Currently NKN node only expose plain websocket/http endpoint at port 30002/30003 without ssl. But since most website are using https, it is not allowed to access any NKN node through ws/http protocol without ssl. For nkn wallet, this is kind of solvable (but not ideal) by using a few API nodes provided by us or any nodes linked with a domain and valid ssl certificate. But for nkn client, it’s very difficult to use because a client does not know in advance which node he will be connecting to. To make nkn client practically usable in most web apps, we have to make EVERY NKN node https/wss compatible.
The current code already supports wss and https, but the major reason that people don’t do it is because ssl certificate. By design, ssl certificate should be assigned to domain rather than IP address (see some discussion at https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name), not to mention the tedious process of creating certificate and renew on expire.
Https itself is a centralized design, and the easiest way I can think of to make it work for every node is to use the help of another centralized system. What I’m proposing is to set up a site, e.g. x.com, and it’s doing 2 things:
- Making request to x.com/A.B.C.D or x.com/A-B-C-D from IP address A.B.C.D will give you a ssl certificate valid for A-B-C-D.ipv4.x.com
- DNS query to A-B-C-D.ipv4.x.com will get A.B.C.D as result
Then each NKN node, when starting, will get or update the ssl certificate for domain A-B-C-D.ipv4.x.com assuming his ip address is A.B.C.D, and serve https/wss endpoint at A-B-C-D.ipv4.x.com and separate port (e.g. 30004/30005) which is configurable.
Generating a unique certificate for each subdomain corresponding to an IP address may not be feasible, so I was thinking may we could just provide a single wildcard certificate that is valid for *.ipv4.x.com, but we need to be very careful here because it means the data is essentially not encrypted (since anyone can get the private key), which is OK in NKN because we are assuming every node could be malicious and can no sensitive data should be send to NKN node without encryption and signature.
Although this is a centralized solution that relies on x.com, we can make it an open protocol such that any domain (e.g. yyy.com) that implements the 2 functions above can serve this purpose, and user can choose whether to use x.com or yyy.com such that there is really no single entity that can take control.
To be more general, this could be a quite general solution for any permission-less and (real) decentralized system that has a problem in ssl certificate.
It’d be good if we can discuss about the security, feasibility, or other aspect of the proposal, or even better if we can come up with a better solution.