Mike Dilger ☑️'s avatar
Mike Dilger ☑️ mike@mikedilger.com 7 months ago
So WebTransport still fails us in a few ways: * You still lose Tor support. Tor is TCP based. * You can't connect to a server and verify it by it's public key, you have to have a hash of its certificate somehow * Client-side certficates still use Web PKI, so can't be used for AUTH * You layer on a lot of complexity (
WebTransport
 is not straightforward) with marginal benefits. I agree with @Daniel Wigton about being "connection type agnostic". A message-based protocol can run over any transport, including bluetooth, or paper airplanes.
↑ Parent

Replies (1)

Repeatedly nuked profile's avatar
Repeatedly nuked profile 7 months ago
I think it's worth digging a little. I'm not big on TOR at all, so if that's a game-changer then fair. Tying a public key to a long-lived hash may be doable, though you'd need a refresh mechanism for when the browser forces. Again though worth digging. For Web PKI I read chatter before on some kind of push for secondary authentication, who knows, all very new. Complexity, no doubt. But I will say that if the performance you get with iroh holds up then it might be worth every trade-off. For me, p2p with this kind of performance is just nuts. Never in my internet history.