[+ Tony, whose documentation I later quote]

Hello!  Some updates.

I'm back and working on CapTP again.  Really there are three things
left:

 - Sturdyrefs or their certificate equivalents and at least one general
   mechanism to set up machine connections from them
 - Session disconnects (including adding subscribing to when that
   happens for a ref)
 - 3 machine handoffs

So now I'm working on the first of those.  Okay!  Except there's one
massive problem... I want to go down the route of SADness (Self
Authenticating Designators, of course).  Really I want to make it easy
to set up p2p-ish connections between machines.

The problem is, what's the state of setting up something P2P-ish?

I spent a bunch of time over the last few weeks, and especially
yesterday, going down the rabbithole of ICE, STUN, TURN, WebRTC... okay,
jeez, this seems like a lot to implement without a library doing it for
me...

Except wait, aren't we in the promised land of ipv6?  My laptop has its
own IP address again, can't I just open up an incoming port directly?
Wtf... I can ping my laptop from my remote server... and I can open up a
connection from any other computer on my LAN... so why can't I open this
on my remote server if it's able to ping my machine?

Oh shit.  My OpenWRT install's firewall is set up by default to block
all incoming IPv6 incoming connections!  Why?  Oh right, NATs got people
used to the idea that local-network-only things actually exist... most
people still don't know what a "confused deputy" is and how that means
that if you're relying on that your security is already almost certainly
broken anyway...

I guess I could just open all incoming connections.  But wait, what if
there's something on my network that was built under these broken
assumptions?  I felt a chill go down my spine... even if it's a broken
assumption, maybe everyone's making that assumption and tearing down
the facade of security will expose something in a more obvious and
direct way...

Okay there *HAS* to be a way to ask my router to open the port to the
outside world if I really expect it to.  Okay, what about this uPnP
thing I've heard about?  Oh look, a Racket library!

  https://docs.racket-lang.org/nat-traversal/

Okay, that might make my life easy.  Okay, reading the docs... reading
reading... got all the way to the bottom... oh nice, some commentary on
the spec.  Oh wait... oh no, this doesn't sound good:

 > UPnP is a vast expanse of entangled specification.
 >
 >  - The core discovery mechanism is SSDP.
 >
 >  - Everything else in UPnP is done with SOAP (!) over HTTP.
 >
 >  - You can download the 70MB (!) specification zip file from the UPnP
 >    forum. Fair warning, it’s not an easy read.

Oh okay.  I'm gonna nope the fuck out of there... no uPnP for me!

What alternatives are there?  I guess there's this specification, PCP,
the Port Control Protocol:

  https://en.wikipedia.org/wiki/Port_Control_Protocol

Maybe this is useful somehow.  I'm not sure what I'm supposed to do to
use it yet.  Documentation on the internet seems sparse at best.

So ICE/TURN/STUN are probably necessary, but that's a lot of work to get
all that stuff ready and up and running and to learn about it?

Hm, but maybe we can Worse Is Better our way to The Right Thing as a
stopgap?  Here's what I'm thinking, and it relies on the fact that my
CapTP implementation is flexible as to what its VatTP is... all it
needs/wants to do is consume and send an ordered stream of messages.

 - Two layers of vattp/captp.
   - A store-and-forward layer between the "real" machines, as a
     pseudo-P2P, but at least E2EE mechanism.  This is what all the
     programs I write will use.
   - And then another layer, which uses TLS and bridges between other
     machines also using TLS.  Except this *uses* the CapTP tooling.

So in other words, we'd like (html reading users beware):

  .----------------------------------.         .----------------------.
  |            Machine 1             |         |       Machine 2      |
  |            =========             |         |       =========      |
  |                                  |         |                      |
  | .--------------.  .---------.   .-.       .-.                     |
  | |    Vat A     |  |  Vat B  |   |  \______|  \_   .------------.  |
  | |  .---.       |  |   .-.   | .-|  /      |  / |  |    Vat C   |  |
  | | (Alice)----------->(Bob)----' '-'       '-'  |  |  .---.     |  |
  | |  '---'       |  |   '-'   |    |         |   '--->(Carol)    |  |
  | |      \       |  '----^----'    |         |      |  '---'     |  |
  | |       V      |       |         |         |      |            |  |
  | |      .----.  |       |        .-.       .-.     |  .------.  |  |
  | |     (Alfred) |       '-------/  |______/  |____---( Carlos ) |  |
  | |      '----'  |               \  |      \  |     |  '------'  |  |
  | |              |                '-'       '-'     '------------'  |
  | '--------------'                 |         |                      |
  |                                  |         |                      |
  '----------------------------------'         '----------------------'

What we're going to actually get, zooming out:

           .-------------.      .-------------.
           | foo.example |)----|) bar.example |
           |             (|----(|             |
           '-------------'      '-------------'
                  |                     |
  .-----------.   |                     |   .-----------.
  | Machine 1 |)--|                     |--|) Machine 2 |
  |           (|--'                     '--(|           |
  '-----------'                             '-----------'

This sucks, but doesn't suck as much as it appears, because
as far as Alice, Alfred, Bob, Carol and Carlos are concerned, the
network might as well look like:

  .-----------.                             .-----------.
  | Machine 1 |)---------------------------|) Machine 2 |
  |           (|---------------------------(|           |
  '-----------'                             '-----------'

And in the future, when I can figure out how to do P2P things and not
cry at night, I can eliminate some hube and spokeiness without changing
any application design.

Plus we have the added bonuses:

 - foo.example and bar.example, even though serving Machine 1 and
   Machine 2 respectively, cannot read Machine 1 or 2's messages; they
   are merely serving as a message bus.  They might be able to do some
   network analysis, but messages between Machine 1 and Machine 2 are
   pairwise encrypted.  foo.example and bar.example are merely serving
   as a messaging bus.

 - If we want, we can even tear out dns / ssl certificate authorities
   and do IP + key directly on the foo / bar servers.  However, even in
   the case that we chose to rely on the DNS and SSL CA world we
   popularly live in, these servers merely serve as a messaging bus.

 - It's obvious that Machine 1 and Machine 2 are performing captp/vattp
   with each other.  What's less obvious in the picture is that
   Machine 1 and foo.example (as well as Machine 2 and bar.example) are
   doing the same.  (Same with Machine 1 and Machine 2 talking to each
   other.)  We can rely on captp layered on top of a tls connection so
   that it's still actors passing around the encrypted messages, as far
   as the store and forward part goes.

Okay... so that's the state of my thinking.  I think I can get this up
and running within a reasonable timeframe.

Thoughts welcome...?
 - Chris