This is classic young-person-fails-to-understand-venerable-standard-so-he-reimplements-half-of-it.<p>Messagepack is schemaless and noncanonical. What that means is that a lot of the bounds/field checking is pushed up to the application layer. I wouldn't encode crypto with that (and I love Messagepack).<p>All the hate for ASN.1, yet it is among the most battle-tested specifications out there. Blaming ASN.1 for the shitty ASN.1 parsers written in the 80's and 90's is like blaming libsocket for all the network attacks.
MessagePack should be replaced with <a href="http://cbor.io" rel="nofollow">http://cbor.io</a> everywhere, as CBOR is an actual IETF RFC. Even if that kills the naming pun opportunity.
Does anyone have a link to a run-down on reasons to prefer this format over CMS? The community's been iterating on that for ~20 years now (RSA PKCS#7, RFC 3852, RFC 5652, and a pile of other formats/protocols built on top of these) and so far nothing is jumping out to make me think this is an improvement.
Not totally sure what BaseX is, how it compares versus Base64, especially post HTTP deflate compressions, but I'm not sure I like it. I'm pretty sure this kind of exercise is better left out, and that everyone should just use zstd on whatever encoding so as to decouple problem domains.<p>Round two of skepticism: msgpack is a niche player with no clear big corporate sponsor. Protobufs, flatbufs, and thrift are all actively making faster better quicker implementations, but I can not off the top of my head think of any major msgpack lovers. Avro also seems to just generally have some fast impls already, especially on platforms I care about[1], so credit there too. I ought review, but out of hand I can't think of anything distinguishing about msgpack.<p>Definitely nice having <i>some</i> alternative to Salmon protocol[2] (as in Buzz, OStatus) on hand. Alas I believe it's again fully encapsulating, versus say http signatures[3], where the signature is decoupled from the payload. It takes both types!! Neither is right.<p>[1] <a href="https://github.com/mtth/avsc/wiki/Benchmarks" rel="nofollow">https://github.com/mtth/avsc/wiki/Benchmarks</a>
[2] <a href="http://www.salmon-protocol.org/" rel="nofollow">http://www.salmon-protocol.org/</a>
[3] <a href="https://tools.ietf.org/html/draft-cavage-http-signatures-06" rel="nofollow">https://tools.ietf.org/html/draft-cavage-http-signatures-06</a>
Great. We can now salt food, salt passwords, configure things using Salt(Stack), and now also use saltpack as a messaging format. Can we stop overloading the term "salt"? Makes it ridiculous to search for things on Google.