Decentralized Internet provider Medium refuses to use SSL in favor of native encryption Yggdrasil

Mesh networks are always good. And if they work - even better!



Good day, Community!



In this article, I will explain why the decentralized Internet provider Medium refuses to use SSL and certification authorities in favor of Yggdrasil native encryption - what caused this choice, why SSL tools were used up to this point and how to live now.



Details - under the cut.







Remind me - what is Medium?



Medium (Eng. Medium - “intermediary”, original slogan - Don’t ask for your privacy. Take it back ; also in English the word medium means “intermediate”) - a Russian decentralized Internet provider that provides access to the Yggdrasil network for free basis.



Full name - Medium Internet Service Provider. Initially, the project was conceived as a Mesh network in the Kolomensky urban district .



It was established in April 2019 as part of the creation of an independent telecommunications environment by providing end users with access to Yggdrasil network resources using Wi-Fi wireless data technology.



More information on the topic: “Everything you wanted to know about the decentralized Internet provider Medium, but were afraid to ask”



What?



The decentralized Internet provider Medium refuses to use SSL and certification authorities in favor of Yggdrasil native encryption - this means that now encryption will not be performed using SSL - instead, the end-to-end encryption provided by the Yggdrasil specifications will be universally used.



The topology of the Medium network from this moment takes on the following form:











What for?



End-to-end encryption within the Yggdrasil network is necessary in order to avoid attacks of the form Man in the middle , which allow an attacker to listen to someone else's traffic.



Yggdrasil uses Curve25519 , XSalsa20, and Poly1305 for key exchange, encryption, and authentication.



Why?



The question of the need to use traffic encryption using SSL was raised a long time ago - in those days when Medium used I2P as the main transport.



At that time, the situation was as follows
image






SSL was necessary in order to avoid wiretapping traffic on the Medium router. The Tor network has a similar problem - only with respect to output nodes .



The traffic went from I2P to the Medium router encrypted, after which it was decrypted by the I2P client on the same router and transmitted to the client.



Since the connection between the client and the Medium router was not secure, it was proposed to use a cryptographic traffic encryption protocol - SSL , located at the seventh level of the OSI network model .



In the future, the Medium community completely abandoned the use of certification authorities and SSL in favor of Yggdrasil native encryption, since the idea of ​​a decentralized network with centralized certification authorities seemed extremely ridiculous.






Read also:



Everything you wanted to know about the decentralized Internet provider Medium, but were afraid to ask

Honey we kill the internet

Decentralized Internet Service Provider Medium - Three Months Later



We are on Telegram: @medium_isp



All Articles