I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ungooglify

Browse Source 
(duck)
This commit is contained in:
duck
2004-07-06 21:38:20 +00:00
committed by zzz
parent e69b259e81
commit 806e7a4cd0
14 changed files with 129 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
pages/applications.html
View File

@ -1,9 +1,9 @@
<h1>Applications</h1>
<p>here's some content that might help someone who wants to put together an application developer's guide for <B style="color:black;background-color:#ffff66">I2P</B> - I dont have time to polish this up before I leave, but thought it might be of use to someone. Feel free to tear this up, edit like mad, or just read it :)</p>
<p>here's some content that might help someone who wants to put together an application developer's guide for I2P - I dont have time to polish this up before I leave, but thought it might be of use to someone. Feel free to tear this up, edit like mad, or just read it :)</p>
<h1>Application development guide</h1>
<h2>Why write <B style="color:black;background-color:#ffff66">I2P</B> specific code?</h2>
<h2>Why write I2P specific code?</h2>
<p>Using mihi's I2PTunnel application, you can hook up application instances and
have them talk to each other over standard TCP sockets. In plain client-server
@ -24,7 +24,7 @@ chat, everyone needs to agree that port 10001 is Alice, port 10002 is Bob, port
10003 is Charlie, and so on, since the protocol includes TCP/IP specific information
(host and port).</p>
<p>Applications that are designed to work with <B style="color:black;background-color:#ffff66">I2P</B> can take advantage of its
<p>Applications that are designed to work with I2P can take advantage of its
built in data security and optional pseudonymous authentication. All data sent
over the network is transparently end to end encrypted (not even the router's
get the cleartext), and any application using the ministreaming or datagram
@ -33,21 +33,21 @@ public key. As an aside, environments where anonymity instead of pseudonymity
is required are trivially accomodated by either using the I2CP directly, SAM RAW
sessions, or by simply creating a new sending destination whenever needed).</p>
<p>Another important thing to remember is that <B style="color:black;background-color:#ffff66">I2P</B> is simply a communication
<p>Another important thing to remember is that I2P is simply a communication
system - what data is sent and what is done with that data is outside of its scope.
Applications that are used on top of <B style="color:black;background-color:#ffff66">I2P</B> should be carefully sanitized of any
Applications that are used on top of I2P should be carefully sanitized of any
insecure or identifying data or protocols (hostnames, port numbers, time zone,
character set, etc). This in and of itself is often a daunting task, as
analyzing the safety of a system that has had anonymity and security strapped on to
it is no small feat, giving significant incentive to learn from the experiences of
the traditional application base, but design the application and its communication
protocols with <B style="color:black;background-color:#ffff66">I2P's</B> anonymity and security in mind.</p>
protocols with I2P's anonymity and security in mind.</p>
<p>There are also efficiency considerations to review when determining how to
interact on top of <B style="color:black;background-color:#ffff66">I2P</B>. The ministreaming library and things built on top of it
operate with handshakes similar to TCP, while the core <B style="color:black;background-color:#ffff66">I2P</B> protocols (I2NP and I2CP)
interact on top of I2P. The ministreaming library and things built on top of it
operate with handshakes similar to TCP, while the core I2P protocols (I2NP and I2CP)
are strictly message based (like UDP or in some instances raw IP). The important
distinction is that with <B style="color:black;background-color:#ffff66">I2P</B>, communication is operating over a long fat network -
distinction is that with I2P, communication is operating over a long fat network -
each end to end message will have nontrivial latencies, but may contain payloads
of up to 32KB. An application that needs a simple request and response can get rid
of any state and drop the latency incurred by the startup and teardown handshakes
@ -57,35 +57,35 @@ functional but inefficient scheme for dealing with reliable and in order deliver
by requiring the equivilant of an ACK after each message which must traverse the
network end to end again (though there are plans for improving this with a more
efficient and robust algorithm). Given that as the current state, an application
that uses one of the <B style="color:black;background-color:#ffff66">I2P</B> message oriented protocols can in some situations get
that uses one of the I2P message oriented protocols can in some situations get
substantially better performance.</p>
<h2>Important ideas</h2>
<p>There are a few changes that require adjusting to when using <B style="color:black;background-color:#ffff66">I2P</B>:</p>
<p>There are a few changes that require adjusting to when using I2P:</p>
<h3>Destination ~= host+port</h3>
<p>An application running on <B style="color:black;background-color:#ffff66">I2P</B> sends messages from and receives messages to a
<p>An application running on I2P sends messages from and receives messages to a
unique cryptographically secure end point - a "destination". In TCP or UDP
terms, a destination could (largely) be considered the equivilant of a hostname
plus port number pair, though there are a few differences. </p>
<ul>
<li>An <B style="color:black;background-color:#ffff66">I2P</B> destination itself is a cryptographic construct - all data sent to one is
<li>An I2P destination itself is a cryptographic construct - all data sent to one is
encrypted as if there were universal deployment of IPsec with the (anonymized)
location of the end point signed as if there were universal deployment of DNSSEC. </li>
<li><B style="color:black;background-color:#ffff66">I2P</B> destinations are mobile identifiers - they can be moved from one <B style="color:black;background-color:#ffff66">I2P</B> router
