-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Universal Browser Connectivity using HTTPS/Secure Websockets #1360
Comments
I've requested the Pathfinder team at PL to contact @marten-seemann about transferring the domain |
Closing, since we now have WebTransport and that's 100x better than WebSocket. Specifically, it doesn't require any DNS setup. |
I'm reopening this issue. While there's been a lot of progress on WebTransport as a whole and (go-)libp2p's WebRTC implementation in the last year using those transports browsers is still tough: Given that the major browsers seem to be much more reliable at handling HTTP(S) and WS(S) finding a way to be able to use those transports in a p2p context would be a major unblocker for users wanting to build distributed p2p applications that are accessible from browsers. Note: libp2p's HTTP story has also improved a lot in the last year so this issue has been renamed to cover both HTTPS and WSS although the mechanics required are the same for both. Although I've left Marten's initial post alone |
Unfortunately, things are not as rosy on the implementation side. Due to a persistent lack of funding, development of webtransport-go was paused indefinitely: https://github.com/quic-go/webtransport-go/pull/156/files This means that WebTransport support will break as soon as browsers update to a new IETF draft version. |
Every (public) node should have a Subdomain and a trusted TLS certificate, so that browser nodes can connect using
/wss
(Secure WebSockets transport).We will support manual certificate configuration, and ACME automation for user’s domain names (see #1331 for details), but these setups require some manual step/input from the user.
Here, we discuss a protocol for providing TLS cert for
/wss
for all remaining nodes in a way that happens automatically, without user’s involvement.Obtaining a Certificate using the DNS01 ACME Challenge
For the purpose of this discussion, let’s assume that we have one PL-controlled "gatekeeper" node that has (programmatic) access to the DNS configuration of
libp2p.direct
(or some other domain).dns.libp2p.direct
.<subdomain>.libp2p.direct
.<ip-multiaddr>.<subdomain>.libp2p.direct
. Our DNS resolver makes sure that this resolves to<ip>
.Steps
to
`libp2p.direct
libp2p.direct
to the infrastructure team (earliest possible date: Apr 24)/wss
addressesThe text was updated successfully, but these errors were encountered: