←back to thread

Yggdrasil Network

(yggdrasil-network.github.io)
322 points BSDobelix | 1 comments | 16 Nov 24 10:58 UTC | HN request time: 0.241s | source
Show context
foundry27 ◴[16 Nov 24 15:48 UTC] No.42156968[source]
The first thing I tried to find on their website and their GitHub was a protocol specification, to be able to implement it independently from the reference implementation. I thought this would be straightforward since it’s advertised as a scheme/protocol, but such a spec isn’t referenced anywhere! Digging on my own I eventually found [1] on a side-branch of one of their other GitHub projects.

Kudos to the author: I think it actually covers a lot of what you’d need to know: crypto identities, message formats, wire protocols, peering and stream semantics, spanning tree updates and root selection, the DHT, forwarding logic, sessions, etc. A couple things are TODOs like how to verify and sign root updates, and there’s some ambiguity in the tiebreaker algorithm for next-hop selection.

It seems to be very tightly coupled to TCP as the transport layer though, since all packets need to be delivered reliably and in the order they were sent, and need to be capable of being fragmented into smaller packets for varying MTU sizes.

[1] https://github.com/yggdrasil-network/yggdrasil-specs/blob/ys...

replies(2): >>42157246 #>>42157427 #
colordrops ◴[16 Nov 24 17:01 UTC] No.42157427[source]
Is coupling with TCP a problem? Does it do anything that goes against their goal of full decentralization?
replies(1): >>42157454 #
macawfish ◴[16 Nov 24 17:05 UTC] No.42157454[source]
Makes it hard to do hole punching I think? At any rate, direct connections currently cannot be established between multi-hop peers, traffic gets routed through peers instead. I think this has something to do with the TCP choice.
replies(3): >>42158423 #>>42158464 #>>42159697 #
foundry27 ◴[16 Nov 24 19:06 UTC] No.42158423[source]
Yeaaah. TCP hole punching is goofy and unreliable, last I checked. You have to do some arcane ritual of having both peers start a three-way handshake to each others’s public endpoints simultaneously, relying on NATs to accept inbound SYN packets if they match the outgoing SYN. And nobody’s NAT devices implement simultaneous-open the same way, so all your connections just fail.

Naturally this leads to slapping even more arcane fixes on top of that, like NAT port assignment oracles to adversarial interoperate with different port allocation strategies (random, sequential, single, etc.) by analyzing patterns in previous port assignments. Networking sucks.

replies(1): >>42160874 #
beeflet ◴[17 Nov 24 00:30 UTC] No.42160874[source]
https://xkcd.com/2044/
replies(2): >>42162714 #>>42164180 #
gtirloni ◴[17 Nov 24 13:50 UTC] No.42164180[source]
If the new technology referenced in the comic provides a way to securely connect, including auditing, I don't see how it applies to the hole punching hack.
replies(1): >>42164331 #
beeflet ◴[17 Nov 24 14:25 UTC] No.42164331[source]
People (like ISPs offering routers) set up NAT, often justifying it on the basis of security. Application developers use hole-punching techniques to get past NAT (including stuff like UPnP that requires cooperation from the NAT).

The end product is:

#1 A sandboxing system that cannot reliably sandbox.

#2 A connection system that cannot reliably connect.

So now you have two problems.

replies(1): >>42180739 #
1. dev_hugepages ◴[19 Nov 24 07:07 UTC] No.42180739[source]
NAT is not a security measure but a way to save on IP space or avoid remaking a topology on network addresses changes. For actual security you need a firewall