Security news that informs and inspires

Cloudflare Makes InterPlanetary File System Globally Accessible

The Internet is large, it contains multitudes, and much of its girth lies below the surface, not glimpsed by most people. Among the pieces lurking in the shadows is the InterPlanetary File System, a distributed network that comprises thousands of separate nodes, and Cloudflare today has released a gateway and a browser extension that enables any user to access the IPFS network.

IPFS uses a different kind of resource-location scheme than the normal web does, using cryptographic hashes rather than URLs as content locators. It also allows each node in the network to store and serve content, so any given piece of content can be stored in a number of different places, preventing the failure of any one node from making that resource unavailable. Users typically access the IPFS network through a special client, but Cloudflare’s gateway removes that requirement and allows people to type a specially formatted URL to access any piece of content on the network through a secure HTTPS connection.

“IPFS gateways are third-party nodes that fetch content from the IPFS network and serve it to you over HTTPS. To use a gateway, you don’t need to download any software or type any code. You simply open up a browser and type in the gateway’s name and the hash of the content you’re looking for, and the gateway will serve the content in your browser,” Andy Parker and Brendan McMillion of Cloudflare wrote in a post announcing the gateway.

In addition to allowing users to access IPFS, the Cloudflare IPFS Gateway also enables them to build sites on the IPFS network, sites that each get a free SSL certificate to protect connections against surveillance and tampering. The sites need to be configured in a specific way to allow them to be accessible over IPFS, but Cloudflare has developed documentation that explains the steps for doing that. The company also has released a browser extension that can validate the DNSSEC keys of the domains on IPFS.

IPFS uses a different kind of resource-location scheme than the normal web does, using cryptographic hashes rather than URLs

“It works the same way as certificate validation in HTTPS: we start at the bottom, with a signature from some authority claiming to be over the DNS records they want us to serve. We then lookup a delegation (DS record) from an authority claiming to be .com, that says ‘ is the authority with these public keys’ which is in turn signed by the .com authority's private key,” McMillion said.

“And finally, we lookup a delegation from the root authority, ICANN (whose public keys we already have), attesting to the public keys used by the .com authority. All of these lookups bundled together form an authenticated chain starting at ICANN and ending at the exact records we want to serve. These constitute the proof.”

The browser extension is only available for Firefox right now, but may be compatible with Chrome in the future.