-
-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not use default iroh relays #5591
Comments
We discussed irl that just using a #[cfg(test)] flag should be enough, no? |
I still think we should use the default relay because communication becomes impossible if no member in a group has a chatmail server. (no relay and direct addresses => no direct connection). For us, everyone uses chatmail, so we don't really care, but I don't know how the situation is in Cuba. If you are really concerned about security, you can make sure that you yourself are on a chatmail server or disable realtime completely. @hpk42 @r10s @adbenitez |
On Mon, May 20, 2024 at 06:43 -0700, Sebastian Klähn wrote:
I still think we should use the default relay because communication becomes **impossible** if no member in a group has a chatmail server. (no relay and direct addresses => no direct connection). For us, everyone uses chatmail, so we don't really care, but I don't know how the situation is in Cuba. If you are really concerned about security, you can make sure that you yourself are on a chatmail server or disable realtime completely. @hpk42 @r10s @adbenitez
Default iroh relays might upgrade, and break the wire protocol, thus bricking previously working released DC app versions.
So if anything, we need an own fallback relay where we control the relay server version.
Discussed yesterday with @link2xt that "ir.testrun.org" might be such a central relay,
configured as fallback if no chatmail-one is available. It could run on "b1" for now,
or be created on a separate vm. As we are still experimental, it doesn't matter
that much right now.
|
Breaking the wire protocol is also an issue when we host the relay server ourselves as newer versions of deltachat will probably adopt the latest protocols and thus need a new default relay server also. This leads to the solution where we create default servers for every breaking iroh version so that people can keep communicating even with older iroh versions. One problem that still remains is that every iroh protocol break will then divide the communicating users as old apps will not be able to communicate with apps that have a newer version of iroh. This can produce all kinds of errors that we need to handle because core will not know that this happened. |
An update on the current plan for the wire-protocol stability of iroh:
We might well end up running old relay servers for much longer, that's not decided yet. Why bother dropping the backwards compatibility to current versions at all? There are reliability and abuse issues with the current version that can not be addressed without changing the wire protocol. While they can be mitigated to some extend they can never be entirely fixed. Keeping the current protocol alive for longer only means we are exposed to more for this for longer and that we'll have to try hard to fix issues that we know can be fixed better. How will this not happen after 1.0? We're adopting approaches more deeply integrated with QUIC itself, and draft standards that have had more scrutiny from the QUIC ecosystem and can evolve with it. While this is not a guarantee it increases our confidence that we'll be able to keep that version current for much longer. But at the end of the day protocols eventually get replaced or evolve anyway, for example we no longer use SSL 2.0 either. |
We should not use default iroh relays, but only connect to other peers that have relays if we don't have our own relay:
deltachat-core-rust/src/peer_channels.rs
Lines 208 to 210 in 36f1fc4
However, disabling it now will break Rust tests because they don't connect to IMAP and cannot get the relay address from IMAP METADATA. Tests should be moved into Python deltachat-rpc-client first.
The text was updated successfully, but these errors were encountered: