Context Navigation

← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #203, comment 8

Timestamp:: 06/29/2016 11:39:30 AM (8 years ago)
Author:: Brian Warner
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #203, comment 8

-                      initial
+                      v1
 I read over the patch diff, but I'm not intimately familiar with foolscap code.  I have a concern about how hosts and ports are used by foolscap:
 The ``Listener`` can be queried for the host and/or port.  Why?
+The `Listener` can be queried for the host and/or port.  Why?
 It's hard to tell how applications will use this information, though it seems a common pattern for "decentralized apps" will be to transmit this information elsewhere so that other systems can connect to the ``Listener``.
+It's hard to tell how applications will use this information, though it seems a common pattern for "decentralized apps" will be to transmit this information elsewhere so that other systems can connect to the `Listener`.
 For a use case of I2P/Tor this seems dangerous.  Instead, those applications should almost certainly not be transmitting any local details like ``localhost:8080``.  So the first thought is to ensure we replace ``getHost()`` / ``getPort()`` -style APIs with ``getConnectionAddress()`` which returns an endpoint ''client spec'' string.
+For a use case of I2P/Tor this seems dangerous.  Instead, those applications should almost certainly not be transmitting any local details like `localhost:8080`.  So the first thought is to ensure we replace `getHost()` / `getPort()` -style APIs with `getConnectionAddress()` which returns an endpoint ''client spec'' string.
 Notice I said ''client spec''.  For Tor, the server endpoint must include ''the private key'' (or a way to discover it), whereas the connection details passed around to other peers ''must not'' include that, and instead must be a public ``.onion``.
+Notice I said ''client spec''.  For Tor, the server endpoint must include ''the private key'' (or a way to discover it), whereas the connection details passed around to other peers ''must not'' include that, and instead must be a public `.onion`.
 So now the API must be (approximately, I'm not certain of the current API): ``Tub.listen(serverspec)`` versus ``Listener.getClientSpec()``.  For simple ``TCP`` cases, these happen to be the same host/port pair (although for things like NAT they may already differ).
+So now the API must be (approximately, I'm not certain of the current API): `Tub.listen(serverspec)` versus `Listener.getClientSpec()`.  For simple `TCP` cases, these happen to be the same host/port pair (although for things like NAT they may already differ).
 This bears some thought about endpoints, API design, and application management of endpoints.