From 10195fe4f3e992b154bd070a37b8dfa2c6ee4569 Mon Sep 17 00:00:00 2001 From: Floris Bruynooghe Date: Fri, 21 Feb 2025 11:19:35 +0100 Subject: [PATCH 1/2] Some rephrasing in the overview. Mostly about relay servers --- src/app/docs/overview/page.mdx | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/src/app/docs/overview/page.mdx b/src/app/docs/overview/page.mdx index 94a24fd3..670a6523 100644 --- a/src/app/docs/overview/page.mdx +++ b/src/app/docs/overview/page.mdx @@ -8,7 +8,7 @@ export const metadata = { # Overview Iroh lets you establish direct peer-to-peer connections whenever possible, falling back to relay servers if necessary. -This gives you fast, reliable connections that are authenticated and encrypted end-to-end using QUIC. {{className: 'lead'}} +This gives you fast, reliable QUIC connections that are authenticated and encrypted end-to-end. {{className: 'lead'}} ## Iroh is "dial by public key" @@ -17,15 +17,25 @@ In the iroh world, you dial another node by its `NodeId`, a 32-byte ed25519 publ You won't have to think about NATs getting in your way, iroh traverses them for you. Basing connections on asymmetric public keys is what allows iroh to *always* end-to-end encrypt and authenticate connections. -## How it works -It's built on peer-to-peer QUIC using both relays and holepunching. +## Peer to peer -Peer to peer connectivity is established with the help of a relay server. The relay server provides Session Traversal Utilities for NAT (STUN) for the peers. If no direct connection can be established, the connection is relayed via the server. +Iroh is built on peer-to-peer QUIC using both relays and holepunching. -Peers must know and do verify the PeerID of each other before they can connect. When using a relay server to aid the connection establishment they will register with a home relay server using their PublicKey. Other peers which can not establish a direct connection can then establish connection via this relay server. This will try to assist establishing a direct connection using STUN and holepunching but continue relaying if not possible. +Peers must know the NodeId of a peer before connecting to it. +They verify this NodeId during the connection handshake to provide end-to-end encryption. -Peers can also connect directly without using a relay server. For this, however the listening peer must be directly reachable by the connecting peer via one of it's addresses. +Peer to peer connectivity is established with the help of a relay server. +On startup peers register their NodeId with a home relay server. +The relay server provides assistance to traverse firewalls, +NATs or others alike. +If no direct connection can be established, +the connection is relayed via the server. + +Peers can also connect directly without using a relay server. +For this, +however, +the listening peer must be directly reachable by the connecting peer via one of it's addresses. ## Iroh is built on QUIC From caf69a34e16ca4ae910d6e7227116198dea7fa32 Mon Sep 17 00:00:00 2001 From: Floris Bruynooghe Date: Fri, 21 Feb 2025 14:29:19 +0100 Subject: [PATCH 2/2] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Philipp Krüger --- src/app/docs/overview/page.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/docs/overview/page.mdx b/src/app/docs/overview/page.mdx index 670a6523..f2071ef2 100644 --- a/src/app/docs/overview/page.mdx +++ b/src/app/docs/overview/page.mdx @@ -23,7 +23,7 @@ Basing connections on asymmetric public keys is what allows iroh to *always* end Iroh is built on peer-to-peer QUIC using both relays and holepunching. Peers must know the NodeId of a peer before connecting to it. -They verify this NodeId during the connection handshake to provide end-to-end encryption. +They verify this NodeId during the connection handshake to provide end-to-end encryption and authentication. Peer to peer connectivity is established with the help of a relay server. On startup peers register their NodeId with a home relay server.