Iroh 1.0 - Hacker News

Posted by chadfowler 14 hours ago

Iroh 1.0(www.iroh.computer)

1028 points | 298 commentspage 8

commandersaki 14 hours ago|

So what has the reception been like with IETF?

rklaehn 13 hours ago||

Iroh is a project that combines existing IETF standards in an interesting way. For example we use raw public keys in TLS for the key exchange https://datatracker.ietf.org/doc/html/rfc7250 instead of coming up with our own key exchange scheme.

Our QUIC implementation noq is a standards compliant QUIC implementation that in addition to RFC9000 also implements the QUIC multipath draft RFC.

We try very hard not to invent new things unless absolutely necessary. In a few places we had to implement draft RFCs, QUIC multipath and QUIC NAT traversal. And there are some corners where we had to add our own extensions. But we try very hard to keep this to an absolute minimum.

Arqu 13 hours ago||

Were interacting with IETF on a number of projects and so far it's been going well :)

convolvatron 14 hours ago||

I should read the specs, but since it's such a foundational issue maybe someone who knows could respond briefly? the problem with a flat addressing space is that it requires every intermediate node to have state about every address, or perform a costly discovery mechanism for those it doesn't know about. is there a clever answer to this?

rklaehn 14 hours ago||

We have an answer, but it isn't really clever. We do have both built in and pluggable address lookup services.

Our default enabled address lookup service is using DNS in a creative way, but we also have a service that is fully peer to peer and is using the mainline DHT, specifically the bep_0044 extension that allows you to store a tiny bit of arbitrary data for an Ed keypair that you control.

https://www.bittorrent.org/beps/bep_0044.html

https://pkarr.org

Some custom transports such as TOR hidden services have a discovery system built in. In these cases we can just use the existing discovery system.

See for example https://github.com/n0-computer/iroh-tor-transport

matheus23 14 hours ago||

The secret is that iroh still uses IPs under the hood :) But with QUIC, your connections aren't bound to your four-tuple, your connection can migrate from e.g. WiFi to Cellular with only a small blip/hiccup. And with QUIC multipath, you can have multiple four-tuples "active" at the same time. iroh uses e.g. a "real" IP path mainly, with a websocket-based HTTPS path via relay servers as the backup (e.g. in case UDP is blocked).

MoonWalk 11 hours ago||

Is what?

shevy-java 12 hours ago||

> And because all data that comes from the connection is secured by that key, we can build up from that same key into identity, permissions, and attribution.

So basically they want to find out who is who. In other words: sniffing.

It's interesting how the discussion is currently shifting to meta-explain why sniffing is necessary. I noticed this at universities in the last years; people now either have a tablet or a smartphone or a yubico key. This will be extended in the future, there is no doubt about that. And they are selling it with fancy words, just as Iroh showed.

gamegod 13 hours ago||

Sounds good, but the first step in your quickstart is getting an API key, and I'm oh, so I guess your sales pitch was a lie and this is really just another Cloudflare-like play to build another intermediary in the internet. If that's not the case, then I shouldn't need an API key for hello world...

rklaehn 12 hours ago|

If you are a rust developer, you can just take a look at the examples in the iroh repo itself or in our iroh-examples repo.

None of them require an API key.

https://github.com/n0-computer/iroh/tree/main/iroh/examples

https://github.com/n0-computer/iroh-examples

jMyles 13 hours ago||

So is this like an unfree CJDNS? What are the main differences?

rklaehn 12 hours ago|

There is nothing unfree about iroh. All core crates are published with the standard MIT and Apache2 licenses.

jMyles 10 hours ago||

Oh gotcha - the 'pricing' page initially gave me the impression that routing was closed/paid. But I guess it's just hosted deployment?

ssx-x1 12 hours ago||

reticullum is better, and faster

konart 8 hours ago|

better and faster how?

schlap 13 hours ago||

Were all building the exact same shit.

dignifiedquire 12 hours ago|

are we?

yusefnapora 11 hours ago||

[dead]

abricq 12 hours ago|

[dead]

More comments...