[WIP] propose: browser nodes can connect to any node out of the box #70
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,120 @@ | ||||||||||
| # Browser nodes can connect to any node out of the box | ||||||||||
|
|
||||||||||
| Authors: @vasco-santos | ||||||||||
|
|
||||||||||
| Initial PR: https://github.com/protocol/web3-dev-team/pull/70 | ||||||||||
|
|
||||||||||
| <!-- | ||||||||||
| This template is for a proposal/brief/pitch for a significant project to be undertaken by a Web3 Dev project team. | ||||||||||
| The goal of project proposals is to help us decide which work to take on, which things are more valuable than other things. | ||||||||||
| --> | ||||||||||
| <!-- | ||||||||||
| A proposal should contain enough detail for others to understand how this project contributes to our team’s mission of product-market fit | ||||||||||
| for our unified stack of protocols, what is included in scope of the project, where to get started if a project team were to take this on, | ||||||||||
| and any other information relevant for prioritizing this project against others. | ||||||||||
| It does not need to describe the work in much detail. Most technical design and planning would take place after a proposal is adopted. | ||||||||||
| Good project scope aims for ~3-5 engineers for 1-3 months (though feel free to suggest larger-scoped projects anyway). | ||||||||||
| Projects do not include regular day-to-day maintenance and improvement work, e.g. on testing, tooling, validation, code clarity, refactors for future capability, etc. | ||||||||||
| --> | ||||||||||
| <!-- | ||||||||||
| For ease of discussion in PRs, consider breaking lines after every sentence or long phrase. | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| ## Purpose & impact | ||||||||||
| #### Background & intent | ||||||||||
| _Describe the desired state of the world after this project? Why does that matter?_ | ||||||||||
| <!-- | ||||||||||
| Outline the status quo, including any relevant context on the problem you’re seeing that this project should solve. Wherever possible, include pains or problems that you’ve seen users experience to help motivate why solving this problem works towards top-line objectives. | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| One of the key environments for the web3 is the browser. Browser nodes have several connectivity challenges that result from their environment, with the most relevant being: | ||||||||||
| - unable to listen for incoming dials; | ||||||||||
| - no support for TCP; | ||||||||||
| - security policies require dials with WSS and DNS addresses. | ||||||||||
|
|
||||||||||
| Circuit relays have been used to work around these limitations. Browser nodes can establish a connection with them and bind to them to receive incoming dials. They can also be used to "translate" a connection from Websockets to TCP and consequently, enable browser nodes to dial GO nodes. | ||||||||||
|
|
||||||||||
| ##### Problem Statement | ||||||||||
|
|
||||||||||
| One of the critical pieces in the puzzle is the lack of ability from browser nodes to connect with GO nodes out of the box (majority of the network). By default, GO nodes do not listen on Websockets, nor have DNS + SSL configured. In addition, GO nodes do not bind to relays out of the box. This creates a network fragmentations and results in problems creating pubsub overlay, getting IPNS records, among others. | ||||||||||
|
|
||||||||||
| Having browser nodes to connect with go nodes out of the box essentially means one of: | ||||||||||
| - go nodes listen on webrtc by default + we can use limited relays to also negotiate webrtc conns + we deploy nodes that can act as limited relay and have dns + wss addresses (which means not all DHT servers will be capable of doing so out of the box) | ||||||||||
| - go nodes listen on websockets address by default + we find a solution for out of the box certificates for announcing dns+wss multiaddr | ||||||||||
|
|
||||||||||
| #### Assumptions & hypotheses | ||||||||||
| _What must be true for this project to matter?_ | ||||||||||
| <!--(bullet list)--> | ||||||||||
|
|
||||||||||
| - Dapp developers want browser nodes to exchange pubsub messages across the public network | ||||||||||
| - Dapp developers want to find IPNS records on the network | ||||||||||
| - Dapp developers want to fetch content from GO nodes | ||||||||||
|
|
||||||||||
| #### User workflow example | ||||||||||
| _How would a developer or user use this new capability?_ | ||||||||||
| <!--(short paragraph)--> | ||||||||||
|
|
||||||||||
| #### Impact | ||||||||||
| _How would this directly contribute to web3 dev stack product-market fit?_ | ||||||||||
|
|
||||||||||
| <!-- | ||||||||||
| Explain how this addresses known challenges or opportunities. | ||||||||||
| What awesome potential impact/outcomes/results will we see if we nail this project? | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| We had some really good discussions yesterday about the state of Pubsub/IPNS in each runtime environment + what are the gaps for building dapps on our stack out of the box. | ||||||||||
|
Contributor
There was a problem hiding this comment. Are there notes from the conversation? I am seeing now that this is WIP.
Contributor
Author
There was a problem hiding this comment. Yes, this was a wrong copy paste and not intended for the actual proposal. But here are the notes: https://hackmd.io/@gozala/state-of-ipns |
||||||||||
|
|
||||||||||
| #### Leverage | ||||||||||
| _How much would nailing this project improve our knowledge and ability to execute future projects?_ | ||||||||||
|
|
||||||||||
| <!-- | ||||||||||
| Explain the opportunity or leverage point for our subsequent velocity/impact (e.g. by speeding up development, enabling more contributors, etc) | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| #### Confidence | ||||||||||
| _How sure are we that this impact would be realized? Label from [this scale](https://medium.com/@nimay/inside-product-introduction-to-feature-priority-using-ice-impact-confidence-ease-and-gist-5180434e5b15)_. | ||||||||||
|
|
||||||||||
| <!--Explain why this rating--> | ||||||||||
|
|
||||||||||
|
|
||||||||||
| ## Project definition | ||||||||||
| #### Brief plan of attack | ||||||||||
|
|
||||||||||
| <!--Briefly describe the milestones/steps/work needed for this project--> | ||||||||||
|
|
||||||||||
| #### What does done look like? | ||||||||||
| _What specific deliverables should completed to consider this project done?_ | ||||||||||
|
Member
There was a problem hiding this comment.
