People are using ENS names as a way to find content on IPFS (ex https://twitter.com/eduadiez/status/1093547099235516416). Let's make it even easier by enabling companion to resolve links like ipfs://foo.eth to the appropriate IPFS hash + content!
Would it potentially also be possible to check for any .eth links to see if they are hosted on IPFS and if so resolve through IPFS?
_(sorry for any mistakes, went on a research spree and wanted to post this while I have entire context in my head)_
I did an initial run over prior art for ENS support and identified some techiques and challenges. Notes below. Overall, it should be possible to do, but we may need to land some changes in go-ipfs or public gateway.
Unexpectedly, this research gave me an idea how to solve Origin problem for localhost gateway(!) – see https://github.com/ipfs/go-ipfs/issues/5982 ← i am really excited about this one!
The main challenge will be resolving ENS to IPFS CID from Ethereum transaction without running Ethereum client (and avoid shipping half of MetaMask or additional binary just to resolve ENS domains)
Most of the prior art ships ethereum client in some form:
Potential solutions:
(1A) Lookups via some HTTP API
/api/v0/dns endpoint in go-ipfs (used for DNSLink lookups) and make it support .eth domains. This way we would have a reliable resolver at both localhost go-ipfs and public gateway for use by js-ipfs in browser context..eth lookups, but it smells a bit, if we go this route we probably should keep HTTP API lookup in ipfs-companion as sugested in (2B)(1B) Delegate act of ENS resolution to remote resolver, then redirect to ENS-aware HTTP proxy or gateway
foo.eth domains in browserPrior art: ens-gateway-eth-domain extension seems to do interesting hacks to solve UX challenges:
*.eth and points at unencrypted HTTP port [sic!] at some IP owned by some company (159.203.100.160:80)*.eth and replaces the tab with HTML-based handler shipped with extension itself, in the background ENS resolution happens and user is then presented with blue button "Visit website" (screenshot)foo.eth loaded from remote proxy works, hostname is in location bar, but transport layer is unencrypted (screenshot)Known Limitations:
.eth is not a valid/known tld, so foo.eth is not supported in location bar, needs to be http://foo.ethPotential solutions (given lessons learned from above prior art):
*.eth to go-ipfs being ENS-aware HTTP proxyHost HTTP Header305 Use Proxy) and perform ENS loookup (similar to existing DNS lookup for /api/v0/dns) in the background, as suggested in (1A)HTTP 200 with payload like a regular gateway *.eth to go-ipfs HTTP proxy<foo>.ipfs.localhost or <bar>.ipns.localhost Just to reiterate why this approach is exciting:
*.bit ?) as we go <cidv1b32>.ipfs.localhost solving Origin problem for local gateway at go-ipfschrome.proxy API to manage Chrome's proxy settings: https://developer.chrome.com/extensions/proxyFWIW I am unable to load the ENS resolvers (other than manually looking it up in the ENS manager):
https://manager.ens.domains/name/oasis.dappnode.eth (needs to be set to mainnet), click through to https://gateway.ipfs.io/ipfs/QmXXnnme2tC1JVxvHMM52xwy1gDfZnymrA1soTwiMTLqRK
I still need to process @lidel's post fully (a lot of info there!) but a question that came to mind regarding the "bogus" nature of the domain is: how does .local and go work? I am fairly sure I've used internal network sites at past jobs that had SSL certs -- were those just forcibly added to the machine?
@parkan In short, domain resolution is effectively delegated to HTTP Proxy. If we make go-ipfs work as an HTTP Proxy it will be able to create responses for arbitrary domains on the fly. (I wrote some initial notes in https://github.com/ipfs/go-ipfs/issues/5982)
As for SSL, yes, it is possible to have HTTPS for a fake intranet domain. In bigger orgs machines handed out to employees often come with additional CA Root cert in system keystore, or some VPN software injects it. That CA is responsible for validation of certs for fake domains (and make employer able to look into HTTPS traffic).
Quick brain dump about "light/delegated ENS resolver" (a way to deliver 1B)
Note: This comment was extracted to https://github.com/protocol/collab-ens/issues/1
.eth TLDA record with IP of HTTP gateway that gives access to ENS websites to people without Ethereum or IPNS clients:<domain-name>.eth.linkValue added by delegated approach:
/ipns/<domain-name>.eth is requested (keeping changes to go-ipfs extremely minimal).eth TLD, or adding support to their own serversabout:configwould be good to mirror/summarize this in https://github.com/protocol/collab-ens/
it may also be worthwhile to step back a moment and consider how the DNS zone hierarchy is structured and to what extent does the ENS system follow or diverge from that: for example, if we consider ENS as simply the authoritative nameserver for the .eth zone (enacted via dns-over-https), could there be an even more elegant way to incorporate it?
although, perhaps fudging TXT records with a prefix is not _quite_ elegant per se
@parkan I've extracted "DNS" and "HTTP Proxy" to issues there. LEt me know if something else should be extracted.
[..] if we consider ENS as simply the authoritative nameserver for the .eth zone (enacted via dns-over-https), could there be an even more elegant way to incorporate it?
I believe that if DNS-compatible ENS resolver exists and follows DNS RFCs, plugging it into mainstream DNS as the authoritative nameserver for *.eth could happen, but requires some entity to pay ICANN for that TLD (https://newgtlds.icann.org/en/)
thank you, that will help direct the work across the various participants!
the TLD is... $200k or so? that's approximately one Lambo, maybe someone in the Ethereum community can swing that 😆
Most helpful comment
@parkan I've extracted "DNS" and "HTTP Proxy" to issues there. LEt me know if something else should be extracted.
I believe that if DNS-compatible ENS resolver exists and follows DNS RFCs, plugging it into mainstream DNS as the authoritative nameserver for
*.ethcould happen, but requires some entity to pay ICANN for that TLD (https://newgtlds.icann.org/en/)