From e9be695dda38fdf4870211e76fd3dd9cd8bdb6d7 Mon Sep 17 00:00:00 2001 From: Jorropo Date: Wed, 14 Dec 2022 18:56:13 +0100 Subject: [PATCH] feat: deprecate RSA peer ids --- cmd/ipfs/daemon.go | 11 +++++++++++ docs/changelogs/v0.18.md | 13 ++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/cmd/ipfs/daemon.go b/cmd/ipfs/daemon.go index af105589db5a..9ecfefb7538e 100644 --- a/cmd/ipfs/daemon.go +++ b/cmd/ipfs/daemon.go @@ -30,6 +30,7 @@ import ( fsrepo "github.com/ipfs/kubo/repo/fsrepo" "github.com/ipfs/kubo/repo/fsrepo/migrations" "github.com/ipfs/kubo/repo/fsrepo/migrations/ipfsfetcher" + p2pcrypto "github.com/libp2p/go-libp2p/core/crypto" pnet "github.com/libp2p/go-libp2p/core/pnet" sockets "github.com/libp2p/go-socket-activation" @@ -447,6 +448,16 @@ func daemonFunc(req *cmds.Request, re cmds.ResponseEmitter, env cmds.Environment } node.IsDaemon = true + if pk, err := node.Identity.ExtractPublicKey(); err == nil { + // no need to handle errors here, they will be dealt later + if pk.Type() == p2pcrypto.RSA { + log.Warnln(`You are using an RSA Peer ID, thoses are deprecated and support will be removed sometime second half of 2023. +To keep compatibility with newer nodes and bootstrappers create a new Ed25519 (recommended), ECDSA or secp256k1 key with: + ipfs key rotate -o my-old-key -t ed25519 +Then restart your node for it to take effect.`) + } + } + if node.PNetFingerprint != nil { fmt.Println("Swarm is limited to private network of peers with the swarm key") fmt.Printf("Swarm key fingerprint: %x\n", node.PNetFingerprint) diff --git a/docs/changelogs/v0.18.md b/docs/changelogs/v0.18.md index 58077e21481e..9dc017e31e91 100644 --- a/docs/changelogs/v0.18.md +++ b/docs/changelogs/v0.18.md @@ -22,6 +22,7 @@ Below is an outline of all that is in this release, so you get a sense of all th - [Differentiating QUIC versions](#differentiating-quic-versions) - [QUICv1 and WebTransport config migration](#quicv1-and-webtransport-config-migration) - [Improving libp2p resource management integration](#improving-libp2p-resource-management-integration) + - [RSA Peer ID deprecation](#rsa-peer-id-deprecation) - [๐Ÿ“ Changelog](#-changelog) - [๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Contributors](#-contributors) @@ -159,7 +160,7 @@ To support QUICv1 and WebTransport by default a new config migration (`v13`) is To help protect nodes from DoS (resource exhaustion) and eclipse attacks, Kubo enabled the [go-libp2p Network Resource Manager](https://github.com/libp2p/go-libp2p/tree/master/p2p/host/resource-manager) by default in [Kubo 0.17](https://github.com/ipfs/kubo/blob/master/docs/changelogs/v0.17.md#libp2p-resource-management-enabled-by-default). - + Introducing limits like this by default after the fact is tricky, and various improvements have been made to improve the UX including: 1. [Dedicated docs concerning the resource manager integration](https://github.com/ipfs/kubo/blob/master/docs/libp2p-resource-management.md). This is a great place to go to learn more or get your FAQs answered. @@ -168,6 +169,16 @@ and various improvements have been made to improve the UX including: 4. Adjusted log messages and levels to make clear that the resource manager is likely doing your node a favor by bounding resources. 5. [Other miscellaneous config and command bugs reported by users](https://github.com/ipfs/kubo/issues/9442). +#### RSA Peer ID deprecation + +In [v0.7 we changed the default public key type from RSA to Ed25519](./v0.7.md#ed25519-keys-are-now-used-by-default), due to the higher CPU load RSA handshakes force upon other peers in the network we will remove support for RSA peer ids sometime in the second half of 2023. + +See some rational here [libp2p/go-libp2p#1952](https://github.com/libp2p/go-libp2p/issues/1952#issuecomment-1350401449). + +Kubo now warns you when you start `ipfs daemon` using an RSA key. + +For now, we do not plan to remove support for RSA IPNS keys, only nodes identity. + ### ๐Ÿ“ Changelog ### ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Contributors