Updates

2025-02-28 21:01:33 +00:00 · 2023-09-09 12:54:46 +01:00 · 2023-09-09 12:54:46 +01:00 · 51ebd5195d
commit 51ebd5195d
parent 2965b570eb
3 changed files with 40 additions and 19 deletions
--- a/about.md
+++ b/about.md
@ -4,11 +4,9 @@ sitemap: true

 # About

-Yggdrasil is an experimental implementation of a new routing scheme designed for mesh or even Internet-like networks. The current implementation is built as an overlay network, where network nodes are userspace software routers, connected together using virtual peerings over local area networks, point-to-point links or the Internet. 
+Yggdrasil is an experimental implementation of a new compact routing scheme designed for mesh or even Internet-like networks. It is predominanently a shortest-path scheme, whereby the network will attempt to find the most direct path to the destination.

-Compared to the structured and typically hierarchial routing schemes in use today on many networks, Yggdrasil is strongly decentralised and largely self-arranging. Each node on the network is identified by a cryptographic public key and IPv6 addresses are generated from this key. The network topology is adaptive, aiming to make use of whichever links are available in order to provide full routability between all network participants. This is made possible by the fact that all Yggdrasil nodes are routers, sharing routing knowledge and forwarding traffic on behalf of other network participants.
-
-In order to ensure that traffic is private as it is routed across other network nodes, all traffic is end-to-end encrypted at all times. Even plain-text application traffic is encrypted in transit, ensuring that intermediate nodes cannot read traffic as it is forwarded through the network.
+Compared to the structured and typically hierarchial routing schemes in use today on many networks, Yggdrasil is strongly decentralised and largely self-arranging. Each node on the network is identified by a cryptographic public key and, in our current experimental implementation, IPv6 addresses are generated from this key. The network topology is adaptive, aiming to make use of whichever links are available in order to provide full routability between all network participants. This is made possible by the fact that all Yggdrasil nodes are routers, sharing routing knowledge and forwarding traffic on behalf of other network participants.

 The following table illustrates high-level differences between traditional networks like the Internet, and the Yggdrasil Network:

@ -21,6 +19,21 @@ The following table illustrates high-level differences between traditional netwo
 | Mobile addressing that stays with the device as it moves around | No          | Yes       |
 | Topology extends gracefully across different mediums, i.e. mesh | No          | Yes       |

+### Implementation notes
+
+The current implementation of Yggdrasil is built as an overlay network, where network nodes are userspace software routers that run under a single process on a host machine. Peering connections between these nodes are established over local area networks, point-to-point links or the Internet using mainly TCP connections. In order to ensure that traffic is private as it is routed across other network nodes, all traffic is end-to-end encrypted at all times. Even plain-text application traffic is encrypted in transit, ensuring that intermediate nodes cannot read traffic as it is forwarded through the network.
+
+This allows us to test the Yggdrasil design at scale relatively easily, as the user-space router can easily run on most computers regardless of configuration or other external factors and users do not need to be physically close to one another in order to join or test the network. They can just download the software and establish some peerings over the Internet to get a feel for how the scheme should work.
+
+This also means that we often attract comparisons with other overlay-by-design networks such as Tor, I2P, Lokinet and others, although we don't believe that such comparisons are especially useful. Not least because many other overlay projects often have differing primary goals, i.e. providing anonymity, but because these projects were designed and built to always be overlays over other network infrastructure.
+
+Instead, we see Yggdrasil as competing with, if not superseding, other routing schemes that are in widespread use today and experimenting with the routing scheme as an overlay network is merely a means to an end. We don't intend that Yggdrasil will only ever continue to exist as an overlay network, nor are we interested in spending too much time and effort trying to solve problems which would only be present on an overlay network. For this reason, there are some specific areas that we consider specifically **out of scope**:
+
+1. **Peer discovery and exchange** — We are researching how to best provide good connectivity between nodes with the set of links that we have been given, not how to automatically establish new links as many other peer-to-peer networks do. We do this because we are trying to strictly limit the number of assumptions we make about the underlying physical topology.
+1. **Insecure link metrics** — In order for Yggdrasil to work in a decentralised fashion, we need to be very careful about how much trust we place in other nodes to not lie to us in ways that could influence path selection or routing decisions. We do not consider link quality metrics that cannot be securely and independently verified.
+1. **Anonymity or pseudonymity** — Yggdrasil is not an anonymous network. Any anonymity or pseudonymity that can be achieved over the Yggdrasil overlay network today is by coincidence and not by intention or design.
+1. **Node naming and lookup** — We are interested in solving the problem of how to route between nodes effectively on complex topologies, not replacing DNS. Decentralised node naming can and should be solved by separate projects.
+
 ### What are the problems today?

 The internet as we know it today doesn't conform to a well-defined topology. This has largely happened over time - as the internet has grown, more and more networks have been "bolted together" with peering arrangements between service providers. The lack of defined topology gives us some unavoidable problems:
@ -65,4 +78,3 @@ The project is likely to reach a number of possible outcomes:
 1. The project may reach a reasonably stable state but never attract a large enough number of users
 1. The project may attract a large enough number of users but reveal inherent design flaws in the process (a learning exercise for a future project or protocol version perhaps)
 1. The project may end up working perfectly even as the network grows, in which case it will become worthwhile to look at writing better-optimised implementations and/or moving the important parts into other projects
-
--- a/faq.md
+++ b/faq.md
@ -10,11 +10,17 @@ Yggdrasil was created in order to build a decentralised routing scheme for mesh

 ### Is Yggdrasil safe?

-All traffic sent across the Yggdrasil network is encrypted end-to-end. Assuming that our crypto is solid, it cannot be decrypted or read by any intermediate nodes, and can only be decrypted by the recipient for which it was intended. However, please note that Yggdrasil has not been officially externally audited.
+All traffic sent across the Yggdrasil Network is encrypted end-to-end, such that it cannot be decrypted or read by any intermediate nodes, and can only be decrypted by the recipient for which it was intended.
+
+However, it is still a public network, therefore you should take adequate precautions when using Yggdrasil, such as using a firewall and not exposing services you do not want others to be able to reach.
+
+We also feel that it is important to highlight that, even though Yggdrasil is using industry-standard cryptography, our codebase has not been officially externally audited.

 ### Is Yggdrasil stable?

-Yggdrasil is relatively stable and very rarely crashes, although our official stance is that it is still alpha software and comes with all of the usual warnings. You should expect things to not be wholly smooth in all cases and therefore you should probably not run any mission-critical or life-and-death workloads over Yggdrasil at this time. You should also make sure that you stay up-to-date as often as possible with the latest versions to ensure that your node continues to be compatible as we make protocol changes.
+Yggdrasil is relatively stable and very rarely crashes, although our official stance is that it is still alpha software and comes with all of the usual warnings. You should expect things to not be wholly smooth in all cases and therefore you should probably not run any mission-critical or life-and-death workloads over Yggdrasil at this time.
+
+You should also make sure that you stay up-to-date as often as possible with the latest versions to ensure that your node continues to be compatible as we make protocol changes.

 ### Is Yggdrasil anonymous?

@ -25,7 +31,9 @@ No, it is not a goal of the Yggdrasil project to provide anonymity. Direct peers
 Typically yes, you will be routable from other nodes on the network. If you want to restrict incoming connections to your machine, you should use an IPv6 firewall. The steps for this will vary from platform to platform.

 #### Linux (with `ip6tables`)
+
 Assuming your TUN/TAP adapter is named `tun0`:
+
 ```
 ip6tables -A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 ip6tables -A INPUT -i tun0 -m conntrack --ctstate INVALID -j DROP
@ -33,9 +41,11 @@ ip6tables -A INPUT -i tun0 -j DROP
 ```

 #### Windows (with Windows Firewall)
+
 Windows, by default, should classify the TAP adapter as a "Public Network". Configure Windows Firewall to prevent incoming connections on Public networks.

 #### macOS (with built-in firewall)
+
 macOS has an application firewall, therefore any firewall policies applied on other interfaces will also apply to the Yggdrasil interface.

 ### Can I run an Yggdrasil router without a TUN interface?
@ -76,13 +86,14 @@ Stuck for peers? Try adding a [public peer](https://github.com/yggdrasil-network

 Peerings may be automatically established to nodes on the same subnet if multicast peering is enabled on both nodes, however, Yggdrasil will never add or remove remote peerings automatically over other networks like the Internet.

-### I've installed the Yggdrasil Debian package and now I can't find the logs.
+### I've installed the Yggdrasil Debian package and now I can't find the logs

 The Debian package installs the Yggdrasil service into systemd, therefore you can query systemd for the logs:
+
 - `systemctl status yggdrasil`
 - `journalctl -u yggdrasil`

-### I've modified the configuration file but nothing has changed.
+### I've modified the configuration file but nothing has changed

 Yggdrasil only loads the configuration at startup. Restart the Yggdrasil process or service to load the new configuration. If you are troubleshooting peering connections, check the logging output and/or examine the output of `yggdrasilctl getPeers` to see if any peers are connected.

--- a/index.md
+++ b/index.md
@ -3,7 +3,7 @@ tags: dontlink
 sitemap: true
 ---

-Yggdrasil is an overlay network implementation of a new routing scheme for mesh networks. It is designed to be a future-proof decentralised alternative to the structured routing protocols commonly used today on the Internet and other networks.
+Yggdrasil is an implementation of a new compact routing scheme for mesh networks. It is designed to be a future-proof decentralised alternative to the structured routing protocols commonly used today on the Internet and other networks.

 The highlights of Yggdrasil are that it is:

@ -57,5 +57,3 @@ This is still an alpha-stage project and there may be some breaking changes in t
        <p markdown='1'>Visit our [developers](developers.md) page and our [GitHub](https://github.com/yggdrasil-network/yggdrasil-go). Report bugs and problems to us as [GitHub Issues](https://github.com/yggdrasil-network/yggdrasil-go/issues).</p>
    </div>
 </div>
-
-