IPIP-512: Limit Identity CID Size to 128 Bytes in UnixFS Contexts #512
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lidel
force-pushed
the
doc/identity-cid-size-limit
branch
2 times, most recently
from
ec58da9 to
f494ecd
Compare
🚀 Build Preview on IPFS ready
|
lidel
force-pushed
the
doc/identity-cid-size-limit
branch
from
f494ecd to
53b3198
Compare
documents the 128-byte limit for identity cids in unixfs contexts, with rationale from community discussions and test fixtures
lidel
force-pushed
the
doc/identity-cid-size-limit
branch
from
53b3198 to
59dc0fa
Compare
This was referenced Sep 9, 2025
lidel
added a commit
to ipfs/kubo
that referenced
this pull request
Sep 9, 2025
* fix: enforce identity CID size limits - validate --inline-limit against verifcid.MaxDigestSize - add error when --hash=identity exceeds size limit - add tests for identity CID overflow scenarios - update help text to show maximum inline limit This prevents creation of unbounded identity CIDs by enforcing the 128-byte limit defined in ipfs/boxo#1018 Fixes #6011 IPIP: ipfs/specs#512
vmx
approved these changes
Sep 9, 2025
lidel
changed the title
SgtPooki
reviewed
Sep 17, 2025
| - Most users are unaffected as identity CIDs require explicit opt-in | ||
|
|
||
| Implementations upgrading to support this IPIP will need to: | ||
| 1. Add validation to reject oversized identity CIDs when reading |
There was a problem hiding this comment.
if users do have identity cids, what is the recommendation for conversion to non-identity-cids if we block on read?
There was a problem hiding this comment.
These details are left up to implementation, but as an example:
- Kubo will error if you try to onboard data over limit with explicit
--hash=identity - In more relaxed context where Kubo does things like autosharding HAMTS, we do similar autoswitch for identity. For eexample, MFS code in fix(verifcid): enforce size limit for identity CIDs boxo#1018 automatically switches from identity to raw or dag-pb once the limit is reached.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This IPIP proposes documenting the 128-byte limit for identity cids in unixfs contexts, with rationale from community discussions and test fixtures.
References