<li>I2P destinations are mobile identifiers - they can be moved from one I2P router
to another (or with some special software, it can even operate on multiple routers at
once). This is quite different from the TCP or UDP world where a single end point (port)
must stay on a single host.</li>
<li><B style="color:black;background-color:#ffff66">I2P</B> destinations are ugly and large - behind the scenes, they contain a 2048bit ElGamal
<li>I2P destinations are ugly and large - behind the scenes, they contain a 2048bit ElGamal
public key for encryption, a 1024bit DSA public key for signing, and a variable size
certificate (currently this is the null type, but may contain proof of work, blinded
data, or other information to increase the 'cost' of a destination in an effort to fight
Sybil). <br />There are existing ways to refer to these large and ugly destinations by short
and pretty names (e.g. "irc.duck.<B style="color:black;background-color:#ffff66">i2p</B>"), but at the moment those techniques do not guarantee
and pretty names (e.g. "irc.duck.i2p"), but at the moment those techniques do not guarantee
globally uniqueness (since they're stored locally at each person's machine as "hosts.txt")
and the current mechanism is neither scalable nor secure (updates to those hosts files are
manually managed within CVS, and as such, anyone with commit rights on the repository can
@ -96,36 +96,36 @@ since there are those who don't think such a beast is possible :)</li>
<h3>Anonymity and confidentiality</h3>
<p>A useful thing to remember is that <B style="color:black;background-color:#ffff66">I2P</B> has transparent end to end encryption
<p>A useful thing to remember is that I2P has transparent end to end encryption
and authentication for all data passed over the network - if Bob sends Alice's destination,
only Alice's destination can receive it, and if Bob is using the datagrams or streaming
library, Alice knows for certain that Bob's destination is the one who sent the data. </p>
<p>Of course, another useful thing to remember is that <B style="color:black;background-color:#ffff66">I2P</B> transparently anonymizes the
<p>Of course, another useful thing to remember is that I2P transparently anonymizes the
data sent between Alice and Bob, but it does nothing to anonymize the content of what they
send. For instance, if Alice sends Bob a form with her full name, government IDs, and
credit card numbers, there is nothing <B style="color:black;background-color:#ffff66">I2P</B> can do. As such, protocols and applications should
credit card numbers, there is nothing I2P can do. As such, protocols and applications should
keep in mind what information they are trying to protect and what information they are willing
to expose.</p>
<h3><B style="color:black;background-color:#ffff66">I2P</B> datagrams can be up to 32KB</h3>
<h3>I2P datagrams can be up to 32KB</h3>
<p>Applications that use <B style="color:black;background-color:#ffff66">I2P</B> datagrams (either raw or repliable ones) can essentially be thought
<p>Applications that use I2P datagrams (either raw or repliable ones) can essentially be thought
of in terms of UDP - the datagrams are unordered, best effort, and connectionless - but unlike
UDP, applications don't need to worry about MTU detection and can simply fire off 32KB datagrams
(31KB when using the repliable kind). For many applications, 32KB of data is sufficient for an
entire request or response, allowing them to transparently operate in <B style="color:black;background-color:#ffff66">I2P</B> as a UDP-like
entire request or response, allowing them to transparently operate in I2P as a UDP-like
application without having to write fragmentation, resends, etc.</p>
<h2>Integration techniques</h2>
<p>There are four means of sending data over <B style="color:black;background-color:#ffff66">I2P</B>, each with their own pros and cons.</p>
<p>There are four means of sending data over I2P, each with their own pros and cons.</p>
<h3>SAM</h3>
<p>SAM is the <a href="book/view/144?PHPSESSID=ee3d79e304bf6e3746ccc3592c38a972">Simple Anonymous Messaging</a> protocol, allowing an
application written in any language to talk to a SAM bridge through a plain TCP socket and have
that bridge multiplex all of its <B style="color:black;background-color:#ffff66">I2P</B> traffic, transparently coordinating the encryption/decryption
that bridge multiplex all of its I2P traffic, transparently coordinating the encryption/decryption
and event based handling. SAM supports three styles of operation:</p>
<ul>
<li>streams, for when Alice and Bob want to send data to each other reliably and in order</li>
@ -139,12 +139,12 @@ and event based handling. SAM supports three styles of operation:</p>
<h3>I2PTunnel</h3>
<p>The I2PTunnel application allows applications to build specific TCP-like tunnels to peers
by creating either I2PTunnel 'client' applications (which listen on a specific port and connect
to a specific <B style="color:black;background-color:#ffff66">I2P</B> destination whenever a socket to that port is opened) or I2PTunnel 'server'
applications (which listen to a specific <B style="color:black;background-color:#ffff66">I2P</B> destination and whenever it gets a new <B style="color:black;background-color:#ffff66">I2P</B>
to a specific I2P destination whenever a socket to that port is opened) or I2PTunnel 'server'
applications (which listen to a specific I2P destination and whenever it gets a new I2P
connection it outproxies to a specific TCP host/port). These streams are 8bit clean and are
authenticated and secured through the same streaming library that SAM uses, but there is a
nontrivial overhead involved with creating multiple unique I2PTunnel instances, since each have
their own unique <B style="color:black;background-color:#ffff66">I2P</B> destination and their own set of tunnels, keys, etc.</p>
their own unique I2P destination and their own set of tunnels, keys, etc.</p>
<h3>ministreaming and datagrams</h3>
<p>For applications written in Java, the simplest way to go is to use the libraries that the SAM

