Private vs Public connection string
Holesail has two connection modes, a private mode and a public mode. We use different terminology for the same:
Private connection string and Public connection String
Connector mode and Key mode
Private mode and a Public Mode
Private Connection strings
Private connection strings are what Holesail connection's use by default, you can also specify a custom "private connection string".
From the custom connection string, we derive a Keypair, that has a Public key and a Private key. We announce the public key on the P2P DHT network. This public key is how other users will find you on the network.
On the client side, When you share your private connection string with someone we will again derive a key pair and use the public key to find the server.
While establishing a connection the client has the same private key as the server and it is sent along the connection. The server will verify the key and allow the connection, if the key is incorrect or there is no key set, the server will not respond at all.
This ensures, that other peer who know about your public key can not connect to you because they do not have the private key.
This process works pretty much like SSH. The public key can be considered your IP address which people know but they can not connect unless they have the private key.
Treat Private connection strings how you would treat SSH key, do not share it with anyone you do not trust. If someone else start a server with your private connection string, they will take over.
Public Connection Strings
With private connection string, we can access our system safely and know that no third party can connect without our permission, but they are only meant for personal use (like SSH) but what if we want to share the connection with a third party?
This is where public connection strings come into play. This time we again generate a random Keypair, discard the private key and announce our public key on the P2P network.
The public key is what becomes your "Public connection string", there is no authentication involved, and you can safely share it with any third party as it is your address itself and not the seed.
I like to compare public connection strings with Domains. They exist on the DHT, anyone can find you using it or by scanning the DHT and connect to you.
Treat public connection strings like you would treat a domain name on a public server, if there is anything private on it, it is your responsibility to password protect it or use private connection strings instead.
Last updated