|
|
|
|
|
|
by rklaehn
3 days ago
|
|
|
At the lowest level it is a creative way to leverage all the work the major cloud vendors have poured into QUIC for p2p connections. If you look at an iroh connection in wireshark it is just a QUIC connection. If you configure a SSLKEYLOGFILE so wireshark can actually look into the packets, you will see a few TLS extensions and somewhat unusual packets flying by during the handshake, but once established it is a completely normal QUIC connection. That is also why we are relatively confident regarding encryption security. It is just TLS. And we can also leverage new encryption like post quantum key exchange with just a few config changes, without any code changes. See https://www.iroh.computer/blog/iroh-post-quantum-handshakes One thing that is genuinely novel is that we use QUIC multipath to keep the different paths (relay, various direct IP paths) separate. This has some technical benefits because the congestion controller does not get irritated when the underlying transport changes. Each transport has its own congestion controller. |
|
|