Mesh networks are always good. And if they work - even better!
Good day, Community!
In this article, I will explain why the decentralized Internet provider Medium
refuses to use SSL and certification authorities in favor of Yggdrasil
native encryption - what caused this choice, why SSL tools were used up to this point and how to live now.
Details - under the cut.
Remind me - what is Medium?Medium
- “intermediary”, original slogan - Don’t ask for your privacy. Take it back
; also in English the word medium
means “intermediate”) - a Russian decentralized Internet provider that provides access to the Yggdrasil network for free basis.
Full name - Medium Internet Service Provider. Initially, the project was conceived as a Mesh network
in the Kolomensky urban district
It was established in April 2019 as part of the creation of an independent telecommunications environment by providing end users with access to Yggdrasil network resources using Wi-Fi wireless data technology.
More information on the topic: “Everything you wanted to know about the decentralized Internet provider Medium, but were afraid to ask”
The decentralized Internet provider Medium refuses to use SSL and certification authorities in favor of Yggdrasil native encryption - this means that now encryption
will not be performed using SSL
- instead, the end-to-end encryption provided by the Yggdrasil
specifications will be universally used.
The topology of the Medium network from this moment takes on the following form:
End-to-end encryption within the Yggdrasil network is necessary in order to avoid attacks of the form Man in the middle
, which allow an attacker to listen to someone else's traffic.
Yggdrasil uses Curve25519
for key exchange, encryption, and authentication.
The question of the need to use traffic encryption using SSL was raised a long time ago - in those days when Medium used I2P as the main transport.
At that time, the situation was as follows
SSL was necessary in order to avoid wiretapping traffic on the Medium router. The Tor network has a similar problem - only with respect to output nodes
The traffic went from I2P to the Medium router encrypted, after which it was decrypted by the I2P client on the same router and transmitted to the client.
Since the connection between the client and the Medium router was not secure, it was proposed to use a cryptographic traffic encryption protocol - SSL
, located at the seventh level of the OSI network model
In the future, the Medium community completely abandoned the use of certification authorities and SSL in favor of Yggdrasil native encryption, since the idea of a decentralized network with centralized certification authorities seemed extremely ridiculous.
Read also:Everything you wanted to know about the decentralized Internet provider Medium, but were afraid to askHoney we kill the internetDecentralized Internet Service Provider Medium - Three Months Later
We are on Telegram: @medium_isp