10
pages/bounties.html
View File

@ -1,17 +1,17 @@
<h1>Bounties</h1>
<p>While we always gratefully accept any contributions of code,
documentation, and the like, there are other ways to help <B style="color:black;background-color:#ffff66">I2P</B> move
documentation, and the like, there are other ways to help I2P move
forward. As with any open source project, our goals would be achieved more
rapidly if we were able to support all of our contributors to work on
<B style="color:black;background-color:#ffff66">I2P</B> full time. However, as with any open source project, thats not a
I2P full time. However, as with any open source project, thats not a
possibility. Instead, we are making use of a bounty system, whereby
anyone can get support for working on something that people want
implemented, and people who want to contribute to <B style="color:black;background-color:#ffff66">I2P</B> can be assured that
implemented, and people who want to contribute to I2P can be assured that
their support goes to what they care about.</p>
<p>We are also keeping open the ability for people who want to support <B style="color:black;background-color:#ffff66">I2P</B>
<p>We are also keeping open the ability for people who want to support I2P
but don't have strong feelings about the bounties available. Those people
can simply put their trust in the <B style="color:black;background-color:#ffff66">I2P </B><B style="color:black;background-color:#A0FFFF">team</B> to do what we feel is best by
can simply put their trust in the I2P team to do what we feel is best by
donating to a catch-all general fund that will be used as deemed
necessary - allocated to various bounties, covering incidentals (hosting,
etc), and the like.</p>

