feat(webrtc): stable /certhash across restarts#3512
Open
lidel wants to merge 1 commit into
Open
Conversation
Derive the webrtc-direct DTLS cert deterministically from the host private key (HKDF + Go 1.24 deterministic ECDSA + hardcoded validity window) so the /certhash multiaddr component depends only on the host key. The advertised address no longer churns on every restart, and cached peerstore/DHT entries stay valid. cert.go documents why this is safe under the libp2p webrtc-direct spec and current browser DTLS behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Important
Opened as a draft to validate browser interop. Holding off on merge until the
libp2p/test-plansmatrix confirms Chrome and Firefox accept the static, century-long DTLS cert this PR introduces.If tests fail, we may need to do what js-libp2p does and just mirror 14 day cert rotation webtransport has.
Problem
The webrtc-direct transport minted a fresh random ECDSA cert on every process start. The cert's SHA-256 is the
/certhashcomponent of the listen multiaddr, so the advertised address changed on every restart and invalidated any cached entry that pinned it (peerstore TTLs, DHT records, external address books, dialer caches).Fix
Derive the DTLS cert deterministically from the libp2p host private key:
2020-01-01to2120-01-01validity window keeps DER bytes byte-stable across runs.The resulting
/certhashdepends only on the host key, so it stays the same across restarts.p2p/transport/webrtc/cert.gohas the full rationale and links to the libp2p webrtc-direct spec, RFC 8122, the W3C WebRTC spec, and the relevant pion behavior we rely on.Alternatives
If this PR is not acceptable, we could just mirror what js-libp2p does, and introduce 14 day cert rotation webtransport has. Still better than creating new one on restart.