Enabling AutoTLS feature by default #10560
Labels
epic
kind/enhancement
A net-new feature or improvement to an existing feature
need/maintainer-input
Needs input from the current maintainer(s)
topic/config
Topic config
topic/libp2p
Topic libp2p
Context
In #10521 we've introduced opt-in
AutoTLS
feature which uses DNS and p2p-forge infrastructure run by Interplanetary Shipyard to automate TLS setup for libp2p WebSocket transport.This feature will not yield the maximum benefit to the swarm unless it is enabled by default, just like
/webtransport
and/webrtc-direct
listeners are.This issue tracks remaining work towards enabling AutoTLS by default.
TODO
libp2p.direct
public good infra accepts registrationsAutoTLS
intest
profileAutoTLS.EnableTBD
that adds catch-all listener/tcp/400X/tls/sni/*.libp2p.direct/ws
ifAddresses.*
(swarm, announce, appendAnnounce) have no/tls/sni
or/wss
/ws
listener can share the same port as/tcp
(4001)/tcp/4001/tls/sni/*.libp2p.direct/ws
to default listeners created byipfs init
/tls/sni/*.libp2p.direct/ws
listener for existing users/p2p-circuit
addrstest/cli
that gets cert fromAutoTLS.CAEndpoint=https://acme-staging-v02.api.letsencrypt.org/directory
(certmagic.LetsEncryptStagingCA
) and confirms it is placed inIPFS_PATH/p2p-forge-certs/certificates/
?libp2p.direct
productization by Shipyard is finishedThe text was updated successfully, but these errors were encountered: