ncc-06-js 0.3.1 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -5
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -14,6 +14,14 @@ Reusable helpers extracted from the NCC-06 example relay, sidecar, and client im
|
|
|
14
14
|
...
|
|
15
15
|
- **Relay & Service mode helpers** (`getRelayMode`, `setRelayMode`) so you can control whether your service is *public* (publishes NCC-05 locators) or *private`.
|
|
16
16
|
|
|
17
|
+
## Why NCC-06? (Identity vs Location)
|
|
18
|
+
|
|
19
|
+
Unlike DNS, which binds a service to a **location** (domain/IP), NCC-06 binds a service to an **identity** (Public Key / Npub).
|
|
20
|
+
|
|
21
|
+
- **Portability:** Move your service to a new IP, Tor address, or provider instantly. Clients follow the *key*, not the server.
|
|
22
|
+
- **Censorship Resistance:** Discovery happens via decentralized relays, not centralized root servers.
|
|
23
|
+
- **Trust:** End-to-end authentication is built-in. The "K" fingerprint ensures the server you connect to is authorized by the identity you resolved.
|
|
24
|
+
|
|
17
25
|
## Usage
|
|
18
26
|
|
|
19
27
|
Install directly from the repository (example workspace):
|
|
@@ -27,6 +35,7 @@ npm install ../ncc-06-js
|
|
|
27
35
|
```js
|
|
28
36
|
import { resolveServiceEndpoint } from 'ncc-06-js';
|
|
29
37
|
|
|
38
|
+
// "Bootstrap Relays" act as the decentralized directory for finding the service's current location.
|
|
30
39
|
const resolution = await resolveServiceEndpoint({
|
|
31
40
|
bootstrapRelays: ['wss://relay.damus.io'],
|
|
32
41
|
servicePubkey: '...',
|
|
@@ -77,15 +86,15 @@ const config = buildSidecarConfig({
|
|
|
77
86
|
});
|
|
78
87
|
```
|
|
79
88
|
|
|
80
|
-
### Building a Service Config
|
|
89
|
+
### Building a Service Config (No DNS)
|
|
81
90
|
|
|
82
91
|
```js
|
|
83
92
|
import { buildSidecarConfig } from 'ncc-06-js';
|
|
84
93
|
|
|
85
94
|
const config = buildSidecarConfig({
|
|
86
95
|
secretKey: '...',
|
|
87
|
-
serviceUrl: '
|
|
88
|
-
serviceId: 'my-
|
|
96
|
+
serviceUrl: 'tcp://203.0.113.1:9000', // Direct IP or any URI scheme
|
|
97
|
+
serviceId: 'my-custom-service',
|
|
89
98
|
serviceMode: 'public'
|
|
90
99
|
});
|
|
91
100
|
```
|
|
@@ -94,8 +103,11 @@ The package exposes modular helpers so you can keep using your own transport sta
|
|
|
94
103
|
|
|
95
104
|
## Trust model
|
|
96
105
|
|
|
97
|
-
- `k` is the binding between NCC-02/NCC-05 records and the
|
|
98
|
-
-
|
|
106
|
+
- `k` is the binding between NCC-02/NCC-05 records and the transport-level key (TLS/SPKI) that serves the endpoint.
|
|
107
|
+
- This applies to **any secure protocol** (`wss://`, `https://`, `tls://`, `tcps://`).
|
|
108
|
+
- **Trust Model:** This mimics DANE: the `k` tag pins the expected SPKI fingerprint of the endpoint's certificate.
|
|
109
|
+
- **Self-Signed vs CA:** You can use **self-signed certificates** or CA-signed ones. The security comes from the NCC record's signature (the Identity) pinning the transport key, not from a centralized CA.
|
|
110
|
+
- **Verification:** The shared helpers compare the endpoint's actual fingerprint against the published `k` value. This allows clients to securely connect to self-signed endpoints without security warnings, provided the NCC record is valid.
|
|
99
111
|
|
|
100
112
|
## Reference Docs
|
|
101
113
|
|