Questions about how work IPNS and IPRS

I’m learning more about naming systems in IPFS, but I can’t find any spec about IPNS or IPRS.

How do they work?

I use my peerID to create my namespace. With this, I can create one redirect in my namespace to point to some object in IPFS. Then if somebody wants to resolve my name this person needs to connect directly (or not directly?) to me, so that I can inform the hash of the object I’m pointing to.

I thought that if I shutdown my deamon other people would no longer be able to resolve to my namespace. But I found the parameter -t, e.g.:

ipfs name publish -t 72h QmdpgiUYRLoKF9rmAkggGAfFff4U4R7X7dDG91uQRtvicV

Then, “magically” other nodes (including the gateway itself?) create a copy of my namespace to redirect to the object. But how does it work? And how to avoid conflicts (outdated copy, for example) or malicious nodes?

Last but not least: how do IPNS and IPRS get to work together?

2 Likes

I would like to understand the workings of IPNS as well.

What I think happens when you publish, is that it creates an entry in the DHT with the peerID and the /ipfs/ path. So even when your node goes down, the DHT has replicated this data. When the TTL has expired the record is no longer valid, so you have to republish. This republishing is supposed to go automatically, but I think it doesn’t work right now. I have created a cron script to republish every 8 hours to be sure.

About malicious nodes: IPNS uses a self-signed address. The signature of this address can be checked by the other peers by asking for the public key of your peerID. You can see that in the source code here: https://github.com/ipfs/go-ipfs/blob/master/namesys/routing.go

So when your node is down, other nodes can find the ipfs path you published, but as far as I understand it can not check if the SFS signature is correct because they can’t request my node’s public key.

Can someone elaborate a bit on this? Maybe @whyrusleeping or @Kubuxu who have contributed to this code?

2 Likes

I dived a bit deeper into the code and see that the public key can be looked up in the DHT (as a function of the peerID), see: https://github.com/libp2p/go-libp2p-routing/blob/master/routing.go#L83 and below.

In other words, the node doesn’t have to be up to confirm an IPNS signature.

1 Like