Comments (4)
Hi @OR13, please ignore the incorrect referenced bug fix referenced above.
I do not understand the issue. Currently the CAS layer operates on Buffer and makes no assumptions on how the buffer is constructed. The content (e.g. anchor or batch file) is written only once to CAS by a rooter, no other instances/entities ever need to reproduce the exact serialization/file without fetching the file itself directly from CAS which would yield the same hash.
from sidetree.
Its true that sha256(Buffer.from(JSON.stringify(someDeepObject)))
will generate a contentAddress, and so long as some other system does not try and derive the same address from their version of someDeepObject, it will work fine.
I have encountered issues with this in other projects, where a client constructs an object and then attempts to verify its existence in another system by generating a contentAddress for the object.
https://stackoverflow.com/questions/42491226/is-json-stringify-deterministic-in-v8
It may not be an issue with the way sidetree is being used today, I just worry about this sort of thing in protocols / standards.
JSON-LD has a similar challenge, and uses a much more complicated way to achieve a canonical representation of a json document: https://github.com/digitalbazaar/jsonld.js/#canonize-normalize
These things matter more when you have protocol implementations in multiple languages, for example mastodon uses ActivityPub and JSON-LD Signatures, and canonizes their objects using the method above before signing them:
See also: https://stackoverflow.com/questions/4670494/how-to-cryptographically-hash-a-json-object
In the future, when sidetree supports Swarm, Storj, Sia, Madesafe, subspace or any of the other content addressing storage systems out there, how you construct the object, will determine the buffer, which will determine what content address you get.
Its possible this is not going to be an issue for sidetree, I'm just sensitive to this issue having been burned by it before, its also one of the main reasons I like JSON-LD (there is standard way of normalizing json documents with a context)
from sidetree.
Thanks @OR13 for the useful info.
In principle, I do like the idea of having a standardized deterministic JSON serializer, but only if it is based on an industry standardized deterministic JSON serialization specification (if there is such a thing); depending a library without such spec can lead to variance/divergence if ported to different languages, or if the library breaks backwards compatibility for in future version, both would result in non-deterministic serialization. I do not want to tie Sidetree implementation to a particular version of a library indefinitely.
All is to say that I would rather not impose serialization rules that are unnecessary and keep things simple if possible. Since it is a non-issue for Sidetree in the foreseeable future, I will won't-fix this for now until it becomes an issue.
Will wait for your comments before closing.
from sidetree.
sorry for my delay. I think its totally fair to mark as won't fix. It may in practice never actually be an issue if users can not reconstructing objects locally, and are always working backwards from the contentID.
from sidetree.
Related Issues (20)
- Confusing wording for patch "id" properties HOT 2
- Unable to create -and- update a DID until anchoring of each operation? HOT 18
- How to we replace or recover the did if we lost the key or forgot the mnemonic phrase? HOT 6
- Editorial feedback
- Contexts need updated to produce valid JSON-LD DID Documents HOT 5
- API data model should support passing in the "controller" property
- Anchor tags in spec don't work HOT 2
- Run local node with IPFS write error HOT 4
- Update operations commit-reveal chain may lead to an unresolvable DID HOT 5
- Only the Provisional Proof File prunable? HOT 2
- Missing DID READ operation in Sidetree v1.0.0 spec. HOT 1
- Cannot write to IPFS v0.11 HOT 1
- Support ietf-json-patch HOT 3
- Sidetree doesn't allow array for serviceEndpoint property (incompatile with DIDComm) HOT 4
- Spec states "deltaHash" but all test vectors use "delta" HOT 1
- Base64URL needs to be more clearly specified
- Long-Form DID & Short-Form DID Identity ambiguity HOT 6
- Split sidetree implementation into a new repo HOT 1
- Chain-specific guidance (or even parameterization) should be spelled out in a mandatory section of each method's spec
- v1.1 features list HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sidetree.