IronIP Knowledge Base
Reference documentation for IronIP — concepts, architecture, how-to guides, security scoping, and roadmap.
Concepts
BCA Addresses
What a BCA address is, how it's constructed, and why it matters.
8-Step Verification
The full verification algorithm from the Ducroux paper.
Bitcoin as Infrastructure
Why we use Bitcoin's proof-of-work, and why it's not a crypto play.
Threat Model
What BCA protects against and what it explicitly doesn't.
Architecture
Components
Lambdas, DynamoDB, IoT Core, UI — what each piece does.
Topology
Multi-VPC / multi-region deployment layout.
Adapters
The shared-verifier pattern and per-ingress adapters.
Anchor Pool
How the pre-confirmed anchor pool keeps demos instant.
How-To Guides
Run the Demo
Step-by-step visitor walkthrough.
Verify an Address
Using the standalone verifier with zero dependencies.
Add an Adapter
Contributor guide for integrating a new ingress layer.
Deploy from Scratch
Reproducing IronIP in another AWS account.
Security
Known Limitations
Where BCA is enough and where it isn't. Honest scoping.
Compliance Notes
FIPS 140-2, Common Criteria, export control considerations.
Roadmap
BRC-52 Certificates
Future attribute-based authorization for gateway nodes.
PushDrop Revocation
Spend-to-revoke mechanism for device identity.
Payment Middleware
BRC-103 sessions + BRC-29 channels. Pay-per-request, pay-per-packet, pay-per-minute.
IPsec Integration
BCA-anchored IKEv2 identity, no PKI required.
IPv6 Extensions
SEND, privacy extensions, SAVI, link-local auth.
References
Paper Notes
Ducroux arXiv:2311.15842 annotated summary.
Related Standards
RFC 3971 SEND, RFC 3972 CGA, RFC 4941, BCP 38.
Glossary
BCA, CGA, Hash1, modifier, OP_RETURN, and more.
FAQ
Common questions with direct answers.