►
Description
This talk was given at IPFS Camp 2022 in Lisbon, Portugal.
A
Steve
has
already
mentioned:
we
are
focusing
on
browser
connectivity.
We
have
for
the
last
probably
last
year,
I
would
say
and
I've,
given
a
talk
similar
to
this
about
half
a
year
ago
at
the
P2P
event
in
Paris
and
things
look
very
different
there.
So
this
is
the
updated
version
with
all
the
progress
we've
made
in
the
last
couple
of
months.
A
So
as
a
very
quick
reminder,
what
what
do
we
do?
In
lipidwby?
We
connect
notes.
These
are
point-to-point
connections
between
two
nodes
and
because
there's
no
one-size-fits
all
as
we
will
see
nodes
have
different
connectivity
options
and
we
use
the
concept
of
multi-addresses
to
to
to
encode
the
addresses
of
nodes.
So
there
you
can
see
two
two
multi-adders
is
one
for
for
a
node,
that's
listening
on
Port,
10,
000
on
TCP
and
then
a
quick
listener
on
Port
20
000..
A
All
the
P2P
connections
are
secure.
They
are
encrypted.
There's
no,
no
way
to
do
unencrypted,
lipido,
p
connections
outside
of
like
a
testing
environment.
What
does
it
give
us?
It
gives
us
that
nobody
can
listen
onto
our
conversations,
and
it
also
gives
us
the
nice
property
that
we
know
who
we're
talking
to.
We
know
the
peer
ID
of
of
the
remote
we
use
noise
and
TLS
to
secure
to
secure
connections
like
these
are
the
two
main
options
that
that
are
available
to
lipidop
nodes.
A
Every
lipidp
connection
is
also
stream
multiplexed.
Once
we
once
we
establish
a
connection
and
as
we
will
see,
this
can
be
expensive
in
some
in
some
situations
we
want
to
make
good
use
of
that
connection
and
have
multiple
protocols
communicate
in
parallel.
This
is
very
easy
when
we
use
a
protocol
like
quick
that
has
streams
on
the
transport
layer,
we
don't
need
to
do
anything
there,
but
when
we
use
a
protocol
like
TCP
that
doesn't
have
any
screens,
we
apply
a
stream
multiplexer
to
get
to
get
a
stream
multiplexed
connection.
A
Unfortunately,
in
the
browser
we
can't
just
dial
a
TCP
or
a
quick
connection.
Why
is
that?
Under
the
hood,
the
browser,
dials,
TCP
and
quick
connections,
all
the
time
like
every
time
you
make
you
make
a
request
to
a
website?
The
browser
will
either
establish
a
TCP
or
a
quick
connection
and
then
run
HTTP
on
top
of
that.
But
the
browser
doesn't
give
you
access
to
the
underlying
connection.
There's
no
browser
API
to
say,
like
I,
would
like
to
have
just
the
TCP
connection,
but
without
http.
A
A
This
is
possible
via
HTTP
one
and
also
via
HTTP
2,
since
since
2018..
So
the
way
this
works
is
you
can
you
can
use
this
this
JavaScript
there
and
type
new
websocket
and
the
URL,
and
the
browser
will
then
send
a
so-called
upgrade
request.
It's
a
normal
HTTP
HTTP
request
with
the
upgrade
header
and
if
the
server
is
willing
to
accept,
accept
this
request
and
accept
to
speak
a
websocket
on
this
connection.
A
It
replies
within
like
Hep
200
code
and
from
then
on
everything
sent
on
this
connection
is
not
interpreted
as
hdp
anymore,
but
it's
just
raw
bytes
and
the
both
endpoints
need
to
make
sense
of
these
drop
bytes,
which
means
we
can
in
liquidity.
We
can
just
treat
this
as
a
normal
normal,
like
TCP
connection
and
run
our
handshake
on
top
of
that
run,
a
stream
multiplexer
on
top
of
that
and
get
the
properties
of
a
lipidopy
connection
that
we
want.
A
A
The
big
problem
with
the
websocket,
though,
is
that
the
browser
will
force
us
to
do
to
do
a
secure,
websocket
connection.
So
what
exactly
is
the
secure
websocket
connection?
It's
basically
the
same
as
a
websocket
connection,
but
we
are
running
on
top
of
https
instead
of
HTTP.
So
there's
an
additional
TLS
handshake
happening
at
the
beginning.
A
Authority
like
like,
let's
encrypt,
for
example,
but
then,
let's
encrypt
doesn't
just
give
us,
wouldn't
just
give
us
a
certificate
for
an
IP
address
to
get
a
a
certificate
from
let's
encrypt,
you
actually
need
a
host
name
and
most
libido
P
nodes.
Don't
have
a
hostname,
it's
just
something
that
you
might
spin
up
on
your
machine
or
on
some
some
virtual
server
that
you
just
booted
booted
up
in
some
Cloud
environment
and
you
might
not
have
configured
a
DNS
server.
A
A
The
other
problem
with
websocket
is
that
it's
pretty
slow
I
did
the
math
to
calculate
how
long
it
takes
to
establish
a
websocket
connection,
and
it's
not
pretty.
You
first
spend
a
round
trip
on
the
TCP
handshake.
Then
you
spend
another
round
trip
on
the
TLs
handshake.
Then
you
do.
The
websocket
upgrade
request.
It's
another
round
trip.
Then
we
are
in
the
P2P
land.
Then
we
do
a
multi-stream
negotiation
of
of
our
security
protocol.
Where
we
negotiate
noise
another
round
trip,
then
we
do
the
the.
A
Then
we
do
the
noise
handshake,
another
round
trip,
and
then
we
negotiate
the
stream
multiplexer.
Yet
another
round
trip.
So
we
end
up
with
six
six
round
trips
that
hurts
the
only
thing
that
we
can
improve.
There
is
the
lipido
P
part,
so
we
we've
been
work
actually
working
on
eliminating
those
those
two
two
round
trips
we
spend
on
on
this
multi-stream
negotiation.
So
we
can,
in
principle
bring
this
down
to
four
rtts,
but
for
our
TTS
is
still
a
lot.
A
A
It
runs
on
top
of
HTTP
3,
which
means
an
HTTP
3
is
running
on
top
of
quick
by
virtue
of
running
on
top
of
quick.
It
is
always
encrypted
and
it
provides
access
to
the
native
quick
streams.
So
it's
somewhat
similar
to
to
websocket,
which
gave
you
access
to
the
underlying
TCP
connection
in
web
transport.
We
get
access
to
the
underlying
quick
connection.
A
A
That's
encoded
totally
different,
but
then
the
browser
can
accept
this
say
yes,
I'm
willing
to
accept
the
web
transport
session,
and
then
you
can
use
native
quick
screens
the
security
properties
that
the
browser
enforces
are
the
same
as
websocket
at
least
that's
what
we
thought
until
the
beginning
of
the
year,
but
then
the
w3c,
which
is
the
the
the
the
the
standards
body.
That's
that's
standardizing.
A
The
browser
API
introduced
a
new
option
and
it's
intended
originally
intended
for
short-lived
virtual
machine
deployments,
and
these
virtual
machines
basically
have
the
same
problem
as
lipido
P
nodes.
They
don't,
they
might
not
have
a
hostname
and
they
also
because
they
are
so
short-lived.
It
doesn't
really
make
sense
for
them
to
to
to
get
a
TLS
certificate.
A
A
So
what
what
the
browser
does
is
it
just
establishes?
The
connection
does
the
TLs
handshake
and
then
it
checks.
It
calculates
the
the
the
the
sharp
256
hash
of
the
certificate
and,
if
that
matches
the
value
that
it
expected,
then
it
will
accept
this
as
a
as
a
secure
connection,
so
in
in
lipid2p
we
can
just
we
can.
We
can
use
that.
We
already
have
multi
addresses
right
and
we
can
put
stuff
into
multi
addresses
and
we
do
this
by
just
adding
the
hash
of
the
certificate
to
the
multi-address.
A
A
The
the
API
says,
like
the
certificate,
must
not
be
an
RSA
certificate.
Okay,
we
don't
care
about
this.
We
don't
use
RSA
certificates
anyway,
but
it
also
says
the
certificate
must
be
short-lived,
because
this
is
only
intended
for
these
VM
deployments.
The
certificate
must
not
be
longer
than
valid
for
longer
than
14
days
and
if
you
try,
if,
if
I
set
up
a
server
with
a
certificate
that
is
valid
for
like
15
days,
the
browser
will
say
like
nope
I,
don't
accept
this
hand
check
failed.
A
So
we
need
to
work
around
this
and
we
do
this
basically,
by
by
having
every
node,
generate
multiple
certificates
and
shipping,
multiple
multiple
certificate,
hashes
and
then,
when
a
node
is
very
long
running.
If
it
runs
longer
for
like
two
weeks,
we
just
generate
a
new
certificate
and
update
our
multi-address
and
advertise
that
that
updated
multi-adders
to
the
network.
A
A
A
A
So
now
it's
it's
basically
up
to
the
w3c
to
to
modify
the
browser
API.
So
this
is
possible
and
I'm
I'm
hopeful
that
this
will
happen.
I
can't
make
any
promises,
but
it's
the
it's
a
protocol
and
an
API,
that's
still
under
development.
So
we
can.
We
can
influence
this
and
we
can
probably
bring
down
this
handshake
down
to
to
adjust
to
rtts,
which
would
be
super
great.
Another
thing
I
want
to
point
out.
We
are
running
the
noise
handshake
on
a
single
stream,
and
then
we
can
open
more
streams
on
this
connection.
A
A
We
could
make
make
applications
like
glyph,
which
are
basically
a
way
to
send
to
send
file
coin
transaction.
We
could
make
them
a
more
decentralized
currently,
when
you
assign
a
when
you
send
filecoin
via
the
glyph,
the
glyph
web
interface,
you
sign
the
transaction
and
then
this
transaction
is
transferred
via
HTTP
to
like
a
proxy
server,
a
Gateway
server
that
that
glyph
is
operating,
and
then
this
server
is
running
like
a
full,
full
Falcon
node
and
is
broadcasting
it
to
the
Falcon
network
via
gossips.
A
A
A
To
summarize
web
transport,
we
shipped
it
in
goli
P2P
it
works.
We
can
connect,
connect
any
browser
node
to
a
go
lipdp
node
in
Rust.
We
we
currently
it's
currently
not
yet
possible
because
there's
no
web
transport
implementation
in
Rust,
that's
integrated
into
rest
lipid2p.
Yet
so
now,
we've
we've
discussed
how
we
can
connect
browser
nodes
to
server
nodes
or
Standalone
nodes
in
the
network.
A
A
A
We
don't
need
all
this
audio
and
video
features,
but
there's
also
a
a
reliable,
reliable
data
channel
called
the
RTC
data
channel
in
in
webrtc,
and
we
can
use
that
to
layer
lip
P2P
streams
on
on
top
of
those
if
you're
interested
they
they
are
using
sctp
over
dtls
over
UDP.
So
that's
so
some
keyword
keywords
to
start
your
RFC
search.
If
you
want
to
laughs.
A
Webrtc
also
because
it's
built
as
a
peer-to-peer,
video
conferencing,
video
conferencing
protocol
allows
certificate
verification
by
certificate
hash
like
when
you,
when
you
join
a
zoom
call,
you
don't
need
to
get
a
TLS
certificate
right,
so
that
works,
and
it
also
provides
a
hole,
punching
capabilities.
So
you're
you're
able
to
to
establish
webrtc
connections
if
you're
in
your
home
network
and
your
router
is
blocking
incoming
connections.
A
A
We
built
a
protocol
on
top
of
webrtc
that
doesn't
require
any
stun
and
turn
servers.
There
are
more
keywords
for
RFC
searches
and
we
do
we
do
an
additional.
We
do
additional
noise
handshake
there.
The
lip
P2P
specification
is
almost
done,
and
we
also
have
implementations
in
in
JavaScript
in
go
and
in
rest
that
are
pretty
close
to
getting
merged,
but
they
are
still
in
in
review.
A
Let's
count
the
round
trips
here:
first,
we
need
to
do
a
stun
exchange.
Then
we
need
to
do
a
dtls
handshake
which
takes
two
round
trips.
Then
we
need
to
do
the
sctp
handshake,
which
takes
another
two
round
trips,
and
then
we
need
to
do
our
noise
engine.
So
we
are
back
to
six
round
trips
here
so
the
same
as
websocket.
A
It's
not
great,
but
it
works,
and
if
that's
your
only
option,
then
you
would
you
would
be
willing
to
wait
six
rtts
if
the,
if
the
alternative
is
to
have
no
connectivity
at
all.
On
the
other
hand,
if
you
have
the,
if
you
have
the
option
to
do
web
transport
instead
of
webrtc,
you
would
of
course
choose
that
then
for
the
browser
to
browser
part.
It's
currently
just
a
draft
draft
specification.
A
So
what
what
are
the
use
cases,
as
I
already
mentioned,
for
the
browser
to
server
use
case?
It's
a
fallback
when
web
transport
doesn't
work
and
for
browser
to
browser
we
can.
We
can
potentially
exchange
files
directly
between
two
browsers,
which
is
cool
and
maybe
verify
in
the
future.
We
are
not
currently
working
on
this.
A
It
explains
everything
and
a
lot
more
in
in
great
detail,
so
you
can
can
head
there
and
and
really
read,
what's
going
on,
if
I'm,
connecting
a
standalone
node
to
a
standalone,
node
or
browser
node
to
a
standalone
node,
and
all
these
all
these
different
combinations,
I
explained
there.
So
you
can,
you
can
read
it
up.