Skip to content

Instantly share code, notes, and snippets.

@pfrazee

pfrazee/beaker-dat-ipfs-apps.md

Last active January 14, 2017 04:55
Show Gist options
  • Save pfrazee/e09dd58ed5a33040b830e902cc009d74 to your computer and use it in GitHub Desktop.
Save pfrazee/e09dd58ed5a33040b830e902cc009d74 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
beaker-dat-ipfs-apps.md

beaker ipfs/dat apps

what I think would be cool: an ipfs/dat site with an index.html that looks like this:

<!doctype html>
<script src="ipfs://mypfs.com/explorer.js@3.0.0"></script>
<script>exploreArchive('ipfs://pauls-public-files.com')</script>

or like this:

<!doctype html>
<script src="dat://mydat.com/explorer.js@3.0.0"></script>
<script>exploreArchive('dat://pauls-public-files.com')</script>

an explorer.js app, at version 3, is loaded from dat/ipfs. it provides the exploreArchive method, which (let's say) creates a file-browser gui and loads up the url I passed in. then, the protocol is accessed by the clientside js to fetch and explore my public file repo.

so this is demonstrating...

  • dat/ipfs acting as a secure p2p cdn
  • shortname lookup
  • versioning (by semver)
  • API access to the protocols, from the clientside js

I guess when es6 modules are working, we might also be able to do this?

```html
<!doctype html>
<script>
import exploreArchive from 'dat://mydat.com/explorer.js@3.0.0'
exploreArchive('dat://pauls-public-files.com')
</script>

which is even cleaner!

so what do we need for this to happen...

basic transport protocol integration

Dat and IPFS have the basic behaviors we need here, and dat is already integrated as a protocol. IPFS is underway. No problem there.

DNS lookup

IPFS has DNS TXT record lookup, which maps to the hash/public-key. Dat can/should? do the same. But, it's important we authenticate the records!

I looked into DNSSEC. The criticisms dont concern me. dnssec is what I'd recommend if nothing else existed (we just need to authenticate the registry's responses).

the alternative is authentication at another layer, like with TLS. It's too early to know if that'll happen for dat/ipfs, but-- the important bit is, either DNSSEC or the other layer will happen, and so we can safely move forward with DNS TXT records if we want to.

versioning

I know the dat protocol is designed for versioning, though I don't know the details yet. I think IPFS does as well?

I like semver. I like the idea of being able to put semver tags (or even semver ranges?) in the dat/ipfs URL. can we do that?

reader privacy

obviously, no requests happen if the information is locally cached. but, on first query, or if there's a semver range, or no semver tag at all, then the p2p network will be queried for updates. also, DNS will reveal the lookups.

I dont know the privacy properties of the p2p networks. I'd guess that a query is pretty open, because query-success is the top priority. in which case the reader-privacy profile isn't very good, is it? because your announcing to the whole network what you're looking for.

what's the dat story for reader privacy? what about ipfs?

@pfrazee
Copy link
Author

pfrazee commented Jun 11, 2016

chat transcript RE dat:

mafintosh
we use dns for peer discovery
https://github.com/mafintosh/dns-discovery

pfraze
right, but for shortname->hash/pubkey mapping ?

mafintosh
a CNAME should do it

pfraze
yeah. I think IPFS uses TXT records
and as I wrote in there, we need authentication
which, I think dnssec should work fine for

mafintosh
yea def
we are deploying something like that for dat.land soon
because you'll be able to clone dat.land/name/repo
for versioning we use append only logs as you know
i version is just the append only log at a given point in time
hyperdrive has two append-only logs, one for file content and another one for a changes feed
versioning there is simply pinning the changes feed

pfraze
right, so you're capturing the hash

mafintosh
ya

mafintosh
in the changes feed you can put a message that describes the version in more human friendly ways
like a message or a semver version

pfraze
ok solid

mafintosh
only both feeds are encrypted
in transport, re privacy

pfraze
right so, a passive observer wouldnt know what youre fetching, but somebody with the archive would?

mafintosh
yea
something with the archive key would, everyone else not

pfraze
ok that's interesting
so you can do secret sharing
but reader privacy wont be good in common resources, right?

mafintosh
it'll still hide it from your isp
so you'll get "mass surveillance" protection
but yea it degrades
if you share the link to everyone

pfraze
yeah we may need to look into modes for reader privacy
tor maybe

mafintosh
so ... cool thing about dat
since all transports are encrypted
you can safely route it through an untrusted proxy
add enough proxies and you'll get better anonymity

pfraze
that's probably the right solution, but another might be to ask one peer at a time
if that's possible?
and always ask a different peer

mafintosh
yea
that part is pretty flexible
since the swarm is decoupled

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment