Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
IPFS / IPFS þing 2022 / 10 Aug 2022
IPFS / IPFS þing 2022 / 10 Aug 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Policy Based Content Providing for IPFS - @thibmeu - Connecting IPFS

Description

Policy Based Content Providing for IPFS - presented by @thibmeu at IPFS þing 2022 - Connecting IPFS - https://2022.ipfs-thing.io

A

So I'm going to going to discuss uh policy based content providing for ipfs um and yeah what that means, while the implication and like why, like we, we think something like that uh will be needed, uh like at some point uh for for five pfs, no peers, um clients first introduction. So, as I mentioned before, I'm a researcher cloudflare working like this uh distributed web project, ipfs, sirium uh and lacrosse.

A

I was a bit like uh like like this, even like the the kind of like salty croissants, not like original french person with butter, but definitely like very nice to have uh and yeah. I wasn't sure like there was like croissant like at the time, writing slides. So they are so like definitely happy to chat uh at some point around crystal um overall plan for the presentation. I'm gonna discuss what like content, providing means uh like in like what are like the various ways and scenarios like to envision.

A

um Then gonna like go over like some tools to define policy not specific to ipfs, but most like what has been made um and then some like final notes around that um and, first of all like what is content providing, and I think like um especially when you want to like define like a peer policy.

A

It's like very different from like a peer police like it's not like, um especially like, like block list or like centralization, et cetera, it's more about like choice given to users like to decide on like what they want to provide, how they want to interact.

A

um And if you want to like, we have like you're running your own ipfs notes. So like first of all great, like you're part of the network um and then like. Usually what will happen is like you have an interface and you will like send a request to like your ips node. I want that content and yeah. I mean everything's. Fine. The content is stored on your node, so you can like access it like there's, no fetch. Whatever um singing is usually like this thing with ipfs and like you want to fetch content.

A

That is like another node, um and so you will like send a request to your note, saying: hey, I want this content. Node doesn't have it and so, like you, want the blue content from like your friend, which is like the blue friend um and the blue friend. Your nerd would like send a request to this node fetch the content and, like everything, works. Well, the thing is um like the way, at least like most of like node implementation.

A

Work for now is, like the you have like little control over like how you will connect to peers which peer you will like connect to, um and so sometimes like. You may connect to like a malicious period that, like will just like receive the request, may not like provide the content to you, like may, have like different, like intention like different logging policy, etc, um and so, for instance, like if you're, connecting to like the red, the red pier, which is like malicious.

A

This time um they may not like have access to your ip address may know like what content you were looking for at which time um and there's a lot of like metadata. That is like pass through that um and, of course, probably not something like you want, and so like you may want to have a way to define uh how you will interact with, like all the peers, on the network.

A

Of course, there's like kind of like the author around so like when you're you also like, um like your friend, is like providing content to you. They do it because I mean they know you. They know like uh you've been in like really like relation for like some time, and so I know, there's no like counter tracker etc. Like that happen, I mean they know that, like they can send counting to you, they will pay for bandwidth whatever, like everything's fine. The thing is um like a man issue.

A

Spear um may want to like get content from you um and I'm not like not provide anything back or like not do anything, and you may consider like these action in term of like what is considered malicious.

A

Like is a various french um if you were taking, for instance like in bittorrent, you had like these kind of like ratio where you were like rated based on like how much you provide and like if you provide you were supposed to provide as much as you're taking like this kind of ratio was like up to like every client. Usually you were able to define what is an acceptable ratio, um but it's like, like very large and on the web, for instance, like the web, is like very much.

A

We have a lot of people that, like will request some content, and so you may want to define okay, like I'm, okay, to provide to each user. That, like will request me a small chunk of content, but I wouldn't want to provide like in couple of like gigabytes or terabytes from people that would just like take content from me.

A

Another thing which is uh like in terms of like the need for for policy um definition is like when you request content: how what do you do with this content? Do you store it? Do you cache it is it garbage collected?

A

Do you like re-provide it, and so that's something which has been a little like very clear for gateways like gateway, that I will talk later, usually like request content on behalf of users and like then they have to cache it, but sometimes it's not content like you want to keep, and so, like you have to be able to define like policies around you want to keep content. You want to reprovide it for how long?

A

How can you like, uh like somehow know more or less like what you're storing in like what you're providing um and if you were like a web web user, you may just like go to a website once and that could be a typo.

A

Do you want to store it and what's the policy, what's your action and etc, and so over, like all the protocol being able to define policy is important. To that extent, and as I mentioned before, the gateway I experienced thing and like I, I would be like talking for clever here- I experiencing this even more because they want to provide content for like a wide range of users and like ideally, just want the gateway to be a pane of glass.

A

It should not like be able to like be able to like serve most users uh while, like not accounting for like, uh like what content is being served, of course, because of like I don't know like each gateway, like maybe like tied to a legal entity, you may have like its own, like policy, etc.

A

um The gateway may at some point, decide on like the red or the blue um should not pass through the gateway, but this decision should be like gateway specific, and you should be able to like to communicate it and be able to like switch gateway from one to another and that that's. Why, like ipf, is like great, I think, and like the content. Redress thing is that you're able to like request the same content from like any gateway and validate it without like being tied to a gateway to a specific website.

A

Another question that, like race through that is like what is an ipfs node and I think that's like kind of a regular question um like if I like. Take cuba, for instance, like there's an http gateway, you have like a leap to peep here you have like a like dns link, an ips resolver. You have like command line interface, but the question is like: should they also be like policy tools? Should it be like something? On top of an ipfs note should be like a next small component.

A

It's like, for instance, like iro uh modular approach like just show before this is like questions that arise and also it will depend on the place where you want this policy to be deployed.

A

So now like. Is there like right now, existing tools like you could use for ipfs so like for these things? uh In order to like define like these policies um and actually just before going into existing tools, we need to know what do we want to act because, like there's like a broad spectrum of policies, you could define, and the thing is at some point, you need to like write code and write software. So like understand what you want to do, um and I will take just two examples for like the gateways.

A

um If we start like on the on the left side, you can like decide to like be like have like a specific block on ipfs that, like you, don't want to serve because I don't know like you've identified, it's not something that you want to serve. I this is just a bad thing. It will not prevent any sub-content from being served and actually usually that could be a good thing.

A

For instance like if you have like a fishing website, the fishing website may use and share a lot of resources with like the website from the fish, but it has inserted like just to manage your code, which makes that, like the parent, cid would be different. So you just want to block this parent and not to block like recursively down the line.

A

Of course, there may be like a block, recursively and block recursively should not never block down, but should block up um block down would mean that, like you would block all the resources associated to one cid and subpass, which you don't want to do most of the time um and then what I mean by blocking up is like, if you've identified, I don't know like one fishing website, and then you like, like you, have like a whole lot of phishing websites of like one cid, which is kind of like the parent for phishing websites.

A

uh You may like want to recursively block um these content, so that, like you, also like prevent it from like any uh like parent or website like um serving and reproviding this, this id you've identified a final thing that, like is not directly ipfs related, and it's more like a thing like like for the web, is like. Usually ipf's content will be accessed um through, like a multi address like you, for instance, like ipn, slash example.com, then you can like add a pass.

A

I don't like slash myfold.mysuperfile, um and so this pass usually requires a resolution, and so what happened on the web is like you would be able to like identify certain website just because of the url.

A

If it says I'm a super phishing website, you may want to block it just because it looks fishy and that's like one other place where you can act is just depending on like at the time of resolution that you see, you may not even know which content uh address is associated, but you may already know that's not something you want to access, um and for that it's been like across various protocols. It's not definitely an exhaustive list.

A

There's been like various tools and approaches that have been taken for like policy definition, um I always like to bring bitcoin because there's been like a lot of software and decisions that have been made um there, which I think are also like relatable to ipfs in a way like it, relates to block there's a lot of information um and in some shared constraints, and so like, as I mentioned before, this is like a ratio. Ipg location.

A

I mean, like those set of tools that have been made for bittorrent uh matrix, has like this, uh like very nice approach of like room moderation, so you had like some communities, um and you had like some like shepherd on the community that I would like to decide what should be allowed. What should not be allowed, which is like very important for, like uh like freedom of speech within certain communities, dns also had this approach was like blockless was like some like anomaly detection, in order to avoid um amplification, etc.

A

Bitswap, um and that's, like I'm very like uh happy to say that it's been like in the last six months, but the bits were like added like a now uh and deny list. uh So now, like you're able to at the bit swap level um to configure like which block you want to provide which blocks you don't want to provide, and definitely that that's a super nice edition, but it didn't make it yet to like a policy definition thing uh like on ipfs.

A

um I would briefly discuss um ipfs safe mode, uh which we released at clafla. um They also like venus guideline uh by pl put online. You know the like, if you want to, like you, have an nginx cache. How do you like uh the engineering cache interactive policy?

A

What you should do in order to like avoid uh various uh like takedown? uh That might have happened at like various levels, um and so this is definitely like a challenging thing. um Just one example. I would take for like what that could look like for ipfs, so ipf's, safe mode is just an extension um to ipfs which like allow you to, like um only from like a blockless perspective, to like block certain content.

A

They would like to purge uh more easily your cache search through, like the the the various uh blogs that you've made um and also have an audit for like gateway operators, in order to know like what content has been blocked, which, time for what reason, and to be able to lecture to review that later um was made as a fork of ipfs. Just so like it can like easily be tried. But definitely the like underlying api could be little like more interesting on that.

A

Finally, some, like conclusion about serving what you care about, there's at least a growth in ipfs and like in content, providing and so both notably to an individual, should like have the tools in order to like better define what content is being served. What is being stored, who you want to provide and who you want to interact with um to do that?

A

Policy tools are like definitely essential to satisfy those needs um and they should be able like to work both for, like the content you provide, and the content you receive, um the accessibility will look like will be very different, depending on like who you are like addressing. If it's like uh users on like a web browser, if it is like another creator that we have like very different need but like the base primitive in the api, would have some shared set uh of of content, um and I think that's it for like the 15 minutes.

A

So yeah. That's for me.

A

Any question.

A

Yes,.

A

Business.

A

Yeah, uh so we had, I mean from the first time like we, we deployed the gateway we had to like integrate like these tools, so like the uh the trust and safety tool uh team like after, like he's able to like answer to like pcma requests to live like all the takedown requests, um it's integrated both at the bit swap level not with your loud list, but like with a custom mode which might migrate uh to zero deny list, but like has been integrated in person like the bitswap level, so that we for content we don't want to provide.

A

We both don't provide them through http, but we also don't provide them to beat swap um then it's integrated on the http level so that uh that kind of refuge like the cash at our edge. We push like the cash like we have at like base levels um in terms of like uses. um This kind of, like multiple um cases, is like the gateway cloud flow operates, but also like a lot older customers um that are using cloudflare.

A

So at the moment, we're more like on the on the move to like have claflet define what cleft wants to serve on its own gateway and, like all the users should they use. Cloudflare ipfs service would be able to define their own policy, and I I will just go through island and get back to you afterwards. Yes, I just wondered what it looks like when so, if you blocked a particular.

A

Yeah, so basically, when you have a blockchain id, we just return an http 451, which is actually it's nice, because http defines a code where, like it's unavailable for legal reasons, um there are also protocols which don't define that and it's just a mess because then like, as you mentioned like it, could be timeout. Sometimes it's just like an empty answer and you're like we depend on the protocol for http. We just return it like a four five one. How does the gateway node distinguish like from like when it's asked to get that cd and.

A

Yeah, I mean basically, we just have like a like a postgres database, like which we query for like before making an outgoing request. We after the resolution has been made, we have a cid and we just check if the ccid is included in like the list of content, we should not provide or reach out to so it never like reaches out a bit. So.

A

Yes, so um does it mean, like a cost, a little like performance, because you have to check that like is a cid? um Are you allowed to serve it or not? It's like very minimal uh addition, uh because, like I mean for what we've seen, the resolution is like, what's taking the most time, the just one quality database uh and like we could also like cache. This result like for some time it's not affecting performance that much yes, yes, is there any thought on like getting a consortium of other folks?

A

Are you gonna, distribute your denialist to others or sharing this among other parties kind of like the ad block world? So the answer is no.

A

uh We don't want to provide our own deny list um and once again, I'm not the one making the decisions more like from like the legal standpoint would be the same for like um content for like regular, like http traffic. uh We would like everyone to like define their own policy. um I think, like this kind of different approaches, um the kind of like ad block is nice uh like like for blocking like um certain like http uh like pass and requests and domains.

A

um If you don't have time to build your own, um and so for now, like cloudflare, is more looking into like we will like allow everyone like to do that. We are looking into like integrating public denialis so like, for instance, like the the one like from protocol lab for now and like all the contribution. But um the internal like deny list uh that we have could be like for various reasons and like we don't want to uh to in actively involve in, like sensor like helping censoring like some content.

A

If there was something like a call for gossiping about that, as opposed to just a replay, because that's when you could see like a player participating in even to inform your own private list or something um so once again, no um so basically clapham really tries to on the answer to like requested.

A

Like comes from like like legal background or like like that, I backed and so participating in like these, uh like gossip network, I think it's very valuable from like a community like community standpoint, like kind of like you're you're operating like a set of ipfs node. I don't like in france, for instance, and you want to share things and have insight, uh but as long as it doesn't like come from like a legal like recognized entity that, like reaches out to cloudflare cloudflare, won't take action like won't participate in these.