-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protocol choice for peers discovered over multicast #1187
Comments
What use case do you have in mind? It would be extremely unusual to find one protocol available and another one blocked at the link-local level. |
QUIC is my personal use case, which requires manual peering to use with local peers in the current implementation. Generalizing to allow using any of the supported peering protocols rather than just QUIC and TLS would likely be the easiest to implement and maintain. |
What I'm not sure about is why you'd prefer QUIC in this case. There is no benefit from connection migration etc on link-local peerings and, all else equal, it performs worse than a TLS peering does. Using
Using
The multicast discovery is just as much about providing sane defaults for local connectivity. |
But, for example, plain TCP should be even faster. |
You are right, it should be, and multicast peerings did used to be plain TCP. However, it leaves protocol control messages unencrypted, so we decided defaulting to TLS was the happy middle-ground. |
I’d prefer to have a bit more speed or slightly less CPU load. I have nothing to fear in my local network. My wife and my cat will stand up to protect me from evil hackers if needed. And there’s no one else in my local network. |
What I mean is that it would be better if this could be configurable. Neither you nor I — no one knows exactly what a particular user needs. And if they’ve found some information deep in the documentation about how to change the default behavior, it’s better to assume that they know what they’re doing. |
There are further questions though, namely:
Maybe these are things we’d have to think about much more if we were approaching a v1.0 but for now I am just not convinced it’s worth the complexity. |
Connection should just fail to establish. We have fundamentally different approaches. You believe the user is clueless and shouldn't be given unnecessary options. I believe the user is an adult, understands what they are doing and takes responsibility for their actions. Yes, reasonable default settings are needed, and in this case, TLS is perfectly fine for that. But let me repeat: there are no "unexpected" guests in my network who need to connect to Yggdrasil (and if there are, we'll work it out). However, extra electricity and CPU time for unnecessary encryption are still being consumed and just heating the air. Greta Thunberg is looking at you with disapproval. :) |
P.S. By the way, if I have it set to not send beacons, and the person who came to me has the same setting, how will we connect? Oh my god, everything is doomed, how can this be! :) |
While I understand QUIC may perform worse than TLS in your network, it significantly outperforms TLS and TCP in mine. The requested feature would allow all three of us to use the protocol best fit for our needs.
I believe defaulting to TLS is very sane, though I don't think that should come at the cost of users having the option to choose a protocol better suited to their network or preference.
I think dynamic protocol switching for multicast peering is out of scope for this issue, but it may be worth exploring in the future. |
Yggdrasil currently only supports TLS for multicast peerings, there should be an option for the user to choose what protocol is used.
The text was updated successfully, but these errors were encountered: