bendy-butt-spec's People
bendy-butt-spec's Issues
Separating message format from encoding discussion, adding hard justifications
Quote:
Why a new feed format, when we already have gabby grove and bamboo?
Because we would want to offer a feed format that is simple and easy to implement in any programming language by reusing an established format (bencode) with existing encoder libraries.
There are so many "encoding religious wars" that it seems wise to separate this at the text level from the discussion of the (logical data structure) format needed for new feeds, instead of glossing over it in one sentence.
I note that the CBOR standard easily fulfills and probably exceeds the claims made for bencode ("established", "existing libraries"), so more arguments would be needed here, because bencode has shortcomings for sure.
Adding with SSB-BFE yet another binary encoding (instead of re-using CBOR or bencode for the structured ID data) also needs some hard justification - especially as falling back to fixed-width fields is exactly what above encodings wanted to overcome ...
add crypto-agility, name the signing algorithm
It would be good (and best practice) to explicitly encode the signing algorithm into the payload to be signed. See JOSE or COSE
I also suggest to spell out , in your description of BendyButt, the signing algorithm, ideally using an established name and format from the RFC world, and avoid referring to a specific implementation as a way of defining it.
TFK encodings
Update TFK with new feed format + box encoding.
Year 2038 problem
Item 4 in the specification mentions:
timestamp
, a 32 bit integer representing the UNIX epoch timestamp of message creation.
If the integer is signed, this allows only a further ~16 years until UNIX epoch timestamp wraparound, which for a purposely long-term format I assume is an issue. (If it's an unsigned integer, it extends it until 2106, which may give "sufficient" additional time for the life of the format.)
clarify format of the "content" inside a message
Bendy butt spec specifies content
as:
content an array of a dictionary encoding the data relevant to the meta feed and a signature. The signature is the concatenation of the string 'metafeeds' encoded as bytes and the bytes of the content payload, signed using the private key of the sub feed. If content is encrypted this will also be encrypted as a binary SSB-BFE encoded box2 message
Content is written as Bencoded list of dictionaries but, the example on the page makes it look like a JS object. This can lead to the misunderstanding that the content is JSON inside a Bencoded message. It might be beneficial to add a word or two clarifying that that is not the case.
first review comments
- define sequence as varint (the one we already use in bipf, i'd say)
- define that previous for seq:0 is an empty message tfk (so zero bytes instead of nothing)
- i'd move timestamp inside message content, if possible
- content is encoded as bipf, too, i guess?
- signature and content signature? why?
rename
Now that we moved away from bipf as the encoding, this needs a new name. bipfy badger
will be way to confusing if it's not using bipf.
Personally, I like boring butt. It also abbreviates nicely to bb. It follows the lineage of boring ssb (using existing tech).
nonce encoding
since we use a binary format now, does the nonce
really need to be base64 encoded?
make bad vectors
We only have a happy path vector file. To make it easier for implementations to harden their verification rules we should also make some with broken/invalid messages.
These might include:
- invalid author formatting
- invalid previous formatting (type, length, ...)
- wrong previous hashes
- broken signature(s)
- wrong sequence numbers
- too long messages
- given that this format is supposed to be just for metafeed managment, broken content
I'd also wager it's better to have these as a seperate file to keep the "good" vector file less complicated.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.