Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

blip-0043: Alternative Addresses #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ For more detail on the process, please read [bLIP-0001](./blip-0001.md) and
| [17](./blip-0017.md) | Hosted Channels | Anton Kumaigorodskiy | Active |
| [25](./blip-0025.md) | Forward less than onion value | Valentine Wallace | Active |
| [32](./blip-0032.md) | Onion Message DNS Resolution | Matt Corallo | Active |

| [43](./blip-0043.md) | Alternative Addresses | Max Rantil | Active |
76 changes: 76 additions & 0 deletions blip-0043.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
```
bLIP: 43
Title: Alternative Addresses for Peer Connections
Status: Active
Author: Max Rantil <[email protected]>
Created: 2024-08-31
License: CC0
```

## Abstract

The `alternate_addresses` message introduces a mechanism for nodes to specify private alternative connection addresses for peers. These addresses facilitate reconnections between nodes with an existing relationship, bypassing the public gossip protocol. This allows peers with an established channel or history to use alternative addresses for improved privacy, reliability, or latency.

## Copyright

This bLIP is licensed under the CC0 license.

## Motivation

The primary motivations for introducing alternative addresses are:

- Enhanced privacy: By allowing peers to use private addresses not disclosed in the public network, the risk of traffic analysis is reduced.
- Improved reliability: Alternative addresses can provide fallback options if the primary address becomes unreachable.
- Potential latency improvements: Private addresses might offer more direct or optimized network paths between peers.
- Greater control: Nodes can selectively share alternative addresses with trusted peers, maintaining public presence while offering improved connectivity to specific partners.

## Specification

### The `alternate_address` Message

1. **type**: 209 (`alternate_address`)
2. **data**:
* [`u8`:`addrlen`]
* [`addrlen*byte`:`addresses`]

addresses allows a node to announce its willingness to accept incoming network connections: it contains a series of address descriptors for connecting to the node. The first byte describes the address type and is followed by the appropriate number of bytes for that type.

The following address descriptor types are defined:

* `1`: ipv4; data = `[4:ipv4_addr][2:port]` (length 6)
* `2`: ipv6; data = `[16:ipv6_addr][2:port]` (length 18)
* `3`: Deprecated (length 12). Used to contain Tor v2 onion services.
* `4`: Tor v3 onion service; data = `[35:onion_addr][2:port]` (length 37)
* version 3 ([prop224](https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt))
onion service addresses; Encodes:
`[32:32_byte_ed25519_pubkey] || [2:checksum] || [1:version]`, where
`checksum = sha3(".onion checksum" || pubkey || version)[:2]`.
* `5`: DNS hostname; data = `[1:hostname_len][hostname_len:hostname][2:port]` (length up to 258)
* `hostname` bytes MUST be ASCII characters.
* Non-ASCII characters MUST be encoded using Punycode:
https://en.wikipedia.org/wiki/Punycode

### Requirements

#### Sending Node

- **SHOULD** send `alternate_address` when a new connection address is necessary for enhanced privacy or network performance.
- **MAY** send an `alternate_address` message with an empty `addresses` field to request the receiving node remove any previously stored alternative addresses.
- **MUST** store a record of the peers to whom it has sent its `alternate_address` for future verification.
- **MUST** verify that an incoming connection attempt to an `alternate_address` is from the specific peer to whom it has previously provided that exact address.
- **MUST** reject connection attempts using `alternate_address` if it has not sent that specific `alternate_address` to the connecting peer.

#### Receiving Node

- **SHOULD** store the `alternate_address` in persistent storage upon successful validation.
- **SHOULD** use the stored `alternate_address` when initiating a connection to the peer that provided it.
- **MAY** continue using the original address until `alternate_addresses` is fully validated.
- **MUST** not initiate a connection to an alternate address not included in the peer's most recent `alternate_address` message.

## Rationale

By allowing nodes to use private, alternative connection addresses, this proposal enables a more controlled and secure network environment, where peers can selectively manage who has access to their alternative addresses without exposing these addresses to the wider public network.

## Backwards Compatibility

This proposal does not affect backward compatibility as it introduces an optional message that nodes can choose to implement without impacting the existing protocol.