*: Address security-protocol-in-multiaddr and relay conflict #359
Commits on Aug 5, 2021
-
*: Address security-protocol-in-multiaddr and relay conflict
This patch addresses the problems below by detailing the solution below in the corresponding specifications. > Taxonomy: > > * `A`: The destination node. > > * `B`: The source node. > > * `R`: The relay node. > > * outer connection: The connection from `R` to `A`. > > * relayed (inner) connection: The relayed (inner) connection from `B` to > `A`. > > > Problems we need to solve: > > 1. `B` and `A` need to know which security protocol to use to upgrade the > relayed (inner) connection. > > 2. In the case of active relaying, `R` needs to know which security > protocol to use to upgrade the outer connection to the destination. > > 3. `A` should be able to offer different security protocols for the > relayed (inner) connection. `A` can use different layer 4 ports to > demultiplex security protocols for the outer connection. `A` has no > demultiplexing mechanism for the security protocols used for the > relayed (inner) connection. Thus if `A` advertises different > multiaddresses with different security protocols for the relayed > (inner) connection, it has no way to determine which one to use on > incoming relayed (inner) connections. > > > We propose two mechanisms to solve the issues above: > > 1. We have to somehow embed both outer and inner security protocol in the > multiaddr. What we could do is introduce another separator, e.g. > `p2p-circuit-inner` (name yet to be determined). > > * **Solving (1)**: A multiaddr for a passive relayed connection could > then look like: > `/ip4/../tcp/../tls/p2p/QmRelay/p2p-circuit/p2p/QmA/p2p-circuit-inner/noise`, > with `noise` being used to secure the relayed (inner) connection. * > * **Solving (2)**: A multiaddr for an active relayed connection could > then look like: > `/ip4/../tcp/../tls/p2p/QmRelay/p2p-circuit/ip6/::1/tls/p2p/QmA/p2p-circuit-inner/noise`, > with `tls` being used to secure the outer connection and `noise` > being used to secure the relayed (inner) connection. > > 2. **Solving (3)**: In order for `A` to be able to advertise different > multiaddresses with different security protocols for the relayed > (inner) connection, while still being able to choose the right security > protocol on incoming relayed (inner) connections, we need to include > the security protocol for the relayed (inner) connection in the circuit > relay v2 CONNECT message from `B` to `A`. See libp2p#349 (comment) for details.
Commits on Aug 12, 2021
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.