Contributing towards ipshipyard/roadmaps#15, ipshipyard/roadmaps#9, ipshipyard/roadmaps#4, ipshipyard/roadmaps#5

Context

In #10521 we've introduced opt-in AutoTLS feature which uses DNS and p2p-forge infrastructure run by Interplanetary Shipyard to automate TLS setup for libp2p WebSocket transport.

This feature will not yield the maximum benefit to the swarm unless it is enabled by default, just like /webtransport and /webrtc-direct listeners are.

This issue tracks remaining work towards enabling AutoTLS by default.

TODO

• feat(AutoTLS): opt-in WSS certs from p2p-forge at libp2p.direct #10521 (landed in kubo 0.32.0-rc1)
• libp2p.direct public good infra accepts registrations
• fix(autotls): store certificates at the location from the repo path #10566
• disable AutoTLS in test profile
• feat(libp2p): shared TCP listeners and AutoTLS.AutoWSS #10565
  • AutoTLS.AutoWSS flag that adds catch-all listener /tcp/400X/tls/sni/*.libp2p.direct/ws if Addresses.* (swarm, announce, appendAnnounce) have no /tls/sni or /wss ()
  • /ws listener can share the same port as /tcp (4001)
    • feat(tcpreuse): add options for sharing TCP listeners amongst TCP, WS and WSS transports libp2p/go-libp2p#2984
• AutoTLS: attempts to get cert when not publicly diallable #10570
  • wait for libp2p reachability to be Public: fix(client): wait for public reachability before registering ipshipyard/p2p-forge#4
  • do not attempt getting cert if we depend on /p2p-circuit addrs
  • do not attempt getting cert if the only "public addr" is ipv6 blocked by firewall: libp2p connectivity check false positive with ipv6? ipshipyard/p2p-forge#7
• Decide when AutoTLS.Enabled is true by default
  • we want to avoid noise due to CI and testing nodes
    • 💡 idea: if AutoTLS.Enabled is not explicitly set in config, delay requesting cert by 1h?
  • set AutoTLS.Enabled=false in test profile
• Agree if we use /ipX or /dnsX (feat: add dns addr to addrsfactory ipshipyard/p2p-forge#34 (comment))
• Kubo itself needs some sort of smoke-test E2E test/cli that gets cert from localhost AutoTLS.CAEndpoint and confirms it is placed in IPFS_PATH/p2p-forge-certs/certificates/
• libp2p.direct productization by Shipyard is finished
• docs(websockets): include explicit /sni/ example libp2p/specs#639