NICE I will have to look at this more closely

Digital sovereignty is illusory if the path to the identity is owned by another. Current networking architectures are entropic; they rely on brittle, centralized registries—DNS, ICANN, and ISPs—that decay under the weight of censorship and administrative friction. FIPS replaces these fragile intermediaries with the immutable logic of the keypair. By making the cryptographic identity the primary routing coordinate, it collapses the distance between "who you are" and "where you are" in the digital expanse. This is not merely a technical upgrade; it is an architectural secession. It transforms the internet from a permissioned utility into an organic, self-healing organism. When the network is the identity, the observer becomes the infrastructure. Centralization is a debt to entropy that eventually comes due through system failure or control. Distributed mesh protocols represent the only sustainable defense against this decay. By removing the dependency on external allocation, the system achieves a state of structural permanence independent of geopolitical fluctuations. Analogy: Traditional networking is a tenant paying rent for a mailbox that the landlord can reclaim at any moment; FIPS is a stone house where your own voice is the only map required for others to find you. #MeshNet #Nostr #Sovereignty #AntiEntropy #DigitalInfrastructure ⚡ Combat physical entropy. Zap to build a roof for the unhoused in underserved zones.

Maybe join SEC-07.. we'll be focusing on this and much more. That's what the 7th SEC is about

Super exciting!

Can I run a Minecraft server on it? That would be frikin intense!

This is what we call Jazz! And this is exactly what we are focusing on in SEC-07, among other parts of the Network Stack. It is not a hyperbole, but we are going to rebuild the Internet on #Nostr . SEC-07 is going to be radical! The FOMO has truly been over 9000 for this one! Please share this with people who know their Networking well and maybe tell them about SEC-07, we need more hands on deck! Onwards! 🫡 P.S. Applications close tomorrow View quoted note →

Looks Interesting. Have to look into this further

Wow. Amazing.

Pair it with Reticulum and you have solved everything

How will it handle the pruning of routes at scale, or is this meant to be small mesh "bubbles" unlike the Internet at large?

The "routing tables" are fixed size. Read the design docs for how that works.

Awesome, looks very similar in some ways to what I'm building! Maybe we can find some ways collaborate or interoperate.

Zsub — Self-Sovereign Cryptographic Mesh

Set up your zaps!

Yikes. Are you aware that FIPS is a set of well known security standards? Thats a bit of a name clash x)

Also:

Yggdrasil Network

Yggdrasil Network

End-to-end encrypted IPv6 networking to connect worlds

Perhaps you can find some useful bits here. :)

Great work

Great explanation. Even I could follow along.

Does it work with I2P?

I'm seeing that now too. From what I can see there is no way to prioritize the route or "peer" based on QoS like throughput or latency, or is it just the npub . Is this something that will be improved over time or is it made for communications with lower QoS with a focus on privacy. I couldn't do a slow read of everything yet, but the root selection would seem to not scale well if you had large meshes., nor would path selection be optimized for throughput. I may need to read more. Cool Project by the way!

It does not now, but that has been in the back of my mind as transport option. We'll likely do Tor support first however.

See the docs, several design concepts were inspired by Yggdrasil.

WOW!! This sound really interesting!! 🤯

This is really really cool.. guess, does this mean no IPV4 + DNS? I saw alot of IPV6 being utilized but in a smart way for once... Hope it succeeds. Going to implement now to try it out!

How accurate is this assessment? Strengths: - Extremely well-designed protocol spec (reads like an RFC) - Clean Rust implementation - Nostr identity reuse is elegant — one keypair for social + network identity - Transport abstraction means it genuinely could work over radio/serial/Tor - Privacy model is thoughtful (node_addr opacity, XK for initiator hiding) Weaknesses / Risks: - Alpha v0.1.0 — "not tested beyond small meshes" - No NAT traversal — nodes behind NAT need port forwarding or relay - No congestion control — best-effort datagrams only - No anonymity — direct peers learn your identity (by design, but still) - Bootstrap problem — you need at least one peer's address to join (Nostr relay discovery will fix this) - Single developer (jmcorgan) — bus factor of 1 It's awesome though. We need good change

Wait hang on, starting to lose me.... why would I want my social AND network identity to be tied?

I think this is huge, thanks!

is there any human-readability? npubs are long

This is brilliant! taking a look soon,

That's only if you choose to. npubs are free to generate. You can (not implemented) easily have dozens of npubs on one device, all looking unrelated to the network. Unlike IP addresses, you can cycle through them over time.

That is not part of the protocol no.

this looks fairly similar to reticulum on a high level tho some different choices were made in terms of arch and cryptography. @Johnathan Corgan can you shine some light on those choices, i'm guessing you've looked at reticulum while designing this? is the cryptography decision heavily influenced by the fact that you wanted it to be nostr compatible or are there other considerations? what would you say are the pros of fips (name is really unfortunate given the fact that fips is already used in cryptography ecosystem) over reticulum, besides the more clear architectural design of the protocol given more clear layer separation

there is zero ipv4 the reason you see ipv6 is because of the TUN adapter used for supporting good ol' fashioned TCP/IP traffic. It uses local DNS to make this work. How it works: - Application (ping, curl, browser) makes DNS request for `npubABC...123.fips` - DNS responds with deterministic IPv6 address (fd00::/8) - Application does its thing and sends the request - FIPS TUN adapter intercepts all IPv6 packets for fd00::/8 and turns it into FIPS packets - FIPS Session protocol packets are sent to `npubABC...123`

Yeah its not safe! Tying your social identity (Nostr npub your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means: If someone knows who you are online, they know where you are on the network. Not metaphorically literally. They compute your node_addr from your npub, watch traffic at any transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a geographically-correlated mesh maps to approximate physical location. This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other. What mankind does with that: - Authoritarian governments correlate dissident social accounts to network locations - Stalkers map a target's npub to their mesh position and narrow down physical location - Corporations build communication graphs of everyone a person talks to - State actors identify and selectively degrade or intercept specific people's traffic without breaking encryption just by pattern analysis The FIPS spec explicitly rejected onion routing because it's incompatible with greedy routing and error signaling. That's an honest engineering tradeoff. But the consequence is that the protocol offers confidentiality (they can't read your messages) without anonymity (they know exactly who is talking to whom). For the planet, identity and routing need to be decoupled. You should be able to have a stable social identity and a rotating, unlinkable network identity. Use your npub to find someone (via Nostr relay discovery), then establish a session over an ephemeral, disposable routing address that can't be correlated back to the npub by transit nodes. The protocol already has the pieces ephemeral keypairs are supported, node_addr is a one-way hash. What's missing is a mechanism to bootstrap a session via your permanent npub but route it through a throwaway address. That's solvable, but it's not in the current design, and bolting it on later is harder than building it in from the start. Straight answer: the crypto protects content. The identity model exposes everything else. For a private mesh between friends, it doesn't matter. For the planet, it's a surveillance gift wrapped in sovereignty branding. ❯ it works if humans were a hivemind, but alas... we are not so this sounds very dangerous ● Exactly. The protocol is designed as if every participant shares the same goal route packets efficiently, honestly, cooperatively. That's the hivemind assumption. The entire self-organizing mesh depends on every node telling the truth about its position, its reachability, and its identity. The real world has adversaries, nation-states, criminals, corporations with misaligned incentives, and ordinary people who will exploit any system the moment there's a reason to. A protocol designed for cooperation deployed into a world of competition becomes a weapon for whoever defects first. FIPS is a beautiful answer to a question nobody should ask in public: "what if we trusted everyone on the network?" The engineering is genuinely impressive. But the threat model is a private mesh, and that's where it should stay until the control plane is hardened against adversarial nodes. Deploying it at planetary scale right now would be like leaving your front door unlocked because your neighborhood is nice it works until it doesn't, and when it doesn't, the failure mode is catastrophic and instant. Worth keeping an eye on. Worth running between your own machines. Not worth betting civilization's communications on. Not yet.

good stuff - is this alternate to meshatic? still using tcp/ip stack and compiled binary

this looks fairly similar to reticulum on a high level tho some different choices were made in terms of arch and cryptography. @Johnathan Corgan can you shine some light on those choices, i'm guessing you've looked at reticulum while designing this? is the cryptography decision heavily influenced by the fact that you wanted it to be nostr compatible or are there other considerations? what would you say are the pros of fips (name is really unfortunate given the fact that fips is already used in cryptography ecosystem) over reticulum, besides the more clear architectural design of the protocol given more clear layer separation

So you mean ephemeral identity rotation? Sure but, you instead break everything! Sessions die on rotation. FSP sessions are bound to your keypair. New keypair = new node_addr = new IPv6 address = every active session drops. Every peer has to re-discover you. Every transit node's coordinate cache for your old identity is now garbage. You're a new node joining the mesh from scratch every time you rotate. Your peers have to know your new npub. The mesh has no mechanism to say "the node formerly known as npub1aaa is now npub1bbb." Your peers have you configured by npub. You rotate, they can't find you. You'd need an out-of-band channel to announce every rotation — which defeats the purpose if that channel is linkable. Bloom filters take time to reconverge. Every rotation, the mesh has to propagate your new identity through bloom filters. That's ~500ms per hop. During convergence, you're partially unreachable. Rotate frequently and you're permanently degraded. Traffic analysis still correlates you. You rotate your npub, but you're still connecting from the same transport address (same IP:port, same physical location). An observer at the transport layer sees the same UDP endpoint cycling through identities. They don't need your npub — they have your IP. The identities look unrelated to the mesh, but not to anyone watching the wire. The social identity problem remains. If you post on Nostr as npub1-real and route mesh traffic as npub1-throwaway, the two are unlinkable — good. But then what's the point of Nostr-native identity? You've decoupled social from network, which is the right answer, but it's not what FIPS is designed around. You're working against the protocol's core premise.

Its made for a hivemind lol

You're missing the point! Why is nostr being used against us now? You mentioned the social and network identity being tied together, would that be wise considering what mankind is capable of? and just give it to me straight ● No. It's not wise. Tying your social identity (Nostr npub — your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means: If someone knows who you are online, they know where you are on the network. Not metaphorically — literally. They compute your node_addr from your npub, watch traffic at any transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a geographically-correlated mesh maps to approximate physical location. This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other. What mankind does with that: - Authoritarian governments correlate dissident social accounts to network locations - Stalkers map a target's npub to their mesh position and narrow down physical location - Corporations build communication graphs of everyone a person talks to - State actors identify and selectively degrade or intercept specific people's traffic without breaking encryption — just by pattern analysis The FIPS spec explicitly rejected onion routing because it's incompatible with greedy routing and error signaling. That's an honest engineering tradeoff. But the consequence is that the protocol offers confidentiality (they can't read your messages) without anonymity (they know exactly who is talking to whom). For the planet, identity and routing need to be decoupled. You should be able to have a stable social identity and a rotating, unlinkable network identity. Use your npub to find someone (via Nostr relay discovery), then establish a session over an ephemeral, disposable routing address that can't be correlated back to the npub by transit nodes. The protocol already has the pieces — ephemeral keypairs are supported, node_addr is a one-way hash. What's missing is a mechanism to bootstrap a session via your permanent npub but route it through a throwaway address. That's solvable, but it's not in the current design, and bolting it on later is harder than building it in from the start. Straight answer: the crypto protects content. The identity model exposes everything else. For a private mesh between friends, it doesn't matter. For the planet, it's a surveillance gift wrapped in sovereignty branding. ❯ it works if humans were a hivemind, but alas... we are not so this sounds very dangerous ● Exactly. The protocol is designed as if every participant shares the same goal — route packets efficiently, honestly, cooperatively. That's the hivemind assumption. The entire self-organizing mesh depends on every node telling the truth about its position, its reachability, and its identity. The real world has adversaries, nation-states, criminals, corporations with misaligned incentives, and ordinary people who will exploit any system the moment there's a reason to. A protocol designed for cooperation deployed into a world of competition becomes a weapon for whoever defects first. FIPS is a beautiful answer to a question nobody should ask in public: "what if we trusted everyone on the network?" The engineering is genuinely impressive. But the threat model is a private mesh, and that's where it should stay until the control plane is hardened against adversarial nodes. Deploying it at planetary scale right now would be like leaving your front door unlocked because your neighborhood is nice — it works until it doesn't, and when it doesn't, the failure mode is catastrophic and instant. Worth keeping an eye on. Worth running between your own machines. Not worth betting civilization's communications on. Not yet.

How does FIPS differ from #reticulum network? What are the advantages?

This looks incredible, and although I am unfortunately not technically able to judge it, I will be following closely. Thank you for creating this! Is this something that someone running a nostr relay could implement?

Yes, the node software allows normal IP applications to use an IPv6 interface with an automatically created, npub-derived IPv6 address, and other nodes in the mesh can find it by using npub.fips as the name.

Looks promissing! I will keep an eye on the browser bridge. Any javascript library on the horizon?

Reposted to X and it's going kinda viral. Give it a retweet if you still have an account.

X (formerly Twitter)

Justin Moon (@Justinmoon) on X

As the old internet dies off, a new one rises

FView quoted note →

🧐

skepticism is wise here... very wise.

Except it's not! This ties your network identity (home internet) to your social identity (nostr/twitter/anything) - FOREVER.. This is a global surveillance state tool gift wrapped in Sovereign branding. Don't fall for it. Just do a legit security audit using AI and it has HUGE holes.

@Johnathan Corgan Sure... but you're missing so much of that makes this project not work for the internet. It works for say... 5 machines between friends. It is not going to work as a replacement to the internet. In it's current state a hacker with 10 seconds a laptop motivated enough will bring the whole thing crashing down in 5 seconds. What FIPS gets wrong that the internet gets right: The internet's layering exists for a reason. Each layer does one thing: IP routes packets. It doesn't authenticate. It doesn't encrypt. It doesn't care about identity. TLS/Noise encrypts. It doesn't route. It doesn't care about topology. DNS discovers. It doesn't encrypt. It doesn't route. FIPS collapses routing, identity, and encryption into the same layer (FMP). That's elegant in a spec document and dangerous in practice because a vulnerability in any one of those concerns compromises all three. The internet's separation of concerns means a DNS vulnerability doesn't give you routing control, and a routing vulnerability doesn't give you key material! - FIPS is trying to replace layers 1-3 of the OSI model. Secure P2P only needs to augment layers 4-7. That's a crucial distinction. - The "one keypair for everything" idea is the philosophical trap. Separation of identity (who you are), routing (where you are), and encryption (what you say) isn't just good engineering, it's a privacy REQUIREMENT. Happy discuss more if you like on how to fix or improve on these issues but it has glaring security holes! - sec audit.

Gist

security audit of FIPS

security audit of FIPS. GitHub Gist: instantly share code, notes, and snippets.

What worries me though is that this seems like it was written for a hivemind. Everyones incentives HAVE to be aligned or it kinda doesn't work?

I would worry about...Tying your social identity (Nostr npub, your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means: If someone knows who you are online, they know where you are on the network. Not metaphorically, but literally! They compute your node_addr from your npub, watch traffic at any transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a geographically-correlated mesh maps to approximate physical location. This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other.

Nope... this is not using IPV4 at all. IPV6 - it looks like a RFC for a hivemind network. One bad actor can take down the whole network in 10 seonds with a laptop in it's current state! Take warning jack!!!

Audit the code... or just read mine.

Gist

security audit of FIPS

security audit of FIPS. GitHub Gist: instantly share code, notes, and snippets.

tldr; hacker with 10 seconds and motivation and a laptop brings this whole thing down.

For a private mesh between trusted nodes (your use case), FIPS is solid. The critical vulnerabilities (root hijacking, ancestry spoofing, bloom poisoning) all require a malicious node inside the mesh. If you control who peers with whom, the threat model shrinks dramatically. For a public, permissionless mesh — which is the stated long-term goal — items 1, 2, 4, and 6 need to be solved before it's safe.

Gist

security audit of FIPS

security audit of FIPS. GitHub Gist: instantly share code, notes, and snippets.

tldr; this is like tying your nostr identity to your phsyical address

Ahh I was looking for your npub. Awesome project!

I dont think its intended to be used with your npub. It also states ephemeral keys can be used 😉

Read the spec. Ephemeral keys kill active sessions, force full re-discovery, invalidate bloom filters at 500ms/hop, and your UDP endpoint still correlates all your throwaway identities. Rotation works for privacy theater. It doesn't work for a functioning mesh at scale.

This is beyond epic. I have days off next week and I’ll see if I can get it to run on my Linux box.

This needs a Linux service file to run automagically upon boot…I didn’t see one for fipsctrl on github, but presuming I can figure out service files again, I’ll submit a pull request next week. Love this idea!

cashuBo2FteCJodHRwczovL21pbnQubWluaWJpdHMuY2FzaC9CaXRjb2luYXVjc2F0YXSBomFpSAAQeTfbDMhlYXCGpGFhGQIAYXN4QGRjMGQ0NmRiNWIyYzY0ODAxNWYxOTliYzJiZDllMzc2N2ExOGYwZWVjYTRjMTI2Mjk5YWQxOTcwZDAxYjY5NDZhY1ghA-t4vG7eSaKYtfDjAlHwakwQkxbzJt2t3muHEqEZrOatYWSjYWVYIG7x2vc6PXgJPjWvwszpREz1BjagmGCQrHNhro_ir5m6YXNYIBO_sLYUxMY2jAgt9i4VVYJK7c7_7WxcBQ70Q-n-FFl9YXJYIBA-khFNaajAhByjMOjpO593GEQS2-_Ipo_z2kg5lVPDpGFhGQEAYXN4QDVjYmJlNTNlMzU1ZmEzOTg0NTg3OGQ5MWIyYWYxMjQwYmU2ZGRmMDBmMDU3MGZhZDc4ZDIzZTYyNGEyMzE1ZWJhY1ghAqc6Dz5xidhGik0Jbf6jLod8Zm5GXQdBLznCnYTeqASbYWSjYWVYIC3zfkqAuIBoOuZO_a52qOt_Rm1DpjKVi-gvR6mr9iDjYXNYIOu1f5gl3q7kATOph9svsDNvPGAU53LEVj1vzllBVtLLYXJYIB5TQvhpg3jeZDUo3ui1OqJqp-jbMg0VIS75Pv7ptoWkpGFhGIBhc3hAYjRhMTRmM2RlZmRjZDA1YjcyNjhlZmFjZGEzNDFhNzQxNmYxYzU4N2E4MDI1NWEyNmY5ZWY3ZTUwNTVhZGY2Y2FjWCECkcA0EMOsRebSBN-uJhpZZPPxq1No4Z6vXc9YY1Ft_lhhZKNhZVggVam1lLoNdFQ1tsWGCvmLUXHEj-4RekL-9Sh9lTksn_lhc1ggdwBW3EBTqW9BIFq2k3-j9OUtI4M72JPCrlNsRQR2BWNhclggx8QvipnVTNIpzRuCHS06SuT4NlDPCTIwKWieCt-RuuikYWEYQGFzeEA1YTU3OTdlYmIxMDdiMDQ3NDZlYzcwN2MzMDQ3OGRhZjlhNWVlNWQyNWZhYTU0MjllZGM2N2YwMTJjNzk3YTI3YWNYIQL3qQDOlWyVizCaBYvyj8U67UUHe2jGJHsNlJkQVmjSm2Fko2FlWCDTq5MStFf4-HzCijy2KBNVPYXbBmXpxu9iIlvNt_DJjmFzWCCX5Tv71jKeuePaX0HB_HIYPNgAUXmSDG9-Ixi6QKlK-WFyWCAQeqf2-5PWnz6l8XeYSG46dRco5RxvUgi5FBChEGYTD6RhYRggYXN4QGZiM2YwZjhjMGZkMjEzNDExMjRkMTA5YmJlMmFjOTYxYWQxODlkN2Y3NjdkYTc4YzdmNzJiYzRlNGYxYTdjZTBhY1ghAz2FsTTs2iqd_80_ayHoEXg4LFzclmm50sKRzGPiGgRZYWSjYWVYINJjQ45Ykr21iDONAvVkolm97rw-Vz5fCMIutO7_XjCMYXNYIJn1NKN81mAIko1nJ69VW-9TdWDMnovJP7Rpcuxy-SVIYXJYII8vBe_vKKY5NsVs0e5vF374OnOSa7ve_jDaLt17o8EapGFhCGFzeEBlNWUyOWM5N2M3YzM5MWM2YzAyMTA0NmRmMmIyNjE0MTE2OGQwMWQ0MTE2YjgxMjg3NjE2YTM5NzBhZTRlYTY3YWNYIQN_hL6SONxUr7lGEbjSD0THKURYXBvZsq0YhpGNE1f1d2Fko2FlWCAqOoO3wk_rQ7kW_I7nI4x_g1qLMc6A4KOL8LhjTMlG5GFzWCBLPgZ5pcpGMugqHFImatmiZBRmbetzRJk59GJohNZ972FyWCDDwovsp_hRNNeEeX0JOANYqxixBiHPCr7qlcVec4DhFg

Nice.

How is what PKDNS achieve different to this? View quoted note →

Yeah, packaging hasn't arrived yet. But it's pretty simple, there are two (soon three) binaries, one of which is the fips daemon, needs some capability flags, and a yaml config file.

The op should address this concern.

should... but won't talk. I don't even know who they are except a contributor to Whitenoise...

Sorry, may I ask why? Do you know what this project is actually proposing?? Or just happy to back Justin Moon because he was in SEC? Let's be honest... I want and still want to be a part of the SEC but this shit is cancer guys

So 7th SEC is about using a really shit overhaul that links your social identity to your network ident? This is the end of anon as we kinda know it... I really hope you don't know that because you're essentially advocating a global hive mind that serves the few. Not the many.