I’m probably missing something, new to magic wormhole, but this seems to contradict the docs on magic wormholes linked by the tool you recommended, wormhole william:
“ The wormhole library requires a “Mailbox Server” (also known as the “Rendezvous Server”): a simple WebSocket-based relay that delivers messages from one client to another. This allows the wormhole codes to omit IP addresses and port numbers.“
Is this a particular library choice vs protocol choice? Wormhole william perhaps allows codes with ip addresses etc?
What makes me wary about these tools is the way many of them seem to bake in a default relay server but aren’t up front about it (i want that discussed in the readme.md, it’s a big deal, even if they can’t read the payload - presumably they can see which two IPs are communicating which should be absolutely disclosed). Like, to me it’s not “magic” to route stuff through a relay server. That’s the whole thing I want “magic” to avoid. (Also it doesn’t seem at all like a “wormhole” - the nomenclature strikes me as insanely grandiose)
That's how croc works, too. You can run your own Magic Wormhole relay. These tools all have the same fundamental design.
What's magic-seeming about them is that you can be deep in a prod network, with tightly controlled ACLs and no routable address, and just "wormhole server.log", and then on your dev laptop on your random home wireless type, like, "wormhole receive 32-hazardous-baboon" and poof! you have "server.log". It feels pretty magical, which is why it has the name.
Croc doesn't change any of that. What croc does differently from Wormhole is that it handles resumption, and you can apparently send a globbed list of files rather than just a file or a directory. Resumption is a real feature (I'd like to know more about how the cryptography works, though). The multi-file thing is a UX tweak.
Croc has a bunch of knobs to change cryptography primitives. Those are anti-features.
You can password-authenticate a custom croc relay. I don't know why you'd ever care. Maybe this is an abuse concern? These are all E2EE designs. You don't trust the server in the first place. It's like a STUN/TURN server.
I’m probably missing something, new to magic wormhole, but this seems to contradict the docs on magic wormholes linked by the tool you recommended, wormhole william:
“ The wormhole library requires a “Mailbox Server” (also known as the “Rendezvous Server”): a simple WebSocket-based relay that delivers messages from one client to another. This allows the wormhole codes to omit IP addresses and port numbers.“
https://magic-wormhole.readthedocs.io/en/latest/welcome.html...
Is this a particular library choice vs protocol choice? Wormhole william perhaps allows codes with ip addresses etc?
What makes me wary about these tools is the way many of them seem to bake in a default relay server but aren’t up front about it (i want that discussed in the readme.md, it’s a big deal, even if they can’t read the payload - presumably they can see which two IPs are communicating which should be absolutely disclosed). Like, to me it’s not “magic” to route stuff through a relay server. That’s the whole thing I want “magic” to avoid. (Also it doesn’t seem at all like a “wormhole” - the nomenclature strikes me as insanely grandiose)