Version 0.5 roadmap #905
Replies: 7 comments 5 replies
-
Something like SAE? |
Beta Was this translation helpful? Give feedback.
-
have you considered an http3 lookalike? it is basically quic + tls 1.3, such would allow one to do actual domain fronting and blend in with google youtube and cloudflare traffic :^) |
Beta Was this translation helpful? Give feedback.
-
What do you mean by a some kind of shared-key authentication? If the shared key is stored on each node, then this can introduce additional administrative complexity for next use cases:
Sorry for my google translate. |
Beta Was this translation helpful? Give feedback.
-
Seeing that quic peerings got through, but session crypto got postponed: would it make sense to use quic for session crypto as well? |
Beta Was this translation helpful? Give feedback.
-
Why is #344 open then |
Beta Was this translation helpful? Give feedback.
-
https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.5.0 https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.5.1 |
Beta Was this translation helpful? Give feedback.
-
I would really like to see this feature. I've wanted to use Yggdrasil for a little while to create a private, invite-only p2p network but I believe currently any node could end up bridging with another, external network. If I could restrict traffic within my mesh from leaving as well as prevent outside traffic from entering then I would be happy! |
Beta Was this translation helpful? Give feedback.
-
The following are things we have identified as desirable for v0.5:
Replace the routing algorithm with a new and revised one. This is done in Ironwood.
Revised session cryptoThis is likely to happen in a future version.
Replace the current end-to-end session encryption with something more standard, like Noise or DTLS — audited libraries would be even better. The current key rotation is also a bit too aggressive and that hurts performance so it would be nice to have something more resource-friendly.TLS mutual peer authenticationReplaced with per-listener, per-peer and per-multicast interface password authentication which is far simpler.
Allowing a node to be configured with TLS certificates and a trusted CA, so that peerings can only be established with other trusted nodes from the same CA.A shared network key, included in the tree announcements, will ensure that two nodes that peer with what should be segregated networks will ignore each other. This should make it much easier to operate private Yggdrasil meshes and not worry that they will end up accidentally peered to the public network.
Something like
fq_codel
or even something naive (like matrix-org/pinecone#34), so that we can more fairly balance traffic around the network and reduce latency somewhat in congestion scenarios. Obviously we can't avoid the problems from TCP buffers but it might improve things slightly.Assuming the padding in QUIC doesn't end up being too terrible, we could use
quic-go
or something as an alternative peering transport.Support for fuzzing landed in Go 1.18 recently.
Beta Was this translation helpful? Give feedback.
All reactions