R3: hash bytes as served, remove canonicalization mandate#16
Open
rohanharikr wants to merge 1 commit into
Open
R3: hash bytes as served, remove canonicalization mandate#16rohanharikr wants to merge 1 commit into
rohanharikr wants to merge 1 commit into
Conversation
The R3 hash is now computed over the bytes the resource serves, not over a canonicalized form. The resource's serialization is the document. Adds implementer guidance: serialize once, store, serve verbatim — re-serialization between hash computation and serving will break the chain. Removes RFC 8785 dependency. Resources that build documents on the fly should persist serialized bytes (e.g. KV) rather than re-build per request. Closes dickhardt#13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #13
Changes the R3 hash to be computed over the bytes the resource serves, removing the RFC 8785 canonical JSON serialization requirement.
Diff summary
Content Addressing section (around line 320):
AS Processing step 3 (around line 386):
Why
Per discussion in #13: the resource is the authoritative source of bytes, and canonicalization libraries (RFC 8785) add an implementation dependency that's hard to get right. Hashing the served bytes avoids the canonicalization-drift class of bugs entirely.
Practical consequence for RSes: serialize the R3 document once, store those bytes (e.g. KV), serve them verbatim on every request for the same
r3_uri. The reference implementation (r3demo) already follows this pattern.