Suggested change
|
||||||||||
|
|
||||||||||
| #### What does success look like? | ||||||||||
| _Success means impact. How will we know we did the right thing?_ | ||||||||||
|
Member
There was a problem hiding this comment.
Suggested change
|
||||||||||
|
|
||||||||||
| <!-- | ||||||||||
| Provide success criteria. These might include particular metrics, desired changes in the types of bug reports being filed, desired changes in qualitative user feedback (measured via surveys, etc), etc. | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| #### Counterpoints & pre-mortem | ||||||||||
| _Why might this project be lower impact than expected? How could this project fail to complete, or fail to be successful?_ | ||||||||||
|
Member
There was a problem hiding this comment.
Suggested change
|
||||||||||
|
|
||||||||||
| #### Alternatives | ||||||||||
| _How might this project’s intent be realized in other ways (other than this project proposal)? What other potential solutions can address the same need?_ | ||||||||||
|
|
||||||||||
| #### Dependencies/prerequisites | ||||||||||
| <!--List any other projects that are dependencies/prerequisites for this project that is being pitched.--> | ||||||||||
|
|
||||||||||
| #### Future opportunities | ||||||||||
| <!--What future projects/opportunities could this project enable?--> | ||||||||||
|
|
||||||||||
| ## Required resources | ||||||||||
|
|
||||||||||
| #### Effort estimate | ||||||||||
| <!--T-shirt size rating of the size of the project. If the project might require external collaborators/teams, please note in the roles/skills section below). | ||||||||||
| For a team of 3-5 people with the appropriate skills: | ||||||||||
| - Small, 1-2 weeks | ||||||||||
| - Medium, 3-5 weeks | ||||||||||
| - Large, 6-10 weeks | ||||||||||
| - XLarge, >10 weeks | ||||||||||
| Describe any choices and uncertainty in this scope estimate. (E.g. Uncertainty in the scope until design work is complete, low uncertainty in execution thereafter.) | ||||||||||
| --> | ||||||||||
|
|
||||||||||
| #### Roles / skills needed | ||||||||||
| <!--Describe the knowledge/skill-sets and team that are needed for this project (e.g. PM, docs, protocol or library expertise, design expertise, etc.). If this project could be externalized to the community or a team outside PL's direct employment, please note that here.--> | ||||||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the certificate problem seems like it could be a project in itself, go-ipfs certbot integration or something like that, the whole certificate problem is a diabolical one!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I see ipfs/in-web-browsers#181 touches on some of the issues related to certs, but that doesn't even suggest a clear path forward. That presents us with a scoping challenge here, we have no clear technical solution and this may end up being experimentation to figure out something workable. Ideally we'd have a solid idea to at least try and can scope fail/success with that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An experimental project here would be to vet the feasibility of a service to issue subdomain certs/DNS mappings to
https://<peerid>.libp2p.ioor similar.The other option is likely more viable (bind to a limited relay), but, we have to consider that if hole punching fails the nodes won't be able to speak.
Another option here is improving the active relay support story. If browser nodes are able to bind to a local node, or potentially later a relay-as-a-service, then execute dials through the relay as a fallback we can reduce the dependency on the SSL problem. This might look like:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://<peerid>.libp2p.iosounds like a whole can of worms, similar to the gateway problems (hosting content we don't necessarily want to host) but for more than just content (i.e. someone could abuse the service to host whatever they like, https, on a domain we own. Maybe there's been some thought put into how to deal with these kinds of problems already?2 other options for managing certificates:
The challenge process introduces awkwardness in both options but there could be a simple-path for easy setups (no NAT, no complex firewalls, etc.) and documentation for the more complex-path setups.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should attack this in two stages (updated ipfs/in-web-browsers#181 to reflect that):
/wss/deployments: no need for third party software like certbot or nginx.Even if we never do the second one, built-in ACME support for setting up
/wsson own domain is a good match of real life usage (people self-hosting IPFS infra on own domains), and would make things easier for everyone.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @mxinden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @vasco-santos for the ping.
👍 for option 1 being good enough, especially when "go nodes listen on webrtc by default", as browsers could connect to non-ssl Go nodes via WebRTC with the help of a smaller number of SSL + WSS Go nodes as signaling servers using circuit relay v2.
True. Sorry, in case this is a question already discussed: Is the goal of this proposal with
Browser nodes can connect to **any** node out of the boxa hard requirement, or is increasing overall connectivity on a best effort basis good enough?Asked differently would
Browser nodes can connect to **most** nodes out of the box, with the remaining nodes being the ones unreachable due to WebRTC NAT hole punching issues, be a goal worth achieving as well? To me 100% connectivity in a peer-to-peer setting seems impossible in the first place, thus I would assume the latter title to be more accurate. What do people think?