DIP-273 Content hash semantics and format normalization #273
Description
Abstract
We propose treating the url field in DSNP announcements as a hint only, and allow consumers to treat as valid any content that matches the hash field.
We normalize usage of hashes throughout the specification to use the base32-encoded multihash string format.
Motivation
DSNP announcements reference off-chain content using a URL and hash. Current instructions for content consumers are to retrieve a content file using its URL, and then verify its hash. These instructions tie the content to a particular retrieval location via HTTPS. If that location (hostname or IP address) is unavailable, temporarily or permanently, there is no sanctioned means of retrieving the content.
We want to make DSNP more robust by making it possible for consumers to find the relevant data on other filesystems where data can be cached, replicated and distributed. This allows service providers to optimize for higher content availability and (potentially) lower latency, and crucially, for users to self-host their own content as an alternative or backup to hosting by external service providers.
Specification Pull Request
Rationale
The url still provides a useful function and will often be the original and quickest way to retrieve the desired content, so it remains.
Backwards Compatibility
url usage can remain the same, but applications can now treat url as a suggestion or hint as to where to find the content matching the hash.
The ability to update the url of an announcement (for those announcement types that support Update Announcements) is unaffected, because the DSNP Content URI of an announcement is based on the hash field.
Reference Implementation and/or Tests
TBD
Security Considerations
Merely retrieving a file by its content address (CID) does not necessarily mean that its hash is guaranteed to match. Consumers should ensure that the actual CID matches (as by recalculating it from the retrieved data, though this is often done by lower-level libraries).
Dependencies
None
References
- Multicodec table: https://github.com/multiformats/multicodec/blob/master/table.csv
Copyright
Copyright and related rights waived via CC0.