-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to ed25519 keys by default so that we can reasonably store signed content records #6916
Comments
Will |
What does this mean, exactly? |
It means #5880. That is, users need to be able to "re-key" their node without changing anything else. |
@RubenKelevra yes. |
Will this be backwards compatible? I mean, can for example 0.4.23 handle nodes with ed25519 keys today? |
Yes. |
When we switch to ed25519 by default, we should ensure that keys are always represented as CIDv1 in FYSA subdomain support in our HTTP Gateway is already doing the conversion if someone uses anything other than CIDv1Base32: |
What's the motivation?
Also, I don't believe we have support for CID-encoded peer IDs in multiaddr yet.
|
Main motivation is to make a single default change (rsa+b58 → ec+b32) Second motivation is for users to be able to copy ipns key and open it from gateway without the need for conversion step:
@Stebalien RFC/0001-text-peerid-cid.md is tracked in libp2p/specs#216 but I don't see multiaddr on the list – what remains to be done? |
We need to update https://github.com/multiformats/go-multiaddr/blob/8ae68cf376240f0db2decc6bed91d8c5bc198e75/transcoders.go#L293-L315 to allow CIDs. It's pretty trivial but, IIRC, the main concern was adding a dependency on CID (but that's no much of a concern). However, I'm not sure we're ready to use this by default given that we only just started supporting it this last release while we've supported ed25519 keys for quite a while. On the other hand, we could just use it as a motivation to upgrade? |
I'd prefer if we switch both defaults together to limit the number of revolutions in PeerID land, but world would not end if we punt it until we switch default CID representation. That being said, I believe we should solve #7318 before switching to ed25519 :( |
Quick updates on related changes:
|
Subdomain gateway support for ED25519 being reviewed in #7441 |
@lidel as mentioned in https://github.com/ipfs/go-ipfs/pull/7441/files#r447624101 it sounds like we have a decision to make about whether all libp2p keys should be represented in base36 by default. What do you think are the inputs into this decisions? It seems like doing it is useful because if we use base32 by default then people can't copy-paste them into web browser subdomains and won't be able to do a quick visual check on them. Is the downside related mostly to people being shocked that all of a sudden their existing RSA keys are being represented as a base36 libp2p-key instead of just |
It is a mixture of hard constraints and nice-to-haves. Constraints:
Nice-to-haves:
Longer rationale below. (I'm sorry, it was late and I failed to make it shorter :() Why we MUST use CIDv1B36 for ed25519I think we need to recognize that switching to inlined ed25519 surfaces an edge case in our specs and introduces sever UX challenges if we keep text output as Multihash in Base58btc. Namely, according to decoding algorithm in CID spec a CIDv0 is a Multihash in Base58btc starting with To illustrate how bad it gets (defaults, go-ipfs 0.6):
I don't think we really have any alternative here, when we switch to ed25519 by default, we need to output them as CIDv1 in Base36. Why we (probably) SHOULD use CIDv1B36 for all libp2p-keysIn short: devexp, simplicity, removes cognitive overhead. Hardcoding check for I'm mildly in favor of switching text representation of all keys to CIDv1 Base36 (including RSA):
|
Closed by #7579 |
To be confirmed:
ipfs init
Success Criteria
What's Left
Mandatory:
Nice to Have:
The text was updated successfully, but these errors were encountered: