I'd like the ability to whitelist people who can connect to me. I'd imagine two main modes-

1. Whitelisting individual certificates
2. Whitelisting certificate authorities

g++ -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
-std=c++11 -pthread -std=c++11 -pthread -D_FORTIFY_SOURCE=2 -c -o natpmp.o
natpmp.cpp natpmp.cpp: In function 'void upnp_map_port(uint32_t_,
in_port_t&)': natpmp.cpp:149:94: error: too few arguments to function
'UPNPDev_ upnpDiscover(int, const char_, const char_, int, int, int_)'
UPNPDev devlist = upnpDiscover(2000/_response timeout (milliseconds)/,
nullptr, nullptr, 0);

There are some great ideas in this project, but like previous attempts to build a system level virtual network, snow has a platform problem: Nobody wants to spend a lot of effort building apps for a platform nobody has installed, and nobody wants to install a system level platform that has no or very few good apps, especially if it's likely to consume background resources running systems like DHTs.

ZeroTier and earlier versions of Telehash suffered from this problem, and neither have been significantly adopted.

One way to improve this is to build an application-layer version, where each application has a public key endpoint and runs it's own node in the DHT. Designing like this eliminates the need to mess with system-level routing or DNS resolution, and provides increased privacy by giving each application it's own address.

If our users have to install some weird system thing that might mess up their DNS if it's buggy, that's a huge barrier.

Hi zrm,

Would you consider licensing this under a more permissive license than AGPL? Even LGPL would be great. Or MIT, BSD, Apache, what-not.

Inability to derive networks or systems with Snow without releasing source to those networks or systems stands as a pretty imposing barrier to adoption. Changing to a more permissive license may provide some grease to help #1.

To make more people use snow, it would be very welcome to release ports to more platforms (e.g. Android, Windows, etc)

it's not possible to send mail to the address published at the webpage

Can snow be used as a replacement for stun/ice? If so, there's a single abstraction onto both ipv4 and ipv6 for many p2p approaches. This would be a huge win in IoT (eg controlling cameras in a home from a phone outside a home). stun/ice is particularly slow across multiple nat hops.

I wonder, is there any way to use this to avoid revealing the IP address of a particular server? Tor can do that by running hidden services. Server machines are only known by their onion address, without revealing their IP address. Can snow be repurposed somehow for that same purpose? Or would it be unrealistic?