add autotls blog post #137
Conversation
Co-authored-by: Marcin Rataj <lidel@lidel.org>
Co-authored-by: Marcin Rataj <lidel@lidel.org>
Co-authored-by: Guillaume Michel <guillaumemichel@users.noreply.github.com>
|
|
||
| [Interplanetary Shipyard](https://blog.ipfs.tech/shipyard-hello-world/) is excited to announce [AutoTLS](https://registration.libp2p.direct/), a new service that automates the issuance of Let's Encrypt wildcard TLS certificates for libp2p nodes. | ||
|
|
||
| This is a major leap for the libp2p ecosystem, because it allows connectivity between browsers and libp2p nodes using Secure WebSockets, opening up a new class of use cases for libp2p that were previously cumbersome. |
There was a problem hiding this comment.
Would be great to include 2 marketing/advocacy points here:
- Would be great to get more specific about "new class of use cases" so devs who aren't yet libp2p users can more easily identify "oh, that sounds like me", e.g. "making it easier than ever to build peer-to-peer web applications".
- Something about how this is an in-between step while we're also working with groups like Igalia to expand native browser support, which would be even better.
There was a problem hiding this comment.
Two obvious and known use case I'm thinking about:
- Direct retrieval, e.g. less reliance on recursive gateways in IPFS land. Another way to frame this: "quicker time to self publishing content on the web"
- Browser based light clients for blockchains. By being able to connect to Ethereum consensus nodes and any other libp2p based blockchain means you can in theory forgo paid/centralized RPC endpoints and build much more decentralised light nodes.
Something about how this is an in-between step while we're also working with groups like Igalia to expand native browser support, which would be even better.
What do you mean by native browser support? As far as I'm aware it's Igalia is working on fixing WebTransport in Chrome and working on custom protocol handlers that could be bound to service workers from extension. I'll add to add something about how WebTransport is much better designed for this since it supports self-signed certificates, less round trips, and avoid double encryption.
|
|
||
| ## Conclusion | ||
|
|
||
| Our long-standing goal at [Interplanetary Shipyard](https://blog.ipfs.tech/shipyard-hello-world/) is building a more resilient and participatory internet through decentralization, and we believe that the Web platform plays an important role in this. Therefore, we're excited to announce AutoTLS as a public good service operated by us. |
There was a problem hiding this comment.
"public good service..." --> maybe include for whom
| - [IPFS Desktop starting with v0.40.0](https://github.com/ipfs/ipfs-desktop/releases/tag/v0.40.0). | ||
| - [js-libp2p](https://github.com/libp2p/js-libp2p/tree/main/packages/auto-tls) for Node.js. | ||
| - [go-libp2p](https://github.com/libp2p/go-libp2p/tree/master/examples/autotls). | ||
|
|
There was a problem hiding this comment.
Here or else, include who/when it should not be used.
Co-authored-by: Mosh <1306020+mishmosh@users.noreply.github.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
|
||
| Recent investments in [WebTransport](https://connectivity.libp2p.io/#webtransport) and [WebRTC](https://connectivity.libp2p.io/#webrtc) helped circumvent this problem, by removing the need for CA-signed TLS certificate, but they have their own drawbacks outlined below. | ||
|
|
||
| Experience has shown that WebSockets are still the most common and reliable way to establish a bi-directional streaming connection from a browser. That's not to say that WebSockets are perfect. Most notably, in libp2p, [Secure WebSockets require 6 round trips to establish a connection](https://connectivity.libp2p.io/#websocket?tab=websocket-in-libp2p). By comparison, [WebTransport requires 3 round trips](https://connectivity.libp2p.io/#webtransport?tab=webtransport-in-libp2p), which is why we believe WebTransport is the future of browser-node connectivity. |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
This word is normally spelled as one. (EN_COMPOUNDS_BI_DIRECTIONAL)
Suggestions: bidirectional
Rule: https://community.languagetool.org/rule/show/EN_COMPOUNDS_BI_DIRECTIONAL?lang=en-US
Category: MISC
|
|
||
| ### AutoTLS DNS-01 challenge broker | ||
|
|
||
| 1. To kick start the AutoTLS process, your libp2p node requests a TLS certificate for `*.<PeerID>.libp2p.direct` from Let's Encrypt. To which Let's Encrypt responds with a challenge to prove it controls that domain. |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
The word “kick-start” is spelled with a hyphen. (KICK_START_HYPHEN[1])
Suggestions: kick-start
URL: https://languagetool.org/insights/post/hyphen/#compound-nouns-with-and-without-hyphens
Rule: https://community.languagetool.org/rule/show/KICK_START_HYPHEN?lang=en-US&subId=1
Category: GRAMMAR
|
|
||
| [Two years ago, the libp2p project bet on the promise of WebTransport](https://blog.libp2p.io/2022-12-19-libp2p-webtransport/) and it's been a bumpy road. | ||
|
|
||
| WebTransport has a lot of promise. It's a modern browser protocol based on QUIC (which we already heavily rely on in libp2p), which allows bi-directional streaming communication with many modern improvements over WebSockets. Most notably: |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
This word is normally spelled as one. (EN_COMPOUNDS_BI_DIRECTIONAL)
Suggestions: bidirectional
Rule: https://community.languagetool.org/rule/show/EN_COMPOUNDS_BI_DIRECTIONAL?lang=en-US
Category: MISC
|
|
||
| [WebRTC-Direct](https://github.com/libp2p/specs/blob/master/webrtc/webrtc-direct.md) is an approach using WebRTC to allow browser-to-node communication. It's unique in that it doesn't require SDP signaling, and saves the round trips by constructing the SDP from the information in the webrtc-direct multiaddr (a technique called "SDP munging"). Moreover, WebRTC, doesn't require a domain name and CA-signed TLS certificate. | ||
|
|
||
| However, there are a number drawbacks to WebRTC: |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
Did you mean “number of”? (A_NUMBER_NNS[1])
Suggestions: number of
Rule: https://community.languagetool.org/rule/show/A_NUMBER_NNS?lang=en-US&subId=1
Category: GRAMMAR
|
|
||
| ## Origins vs. PeerIDs | ||
|
|
||
| The Web security model is anchored to domain names (origins). Moreover, browsers require TLS certificates to be signed by a certificate authority (CA) so as to ensure that the entity requesting a certificate owns the domain name. The role of certificate authorities is to verify that the entity requesting a certificate owns the domain name. |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
‘So as to’ expresses purpose and is used in formal texts. Consider using “to”. (SO_AS_TO[1])
Suggestions: to
URL: https://languagetool.org/insights/post/synonyms-of-in-order-to/
Rule: https://community.languagetool.org/rule/show/SO_AS_TO?lang=en-US&subId=1
Category: REDUNDANCY
TODO before merging