Extending the resource access permission model on iroh-rings
iroh-rings started with a binary ALLOWED/DENIED access model. Reasoning here the transition to a READ/WRITE/DELETE permission model.
Posts
ringdrop: composing iroh, iroh-blobs, and iroh-rings into a P2P file drop
How to compose iroh’s transport, content-addressed blob storage, and ring-based access control into a permission-aware P2P file drop.
iroh-rings: ring-based access control for P2P resources
How I designed a ring-based access control library on top of iroh — and why the Registry trait is the most important design decision in it.
Why encrypted protocols need three layers to stay in sync
How two peers exchanging encrypted frames can synchronize with each other — and why byte stuffing exists.
BAO: verified streaming over content-addressed blobs
How BAO makes BLAKE3 hashes useful for streaming: verifying data without buffering the whole file.
NAT traversal and hole punching: from UDP to QUIC with iroh
How hole punching works, why TCP and plain UDP fall short, and how QUIC and iroh make direct P2P connections reliable.
Bloom filters: probabilistic membership at scale
How to use a Bloom filter to check membership across 100 million URLs without blowing up RAM — and why a hash set wouldn’t cut it.
External merge sort: sorting datasets that don't fit in RAM
How external merge sort handles datasets larger than RAM, using sorted runs and k-way merging.
The Signal protocol: X3DH vs PQXDH, and the Double Ratchet
How Signal achieves forward secrecy, break-in recovery, and deniability — from X3DH to PQXDH and the Double Ratchet.
The beauty of Kademlia: the XOR distance
The working principle of Kademlia, in particular relating to the XOR distance metric.