You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
registration requires client to send two requests:
First errors (HTTP 401) and allows client to learn about PeerID from WWW-Authenticate: libp2p-PeerID [...] public-key=... header
Second request uses the PeerID from HTTP 401 response (public-key) and this one is the real one that returns HTTP 200
This means 50% of requests are HTTP 401s (blue in pie chart):
Improvement ideas
(A) "well-known peerid"→ avoid entire request
👉 Are we able to remove the need for first request that always ends with HTTP 401 and cut the number of registration requests by 50%?
My understanding is that the AutoTLS feature does not care about the PeerID of the libp2p.direct backend being globally unique or even being a secret (node does not participate in DHT / swarm, and only performs direct dial to multiaddrs sent to registration API).
👉 👉 Could all backend nodes use the same static PeerID that is generated from the domain (libp2p.direct) as a seed, and make p2p-forge/client attempt registration with that knowledge to avoid 401?
(B) use HEAD → avoid sending body
We could return WWW-Authenticate: libp2p-PeerID public-key=.. in HEAD response, which would save client from signing and sending payload twice + we could filter out HEAD requests and only lok at POST ones.
AutoTLS registration API is robust and works fine, but perhaps we could optimize the golden path?
Current flow
registration.libp2p.directbackend is effectively load-balanced amond multiple nodes, each with own PeerIDregistration.libp2p.direct/v1/_acme-challengeimplements HTTP PeerID Auth from libp2p spec hereWWW-Authenticate: libp2p-PeerID [...] public-key=...headerpublic-key) and this one is the real one that returns HTTP 200This means 50% of requests are HTTP 401s (blue in pie chart):
Improvement ideas
(A) "well-known peerid"→ avoid entire request
👉 Are we able to remove the need for first request that always ends with HTTP 401 and cut the number of registration requests by 50%?
My understanding is that the AutoTLS feature does not care about the PeerID of the libp2p.direct backend being globally unique or even being a secret (node does not participate in DHT / swarm, and only performs direct dial to multiaddrs sent to registration API).
👉 👉 Could all backend nodes use the same static PeerID that is generated from the domain (
libp2p.direct) as a seed, and makep2p-forge/clientattempt registration with that knowledge to avoid 401?(B) use HEAD → avoid sending body
We could return
WWW-Authenticate: libp2p-PeerID public-key=..inHEADresponse, which would save client from signing and sending payload twice + we could filter outHEADrequests and only lok atPOSTones.cc @aschmahmann @MarcoPolo @sukunrt @achingbrain for feedback
The text was updated successfully, but these errors were encountered: