I’ve been thinking about using IPFS for some things that require keeping some data private (like sharing files with a friend). It seems that currently, the experimental Private Networks are the best or only way to go, but the way they work has two issues that are inherent in the design:
- Need to explicitly specify bootstrap nodes, which means having to communicate their public IP, which is of course a usability mess - just try to use this with a NAT when your provider keeps changing your public IP address…
- For use cases like hosted JS applications, we really have a mix of public and private data, and it would be good if our node could still participate in Bitswap for the public data.
Hence the topic: private overlay networks.
Could we have an IPFS node that participates in the full default swarm, but restricts the exchange of certain private blocks to a subset of peers that have authenticated with a private network key? These peers would in effect form an overlay network.
Obviously this isn’t possible today, but it seems desirable to me. Has this ever been considered/discussed? I’m new to IPFS, but this is the kind of thing where I could see myself contributing to making it better.
Oh, and most-likely-FAQ: Why not just exchange encrypted blocks? Simple: Because I don’t want to allow three-letter agencies to be able to vacuum up people’s encrypted blocks and then decrypt them all years later when the used encryption method inevitably gets broken or somebody accidentally but also kind-of inevitably leaks an old key.