languages. My only strong preference here is that it's a variation most programming languages already support, so we can minimize devs having to re-invent wheels. Crockford seems to fit the bill more-or-less as well as RFC, which is my rationale for being OK with using it. @kevina would you have very strong objections to crockford being used by default by go-ipfs with cidv1? |
@kyledrake concerning some of the issues (in particular the use of cidv1abcde.dweb.link) have a look at #1678 (comment) it the full issue rather long but contains lots of useful context in why we currently use |
@kyledrake if we switch to using Base32 I do not have any strong objection to using crockford over the RFC one. The only reason I would chose the RFC one is because it is a standard and more likely to have an implementation available as part of the language. What I do have an slightly stronger objection to is switching to Base 32 from Base 58 due to the increase in length. Let's see how this is progress with various proposed changed:
So if we ultimately go with using CidV1 using Blank2b-256 and Base32 as the default the length of the Cid string will increase 35%. That is a non-trivial amount as apposed to the (I think) original plan of switching to CidV1 using same sha256 hash which provides a minor increase of 3 characters or 6.5%. However, if everyone else is okay with this length increase I am not going to block a move to using Blank2b-256 and/or Base32. |
I'm okay with the increase in length. If I am not mistaken, the trade-off would be making it easier to use the same CID within an |
I'm very comfortable trading increased length for increased portability. Not making base32 or base16 the default means that the browser UX of IPFS will suffer. Even if we skip the
I'd be more interested in what stdlib-type libraries use, rather than some individual's library. Random data points: golang's Could someone check what other important libraries and tools use, so that we get a small survey? |
On a different note, we should default to lowercase base32 for readability (and of course accept reading both uppercase and lowercase). |
Any objects I have to the increase length are mild. It just that things like increase in length can creep up on you and at some point a few years later we stand having keys 2-3 times the length of the original. Not saying it will happen, but want to explain where my (mild) objection is coming from. @lgierth why won't our existing base (base58btc) work if you go with |
Also, I agree with using lowecase as the default. |
In general, browsers assume that security origins are insensitive. With |
As per the WHATWG URL spec, the hash in That's why @kyledrake made hshca |
@Stebalien @lgierth thanks |
So, if we do make base32 the default so that we can represent them on the domain component of the URL, the question I have is: How will we reference CidV0 objects, since we can't completely eliminate them? I created an issue to discuss this ipfs/go-cid#34. |
@olizilla this won't make the cut for 0.13, but I like the idea of bumping semver to 1.0.0 when we are ready to ship CIDv1 everywhere, will think about it around 0.14+ 👍 ps. before 1.x we also need to discuss renaming the project so something other than the generic "go-ipfs" |
@lidel Can I have a simple example of what would a CID change look like in |
(Trying to interpret the spirit of the change, but can be way off. This is just something concrete to start the discussion from.) In the case of We would then want to refactor that library to use CIDv1 by default? Or am I going too deep in the change and instead we would need to find a bypass in MFS/UnixFS to avoid this tooling and make sure they set the CIDv1 everywhere? The first seems the cleanest if we're transitioning to CIDv1 everywhere but might cause unexpected behavior to other consumers. The second has less impact but will be messier and harder to maintain (thinking off the top of my head, need to look closer into the code). I can still be going too deep and we just need to find a spot to make the CIDv0-to-CIDv1 change in the command output itself, and still remain with CIDv0 internally (this also goes in the direction of an even less impactful change, but again with the sense of a messier approach, at least at first sight, of having to catch and intercept these exposures of our internal CIDs to change them for the user). |
@schomatis thank you for looking into this. Switching to My suggestion is to look for a less invasive approach – maybe call If that is too messy, what if we manually execute |
I agree with taking a middle-of-the-road approach. I think I'll go with setting a CIDv1 alternative in merkledag itself (without forcing the current default) and start switching to that wherever it makes sense (like in UnixFS when creating the default directory that ends up being used in If I understand correctly (please confirm this), we seek as part of this transition to store CIDs v1 internally, not just showing them externally to the user. |
Relevant libraries moved to boxo and have clear maintainers and ownership (IPFS Stewards):
We should be able to update defaults to CIDv1 with raw-leaves=true as the new default there. |
Switching to It feels like a good opportunity to ALSO enable |
#10421 got merged and is scheduled to ship with Kubo 0.29. It introduced There are also two new profiles with cidv0 and cidv1 presets:
|
I'm trying to solve this on two different levels. On the spec level, I feel like every single parameter of DAG production needs to be defined for the kubo-CIDv1 and kubo CIDv0 profiles, even if the CLI doesn't expose each of those parameters as flags (it's totally OK if it never does!). On the kubo level, it's probably better if many of these parameters aren't exposed as flag, and it seems uncontroversially acceptible if special-snowflake use cases that define their own IPLD dialect ("off-profile" is the new "off-spec", voids your warranty, etc), and that change some of these low-level DAG-shape settings, find that they cannot recreate their CIDs with kubo from the same inputs. I'm hoping the IPIP outlining what a "complete" profile is lists all these "implicit" (in kubo, at least) DAG params and chunking params, and that the formal, independently-reimplementable definition of these profiles includes their values, even if changing any of them requires forking kubo or helia or otherwise going off-roading. |
Yes, specs will be a laborous lift, but I think what we could do in Kubo, is to "freeze defaults" by writing them to JSON config ( This way we can switch new instances to CIDv1 without impacting existing users that depend on CID being deterministic. Going forward, we if we make any new knob that impacts produced CID, we would add it there and also freeze the current default before changing it for new users. This way users who are oblivious to all the complexity will still get "the same CID" and if they start getting different one on a different Kubo instance, they can DIFF config, spot the difference, and fix problem themselves. |
I understand there's a switch to CIDv1 soon. I think go-ipfs should use lowercased base32 (rfc4648 - no padding - highest letter) as the default multibase.
The reason this encoding is preferable: it's the one encoding that will work with subdomains (RFC1035 + RFC1123). The restrictions are: case-insensitive, a-b0-9 and less than 63 bytes.
For a slight increase in length, you reap enormous benefits:
<img src="/rootimg.jpg">
It should use lowercase base32 characters by default, so that it's consistent with subdomain usage (all the browsers will force lowercase). IIRC the RFC doesn't care if it's lowercased, I think people just default to upper case for legacy reasons.
Obviously an abstraction layer could be written that converts between base32 and something else for use with web gateways and then have a different default, but I think it would less confusing for end users to use one default: the one that will let origins in browsers work.
This approach shouldn't be a problem for webextension plugins, but @lidel feel free to chime in.
Further reading: https://github.com/neocities/hshca
The text was updated successfully, but these errors were encountered: