Intent to Prototype: Verifying IPFS client

2,829 views
Skip to first unread message

John Turpish

unread,
Oct 15, 2023, 6:50:07 AM10/15/23
to blink-network-dev
Contact emails
jo...@littlebearlabs.io (primary)
jfern...@igalia.com
diet...@protocol.ai

Explainer
https://github.com/little-bear-labs/ipfs-chromium/blob/main/doc/explainer.md

Specification
Multiple specs are relevant. The most important is:
https://specs.ipfs.tech/http-gateways/trustless-gateway/
Some others:
https://github.com/ipfs/specs/blob/main/UNIXFS.md
https://specs.ipfs.tech/ipns/ipns-record/
https://specs.ipfs.tech/routing/http-routing-v1/
https://specs.ipfs.tech/http-gateways/web-redirects-file/

Summary

IPFS is content-addressed networking.
https://en.wikipedia.org/wiki/InterPlanetary_File_System

The goal of this effort is to add effective/useful support for 3 styles of URLs to Chromium:
ipfs://<CID>/path
ipns://<name/key>/path
ipns://<hostname with appropriate TXT record>/path

The plan is to use a multi-gateway trustless approach.

Blink component
Blink>Network

Motivation
Web rendering engines today currently do not offer a way to retrieve and render content that is
1) verifiable at the data layer nor
2) available across origins.
Both of these features are aspects of a more resilient web than HTTP alone can provide - and which are both available in the Interplanetary FileSystem (IPFS) protocol.
However, as IPFS is not directly compatible with HTTP nor the origin security model, it must be implemented as a separate protocol in order to deliver these features, and also to communicate to the user this different model, and adequately manage user expectations.
This feature provides an HTTP-based approach to retrieving cryptographically verifiable content from an interchangeable pool of servers providing access to content over the IPFS public network.

Initial public proposal
https://groups.google.com/a/chromium.org/g/chromium-dev/c/kmmrpDWfF90/m/96HvP5QUBwAJ

TAG review

TAG review status
None yet

Risks
For users not making use of IPFS, fairly minimal as most of the code would be inactive for them.

It may be difficult or even impossible to fully protect URL canonicalization changes with a feature flag.

This protocol changes how people think about origins, which may raise same-origin security concerns.
The model is near-identical to the one used on subdomain gateways, so some relevant discussion appears in these pages.
https://specs.ipfs.tech/http-gateways/subdomain-gateway/
https://docs.ipfs.tech/how-to/address-ipfs-on-web/#subdomain-gateway

There could be concerns around impact on caching, or misunderstandings of the gateway settings.

Interoperability and Compatibility

Here are some of the attempts at supporting IPFS in web browsers:
https://github.com/ipfs/in-web-browsers/blob/master/README.md#current-projects

Some support in other web-related tools (ffmpeg, curl):
https://github.com/ipfs/integrations/blob/main/README.md#completed-integrations

WebView application risks
No

Debuggability
We intend to add IPFS-specific functionality to DevTools.
The POC's current approach (adding headers to the aggregate internal response for debugging's sake) might raise concerns and may be dropped entirely.

Is this feature fully tested by web-platform-tests?
Not yet.

Flag name
"enable-ipfs" / url::kEnableIpfs (Chromium flag)

Build flag
ENABLE_IPFS

Requires code in //chrome?
True (currently, discussion about other design options are on-going)

Estimated milestones
https://github.com/little-bear-labs/ipfs-chromium/milestones

Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5105580464668672

Tracking issue
https://bugs.chromium.org/p/chromium/issues/detail?id=1440503#c_ts1682598269

Panos Astithas

unread,
Oct 16, 2023, 2:54:57 PM10/16/23
to John Turpish, blink-network-dev
Hi John,

Not sure if you were going to do it later, but note that our process requires the intent to prototype email to get to blink-dev for broader visibility and feedback.

Cheers,
Panos

--
You received this message because you are subscribed to the Google Groups "blink-network-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-network-...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-network-dev/09c250f0-22aa-4528-b339-77a8eeedec5an%40chromium.org.
Reply all
Reply to author
Forward
0 new messages