←back to thread

Iroh: A library to establish direct connection between peers

(github.com)
239 points gasull | 4 comments | 25 Jun 25 16:34 UTC | HN request time: 0.977s | source
Show context
b_fiive ◴[25 Jun 25 19:03 UTC] No.44380803[source]
hey I work on this! AMA!
replies(4): >>44380893 #>>44380970 #>>44381056 #>>44387310 #
pluto_modadic ◴[25 Jun 25 19:32 UTC] No.44381056[source]
do keys have a defined prefix or identifier? e.g., Veilid uses vld0? pkarr uses pk:?
replies(1): >>44381095 #
1. b_fiive ◴[25 Jun 25 19:37 UTC] No.44381095[source]
keys are always ED25519, we use raw public key bytes, without prefixes.

Applications are more than welcome to use prefixes, but the use of ED25519 is not configurable

replies(1): >>44381173 #
2. rklaehn ◴[25 Jun 25 19:43 UTC] No.44381173[source]
To expand on this: iroh is a rust library. A NodeId is just an Ed25519 public key, but of course it has a distinct type. If in the future we want a different public key standard, it would be a different rust type.

Encoding keys is mostly left to the user. The only exception are tickets. Tickets are postcard serialized and have a version field, so we can keep tickets compatible if we ever want to use a different public key standard or hash function.

(disclaimer, I also work on iroh)

replies(1): >>44381481 #
3. rrauch ◴[25 Jun 25 20:21 UTC] No.44381481[source]
I've been following Iroh's development for quite some time now and I have to say that I've been really impressed with what you've built so far.

At one point I'm going to use Iroh (or something heavily inspired by it) as the transport layer for a project I am working on. Can't wait.

I do have one question though while I have your attention: what was the reason you decided to use the Ed25519 public key as the NodeId directly? I mean, why not derive the NodeId from the public key instead (by hashing it for example)? Then the protocol itself would not be so tightly bound to Ed25519. A little indirection here would have been useful imho.

It's the one thing I have been wondering about Irohs design that I haven't really been able to answer by myself.

Anyways, great work! Keep it up!

replies(1): >>44383502 #
4. rklaehn ◴[26 Jun 25 01:45 UTC] No.44383502{3}[source]
We decided to keep things simple. In general we try to provide one good way to do something instead of having a lot of options.

E.g. we only provide Ed25519 for keys and in iroh-blobs only BLAKE3 for hashing, instead of having a multihash scheme. Having the public key directly available is sometimes useful, e.g. for verifying signatures. It also allowed us to directly use the mainline extension BEP_0044 to store data for public keys.

That being said, I am very confident that we will be able to provide a relatively smooth transition if we ever have to switch from Ed25519 to another public key format.

For connection encryption we use a TLS extension called raw public keys in TLS, and here of course the keys are prefixed, and we could easily upgrade to another key format and then at some point stop supporting Ed25519 keys.

raw public keys in TLS: https://datatracker.ietf.org/doc/html/rfc7250 storing arbitrary data in the DHT: https://www.bittorrent.org/beps/bep_0044.html