crypto channel: TLS 1.3

[daviddias]

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Currently go-libp2p implements secio, an in house baked crypto channel library. However, IPFS will be moving to TLS eventually, which means that libp2p must offer it as a crypto channel upgrade to a connection.

Our current endeavour is to have a TLS library that is compatible and exposes an connection interface, so that we can upgrade any connection to another peer on demand. forge is a full JavaScript implementation of TLS made by the folks at Digital Bazaar.

[mkg20001]

How does this look? https://github.com/mkg20001/libp2p-tls
I had to add some "magic" to make the peers determine which peer is going to be the tls-server/client randomly.
Currently it's using nodeJS native "tls" module which is openssl based.
Browser support using forge is planned

[dignifiedquire]

@mkg20001 I that is probably TLS 1.2. I believe the goal of moving to TLS was only to do so with 1.3.

[mkg20001]

@dignifiedquire ipfs/specs#29 (comment) . Here it says both will get implemented

[mkg20001]

Btw, the "magic" thing is just a 7/8 bytes protocol buffers packet with a random integer (the peer which randomly chooses the highest number is determined to be the server)

[dignifiedquire]

@mkg20001 thanks I didn't remember that and cool that you are implementing it :)

[daviddias]

@mafintosh I believe you mentioned you had an implementation of TLS 1.3, did I get that right?

[straiforos]

ipns://blog.ipfs.io/2020-08-07-deprecating-secio/

Just released more relevant info regarding TLS 1.3 support.

[p-shahi]

Superseded by https://github.com/chainsafe/js-libp2p-noise