undefined | Better HN

0 pointszaarn6y ago0 comments

Ipfs requires a DNS server to bootstrap the P2P network, not a good idea.

Plus, Ipfs isn't that good when it comes to authentic data, if it's signed, there is only one key, so it's centralized again.

0 comments

8 comments · 3 top-level

_8j506y ago· 2 in thread

You have to keep in mind ipfs is content-addressed. Instead of resolving names you can resolve certificates by their content addressed thumbprint.

1) boostrap 2) find the cert thumbprint for site.com 3) find the cert by the thumbprint and connect to one if IP SAN records

zaarnOP6y ago

How do you securely get the cert thumbprint?

_8j506y ago

You don't need to,even if you get a malicious thumbprint,the associated cert still needs to be signed by a trusted CA. CA list for TLDs will be distributed with the resolver software just like browsers ship with such a list (or rely on your browser/client preferred list)

Dylan168076y ago· 2 in thread

The implementation could easily change to not require DNS. You only need to find a single live node to bootstrap, so hardcoding a bunch of high-quality nodes works perfectly fine.

Also you don't need the "Where is IPFS?" DNS query to be anonymous in the first place.

zaarnOP6y ago

Then you still need to trust the initial node to not provide you with a poisoned peer list (ie, a list of peers that are wholely isolated from the proper IPFS network and provide bogus DNS answers).

And you need to bootstrap without DNS if you plan to actually replace DNS, not live beside it.

Dylan168076y ago

Anything in the world could theoretically be poisoned. There's no point in worrying about attacks above a certain level of difficulty. If you can check in with a certain number of builtin peers, that's about as solid as we can make things.

> And you need to bootstrap without DNS if you plan to actually replace DNS, not live beside it.

Whatever. DNS itself is never going to shut down, so 100% replacement even for bootstrapping isn't a real concern. And if starting with 13 fixed IP addresses is good enough for DNS, then it should be good enough for IPFS.

1 more reply

momack26y ago· 1 in thread

There are capabilities to use the existing DNS system (or an EthDNS system in the works) for human readable names with IPFS, but you can also use other channels like pubsub to resolve mutable content like IPNS names quickly - so IPFS doesn't actually require DNS at all. Multiwriter IPNS records are also a work in progress, though I disagree with your characterization that somehow only allowing one key to edit a particular signed record somehow makes the network itself centralized...

zaarnOP6y ago

This isn'T about the IPFS Application Layer but the Link layer.

Bootstrapping a P2P system efficiently requires known P2P nodes and those will require DNS unless you want to shell out for a static IP permanently (and hope nobody poisons ARP!)

j / k navigate · click thread line to collapse

0 comments

8 comments · 3 top-level

_8j506y ago· 2 in thread

You have to keep in mind ipfs is content-addressed. Instead of resolving names you can resolve certificates by their content addressed thumbprint.

1) boostrap 2) find the cert thumbprint for site.com 3) find the cert by the thumbprint and connect to one if IP SAN records

zaarnOP6y ago

How do you securely get the cert thumbprint?

_8j506y ago

Dylan168076y ago· 2 in thread

The implementation could easily change to not require DNS. You only need to find a single live node to bootstrap, so hardcoding a bunch of high-quality nodes works perfectly fine.

Also you don't need the "Where is IPFS?" DNS query to be anonymous in the first place.

zaarnOP6y ago

Then you still need to trust the initial node to not provide you with a poisoned peer list (ie, a list of peers that are wholely isolated from the proper IPFS network and provide bogus DNS answers).

And you need to bootstrap without DNS if you plan to actually replace DNS, not live beside it.

Dylan168076y ago

> And you need to bootstrap without DNS if you plan to actually replace DNS, not live beside it.

1 more reply

momack26y ago· 1 in thread

zaarnOP6y ago

This isn'T about the IPFS Application Layer but the Link layer.

Bootstrapping a P2P system efficiently requires known P2P nodes and those will require DNS unless you want to shell out for a static IP permanently (and hope nobody poisons ARP!)

j / k navigate · click thread line to collapse