FAQ: Future proof crypto algorithm?

[thkoch2001]

Iroh hard codes ed25519 as the scheme to identify nodes. From my short exploration of IPFS I also believe that it is over-engineered and over-flexible. However one additional byte to signal the encryption scheme and thus being future-proof does not seem like too much?

It seems this has been asked on Discord already two times. And IIUC you don't see this as a problem since ed25519 is not yet broken and only used to encrypt short-lived secrets?

Maybe it is worth to start an FAQ section somewhere and make this the first question?

[matheus23]

Yes, we're planning on having an FAQ section on the website, and we're currently collecting questions and answers in this issue so we can add them in one batch once we get to it: n0-computer/iroh.computer#213

---

However one additional byte to signal the encryption scheme and thus being future-proof does not seem like too much?

We already version a bunch of pieces of our stack, so should we want to update, we'd be able to do so with version identifiers.
Specifically, the relay protocol between the iroh clients & relays is versioned, and the direct connections between clients use TLS, so have signaling as well.
Finally, discovery via Pkarr is also versioned.

So, should we decide that we need to switch to either (1) another key type, we'll increment the version number and change the algorithm or (2) add another key type, we'll increment the version number and add signaling to allow multiple key types (although I'd argue this is perhaps less likely).