- Welcome to Yggdrasil Community.
Recent posts
#11
Server software in Yggdrasil / Tailscale
Last post by Blade - December 08, 2023, 12:15:31 PMJust wonder
#12
Yggdrasil Discussion / Re: What is your practical use...
Last post by Revertron - September 06, 2023, 05:00:15 PMThere is an alternative DNS solution - ALFIS.
It is a micro-blockchain, that you can run even on your router, that will provide you with trusted DNS responses.
It is a micro-blockchain, that you can run even on your router, that will provide you with trusted DNS responses.
#13
Server software in Yggdrasil / Re: What would in-network emai...
Last post by sdgathman - September 06, 2023, 04:16:09 PMSee https://fedoramagazine.org/decentralize-common-fedora-apps-cjdns/ for examples with linphone and opensmtpd. It uses Cjdns - but yggdrasil works the same.
#14
Yggdrasil Discussion / Re: What is your practical use...
Last post by sdgathman - September 06, 2023, 04:12:15 PMBesides authorized services, Cjdns and yggdrasil allow common applications to be fully decentralized.
DNS is federated, but was centralized via ICANN (who can spoof/cancel domains at will). Not everyone is up to running their own nameserver and making DNS federated again. (However, see https://www.opennic.org for an alternate centralized root zone.)
TLS depends on a shadowy cabal that determines what CAs are trusted. All mainstream browsers either trust a CA fully, or not at all. (Need browser extensions to "veto" CAs using information in the cert. E.g. trust this CA only for .GEEK tld.) This allows the cabal to man in the middle TLS connections.
By using raw Yggdrasil/Cjdns ips, you get the equivalent of TLS connections without the risk of getting fooled by ICANN or TLS cabal. Opensmtpd works well for fully decentralized email in this manner. SIP phones like Linphone can call a raw ip6 - and these work just as well as phone numbers in the address book.
XMPP and Matrix want a domain - so you can either go with federated DNS and TLS, or just add the hostnames to /etc/hosts with ygg/cjd IP.
DNS is federated, but was centralized via ICANN (who can spoof/cancel domains at will). Not everyone is up to running their own nameserver and making DNS federated again. (However, see https://www.opennic.org for an alternate centralized root zone.)
TLS depends on a shadowy cabal that determines what CAs are trusted. All mainstream browsers either trust a CA fully, or not at all. (Need browser extensions to "veto" CAs using information in the cert. E.g. trust this CA only for .GEEK tld.) This allows the cabal to man in the middle TLS connections.
By using raw Yggdrasil/Cjdns ips, you get the equivalent of TLS connections without the risk of getting fooled by ICANN or TLS cabal. Opensmtpd works well for fully decentralized email in this manner. SIP phones like Linphone can call a raw ip6 - and these work just as well as phone numbers in the address book.
XMPP and Matrix want a domain - so you can either go with federated DNS and TLS, or just add the hostnames to /etc/hosts with ygg/cjd IP.
#15
Yggdrasil Discussion / Re: What is your practical use...
Last post by sdgathman - September 06, 2023, 03:49:48 PMYggdrasil does relay when you have 2 or more peers (otherwise there is no point).
My practical use is an an alternative to Cjdns that uses TCP instead of UDP (which evades different kinds of attempts to block vpns).
What did I use Cjdns for? The e2e encryption and IP authentication provide a simplified alternative to private certificate authority schemes with signed certs used by large corporations. For any service, I just list all the Cjdns/ygg ips authorized to use it. (E.g. using ipset.) An example would be nameservers. Recursive nameservers are hard to make public without getting DoSed.
Obviously, this doesn't scale - those lists of IPs become like /etc/hosts. This is why Big Corps use a private CA. The central authority also obviates the need for lists of ips on each service - the signed certs list what services they are authorized to access.
A key principle to take away is the distinction between authentication (not an imposter) and authorization (are you authorized to use this service).
You could scale the lists of IPs by providing a well known service that returns whether an IP is authorized for a service (or just return a list of authorized services which can be cached).
As for VPN use, yggdrasil fools firewalls that try to block vpns (by blocking UDP traffic), but allow websites (with possible blacklist). On the other hand, Cjdns connects from behind firewalls that block web traffic, but allow UDP sessions on random ports.
My practical use is an an alternative to Cjdns that uses TCP instead of UDP (which evades different kinds of attempts to block vpns).
What did I use Cjdns for? The e2e encryption and IP authentication provide a simplified alternative to private certificate authority schemes with signed certs used by large corporations. For any service, I just list all the Cjdns/ygg ips authorized to use it. (E.g. using ipset.) An example would be nameservers. Recursive nameservers are hard to make public without getting DoSed.
Obviously, this doesn't scale - those lists of IPs become like /etc/hosts. This is why Big Corps use a private CA. The central authority also obviates the need for lists of ips on each service - the signed certs list what services they are authorized to access.
A key principle to take away is the distinction between authentication (not an imposter) and authorization (are you authorized to use this service).
You could scale the lists of IPs by providing a well known service that returns whether an IP is authorized for a service (or just return a list of authorized services which can be cached).
As for VPN use, yggdrasil fools firewalls that try to block vpns (by blocking UDP traffic), but allow websites (with possible blacklist). On the other hand, Cjdns connects from behind firewalls that block web traffic, but allow UDP sessions on random ports.
#16
Yggdrasil Discussion / Re: Accessing Yggdrasil in a w...
Last post by Revertron - August 05, 2023, 08:47:11 PM #17
Yggdrasil Discussion / Accessing Yggdrasil in a web b...
Last post by wdc - August 04, 2023, 10:56:37 AMWeb browseer 1 is not using any proxy set inside it (is using system main networking, which is Wireguard VPN) -> it can display Yggdrasil site like http://[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8]/
Web browser 2 is using SOCKS5 proxy 127.0.0.1:1080 which is shadowsocks (protocol) running thanks to V2Ray app/service. and on this browser, i can not display Yggdrasil site.
Question is what to do so it loads in Web browser 2 (Firefox-ESR) while keeping its proxy set like it is?
127.0.0.1:1080 links to remote server of mine with old CentOS + iptables.
Web browser 2 is using SOCKS5 proxy 127.0.0.1:1080 which is shadowsocks (protocol) running thanks to V2Ray app/service. and on this browser, i can not display Yggdrasil site.
Question is what to do so it loads in Web browser 2 (Firefox-ESR) while keeping its proxy set like it is?
127.0.0.1:1080 links to remote server of mine with old CentOS + iptables.
#18
Yggdrasil Discussion / What is your practical use of ...
Last post by wdc - August 04, 2023, 10:26:40 AMHi, I have setup a Yggdrasil on my server and home computer. Now i would like to be more useful part of this network.
I am not willing to host any yggdrasil site because i do not believe in single point of failure hosting (for that reason i am rather using decentralized Zeronet - https://github.com/zeronet-conservancy/#readme ).
Yggdrasil does not either seem to automatically serve as a relay unlike I2P router.
I am not willing to host any yggdrasil site because i do not believe in single point of failure hosting (for that reason i am rather using decentralized Zeronet - https://github.com/zeronet-conservancy/#readme ).
Yggdrasil does not either seem to automatically serve as a relay unlike I2P router.
#19
Обсуждение Yggdrasil / Re: Объясните пожалуйста про Y...
Last post by Revertron - July 24, 2023, 11:15:51 PMЕсть, в блоге разработчиков, на английском.
#20
Обсуждение Yggdrasil / Re: Несколько экземпляров yggd...
Last post by Revertron - July 24, 2023, 11:15:14 PMБудет конфликт.