10
pages/cvs.html
View File

@ -1,19 +1,19 @@
<h1>CVS</h1>
This is just a reminder for me so I don't have to memorize the commands to download <B style="color:black;background-color:#ffff66">i2p</B> cvs:<br />
This is just a reminder for me so I don't have to memorize the commands to download i2p cvs:<br />
<br />
Unix CVS:<br />
<br />
cvs -d:pserver:anoncvs@cvs.<B style="color:black;background-color:#ffff66">i2p</B>.net:/cvsroot login<br />
cvs -d:pserver:anoncvs@cvs.i2p.net:/cvsroot login<br />
(password anoncvs)<br />
cvs -d:pserver:anoncvs@cvs.<B style="color:black;background-color:#ffff66">i2p</B>.net:/cvsroot co <B style="color:black;background-color:#ffff66">i2p</B><br />
cvs -d:pserver:anoncvs@cvs.i2p.net:/cvsroot co i2p<br />
<br />
WinCVS CVSRoot (login then checkout):<br />
<br />
anoncvs@cvs.<B style="color:black;background-color:#ffff66">i2p</B>.net:/cvsroot<br />
anoncvs@cvs.i2p.net:/cvsroot<br />
(password anoncvs)<br />
<br />
<a href="http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/?f=H"><B style="color:black;background-color:#ffff66">I2P</B> CVSWeb (w/ nice diffs)</a><br />
<a href="http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/?f=H">I2P CVSWeb (w/ nice diffs)</a><br />
<br />
Humourous quote from WinCVS: "Did you know... Never experiment with new CVS commands on your working repository. Create a sample module instead."

4
pages/donate.html
View File

@ -1,10 +1,10 @@
<h1>Donate</h1>
<p>Thank you for your interest in contributing to <B style="color:black;background-color:#ffff66">I2P</B>! The details of how you can make your contribution are provided below:</p>
<p>Thank you for your interest in contributing to I2P! The details of how you can make your contribution are provided below:</p>
<!--break-->
<h2><a href="http://www.e-gold.com/" target="_new">e-gold</a></h2>
<p>
Account name: <B style="color:black;background-color:#ffff66">I2P</B><br/>
Account name: I2P<br/>
Account number: 1274080</p>
<form action="https://www.e-gold.com/sci_asp/payments.asp" method="POST" target="_top"><input type="hidden" name="PHPSESSID" value="a30a4abf201d1b2315cafbb49fc6e4d7" />

44
pages/faq.html
View File

@ -1,49 +1,49 @@
<h1>FAQ</h1>
<h3>What is <B style="color:black;background-color:#ffff66">I2P</B>?</h3>
<p><B style="color:black;background-color:#ffff66">I2P</B> is a generic anonymous and secure peer to peer communication layer. It is a network that sits on
<h3>What is I2P?</h3>
<p>I2P is a generic anonymous and secure peer to peer communication layer. It is a network that sits on
top of another network (in this case, it sits on top of the internet). It is responsible for delivering
a message anonymously and securely to another location. More tech details are
<a href="/book/view/39?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">available</a></p>
<h3>What does that mean?</h3>
<p>It means that you can do things anonymously and host services anonymously from your computer.
You will need to use programs that are designed to work with <B style="color:black;background-color:#ffff66">I2P</B>, though in some cases you can use
regular internet programs with <B style="color:black;background-color:#ffff66">I2P</B> by creating something called an
You will need to use programs that are designed to work with I2P, though in some cases you can use
regular internet programs with I2P by creating something called an
<a href="/i2ptunnel?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">I2PTunnel</a></p>
<h3>What is the difference between <B style="color:black;background-color:#ffff66">I2P</B> and the internet?</h3>
<p>Data transferred via <B style="color:black;background-color:#ffff66">I2P</B> is anonymous and encrypted. Regular internet traffic is not
(although it can be encrypted). If you set up a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who
you are. If you browse a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are. If you transfer
files using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are.</p>
<h3>What is the difference between I2P and the internet?</h3>
<p>Data transferred via I2P is anonymous and encrypted. Regular internet traffic is not
(although it can be encrypted). If you set up a web page using I2P, nobody will know who
you are. If you browse a web page using I2P, nobody will know who you are. If you transfer
files using I2P, nobody will know who you are.</p>
<h3>Whats an "eepsite"?</h3>
<p>An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444),
and browsing to the site.</p>
<h3>Can I browse the web with <B style="color:black;background-color:#ffff66">I2P</B>?</h3>
<h3>Can I browse the web with I2P?</h3>
<p>Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy
(squid.<B style="color:black;background-color:#ffff66">i2p</B>). If you have your browser set to use the web proxy, if you type
http://google.com/ your request will be routed through <B style="color:black;background-color:#ffff66">I2P</B> to the outbound proxy.</p>
(squid.i2p). If you have your browser set to use the web proxy, if you type
http://google.com/ your request will be routed through I2P to the outbound proxy.</p>
<h3>How anonymous is <B style="color:black;background-color:#ffff66">I2P</B> anyway?</h3>
<p><B style="color:black;background-color:#ffff66">I2P</B> is working to support militant grade anonymity, <b>but we're not there yet</b>. You should not
use <B style="color:black;background-color:#ffff66">I2P</B> if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it
<h3>How anonymous is I2P anyway?</h3>
<p>I2P is working to support militant grade anonymity, <b>but we're not there yet</b>. You should not
use I2P if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it
has not gone through sufficient peer review. However, we're confident that we'll get to the point
that we can provide anonymity strong enough even for militantly subversive political action (so it
should be fine for you to chat online with your friends)</p>
<p>An important point to note is that <B style="color:black;background-color:#ffff66">I2P</B> does <b>not</b> provide anonymity or security of content
<p>An important point to note is that I2P does <b>not</b> provide anonymity or security of content
after it is transferred - you can still download and run a virus, or even submit your full name
and bank account numbers on an eepsite. <B style="color:black;background-color:#ffff66">I2P</B> only tries to provide communication security and anonymity -
and bank account numbers on an eepsite. I2P only tries to provide communication security and anonymity -
what you say or do is up to you.</p>
<h3>How does <B style="color:black;background-color:#ffff66">I2P</B> protect itself from denial of service attacks?</h3>
<h3>How does I2P protect itself from denial of service attacks?</h3>
<p>
For this too, there are several answers. Short summary is "the best it can".
Briefly, <B style="color:black;background-color:#ffff66">I2P</B> attempts to defend against several forms of denial of service
attack, all without centralized coordination. For applications using <B style="color:black;background-color:#ffff66">I2P</B>,
Briefly, I2P attempts to defend against several forms of denial of service
attack, all without centralized coordination. For applications using I2P,
the computer they are located on is not exposed to the public, so the
standard denial of service attack cannot be directly mounted against them
(ala ping floods, etc). Instead, attackers are forced to go after the
@ -64,12 +64,12 @@ what you say or do is up to you.</p>
message or identity. They can also be filled with other certificates as deemed
necessary (e.g. a blinded certificate from an anonymous certificate authority,
a receipt for real currency payments, etc). It is also believed that through this
certificate attachment system <B style="color:black;background-color:#ffff66">I2P</B> will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>
certificate attachment system I2P will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>
</p>
<p>
Other denial of service attacks include creating a few thousand high quality
<B style="color:black;background-color:#ffff66">I2P</B> routers, running them for a week, and then taking them all offline. This
I2P routers, running them for a week, and then taking them all offline. This
indeed may force the creation of islands within the network, but the underlying
<a href="/network_database?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">Network Database</a> is built off of a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,
which should allow the network to recover with minimal overhead (though, of course,

4
pages/getinvolved.html
View File

@ -1,4 +1,4 @@
<h1>Get involved</h1>
<p>To <B style="color:black;background-color:#A0FFFF">get </B><B style="color:black;background-color:#99ff99">involved</B>, please feel free to join us on the #<B style="color:black;background-color:#ffff66">i2p</B> IRC channel (on irc.freenode.net, or within <B style="color:black;background-color:#ffff66">I2P</B> on irc.duck.<B style="color:black;background-color:#ffff66">i2p</B> or irc.baffled.<B style="color:black;background-color:#ffff66">i2p</B>). In addition, we have a <a href="http://i2p.net/pipermail/i2p/">mailing list</a> and meetings are held every Tuesday at 9PM GMT on IRC (with meeting logs kept <a href="/book/view/49?PHPSESSID=0cc3fc89a914bf810dda9032a061e8b0">online</a>)</p>
<p>To get involved, please feel free to join us on the #i2p IRC channel (on irc.freenode.net, or within I2P on irc.duck.i2p or irc.baffled.i2p). In addition, we have a <a href="http://i2p.net/pipermail/i2p/">mailing list</a> and meetings are held every Tuesday at 9PM GMT on IRC (with meeting logs kept <a href="/book/view/49?PHPSESSID=0cc3fc89a914bf810dda9032a061e8b0">online</a>)</p>
<p>If you're interested in joining our <a href="/team?PHPSESSID=0cc3fc89a914bf810dda9032a061e8b0">team</a>, please <B style="color:black;background-color:#A0FFFF">get</B> in touch as we're always looking for eager contributors!</p>
<p>If you're interested in joining our <a href="/team?PHPSESSID=0cc3fc89a914bf810dda9032a061e8b0">team</a>, please get in touch as we're always looking for eager contributors!</p>

2
pages/how_elgamalaes.html
View File

@ -1,6 +1,6 @@
<h1>ElGamal / AES+SessionTag</h1>
<p>
Within <B style="color:black;background-color:#ffff66">I2P</B>, various messages are encrypted, but we don't want anyone to know
Within I2P, various messages are encrypted, but we don't want anyone to know
to whom or from whom it is bound, so we can't just toss a "to" or "from" address.
In addition, messages are not delivered in order (or reliably), so we can't simply
ElGamal encrypt the first message and AES the subsequent messages. The alternative

52
pages/how_intro.html
View File

@ -1,34 +1,34 @@
<h1>Intro</h1>
<p><B style="color:black;background-color:#ffff66">I2P</B> is an effort to build, deploy, and maintain a network to support secure and anonymous
communication. People using <B style="color:black;background-color:#ffff66">I2P</B> are in control of the tradeoffs between anonymity, reliability,
<p>I2P is an effort to build, deploy, and maintain a network to support secure and anonymous
communication. People using I2P are in control of the tradeoffs between anonymity, reliability,
bandwidth usage, and latency. There is no central point in the network on which pressure can be
exerted to compromise the integrity, security, or anonymity of the system. The network supports
dynamic reconfiguration in response to various attacks, and has been designed to make use of
additional resources as they become available. Of course, all aspects of the network are open
and freely available.</p>
<p>Unlike many other anonymizing networks, <B style="color:black;background-color:#ffff66">I2P</B> doesn't try to provide anonymity by hiding the
originator of some communication and not the recipient, or the other way around. <B style="color:black;background-color:#ffff66">I2P</B> is designed
to allow peers using <B style="color:black;background-color:#ffff66">I2P</B> to communicate with each other anonymously both sender and recipient
<p>Unlike many other anonymizing networks, I2P doesn't try to provide anonymity by hiding the
originator of some communication and not the recipient, or the other way around. I2P is designed
to allow peers using I2P to communicate with each other anonymously both sender and recipient
are unidentifiable to each other as well as to third parties. For example, today there are both
in-<B style="color:black;background-color:#ffff66">I2P</B> web sites (allowing anonymous publishing / hosting) as well as HTTP proxies to the normal
web (allowing anonymous web browsing). Having the ability to run servers within <B style="color:black;background-color:#ffff66">I2P</B> is essential,
in-I2P web sites (allowing anonymous publishing / hosting) as well as HTTP proxies to the normal
web (allowing anonymous web browsing). Having the ability to run servers within I2P is essential,
as it is quite likely that any outbound proxies to the normal internet will be monitored, disabled,
or even taken over to attempt more malicious attacks.</p>
<p>The network itself is message oriented - it is essentially a secure and anonymous IP layer,
where messages are addressed to cryptographic keys (Destinations) and can be significantly larger
than IP packets. Some example uses of the network include "eepsites" (webservers hosting normal web
applications within <B style="color:black;background-color:#ffff66">I2P</B>), a <a href="http://bitconjurer.org/BitTorrent/">BitTorrent</a> port ("I2PSnark"),
applications within I2P), a <a href="http://bitconjurer.org/BitTorrent/">BitTorrent</a> port ("I2PSnark"),
or a distributed data store. With the help of mihi's <a href="/i2ptunnel?PHPSESSID=a2cc81573922db94d0656146d3764863">I2PTunnel</a> application,
we are able to stream traditional TCP/IP applications over <B style="color:black;background-color:#ffff66">I2P</B>, such as SSH, irc, a squid proxy, and
even streaming audio. Most people will not use <B style="color:black;background-color:#ffff66">I2P</B> directly, or even need to know they're using it.
Instead their view will be of one of the <B style="color:black;background-color:#ffff66">I2P</B> enabled applications, or perhaps as a little controller
we are able to stream traditional TCP/IP applications over I2P, such as SSH, irc, a squid proxy, and
even streaming audio. Most people will not use I2P directly, or even need to know they're using it.
Instead their view will be of one of the I2P enabled applications, or perhaps as a little controller
app to turn on and off various proxies to enable the anonymizing functionality.</p>
<p>An essential part of designing, developing, and testing an anonymizing network is to define the
<a href="/book/view/41?PHPSESSID=a2cc81573922db94d0656146d3764863">threat <B style="color:black;background-color:#A0FFFF">model</B></a>, since there is no such thing as "true" anonymity, just
increasingly expensive costs to identify someone. Briefly, <B style="color:black;background-color:#ffff66">I2P's</B> intent is to allow people to communicate
<a href="/book/view/41?PHPSESSID=a2cc81573922db94d0656146d3764863">threat model</a>, since there is no such thing as "true" anonymity, just
increasingly expensive costs to identify someone. Briefly, I2P's intent is to allow people to communicate
in arbitrarily hostile environments by providing militant grade anonymity, mixed in with sufficient cover
traffic provided by the activity of people who require less anonymity. This includes letting Joe Sixpack
chat with his buddies without anyone listening in, Jane Filetrader to share files knowing that large
@ -41,7 +41,7 @@ others.</p>
anonymous communication, and everyone has their own personal rationale. There have are many
<a href="/book/view/47?PHPSESSID=a2cc81573922db94d0656146d3764863">other efforts</a> working on finding ways to provide varying degrees of
anonymity to people through the Internet, but we could not find any that met our needs or threat
<B style="color:black;background-color:#A0FFFF">model</B>.</p>
model.</p>
<h2>How?</h2>
@ -52,7 +52,7 @@ communicate with each other through existing transport mechanisms (e.g. TCP, UDP
messages. Client applications have their own cryptographic identifier ("Destination") which enables it
to send and receive messages. These clients can connect to any router and authorize the temporary
allocation ("lease") of some tunnels that will be used for sending and receiving messages through the
network. <B style="color:black;background-color:#ffff66">I2P</B> has its own internal <a href="/book/view/44?PHPSESSID=a2cc81573922db94d0656146d3764863">network database</a> (using a modification of
network. I2P has its own internal <a href="/book/view/44?PHPSESSID=a2cc81573922db94d0656146d3764863">network database</a> (using a modification of
the Kademlia algorithm) for distributing routing and contact information.</p>
<p>The following illustration is a simplistic view regarding how tunnels, routers, and destinations
@ -79,11 +79,11 @@ and deliver long lived end to end messages) may be instead are sent via
<a href="/book/view/43?PHPSESSID=a2cc81573922db94d0656146d3764863">garlic routing</a>. Inspired by a subsection for future works written by
Michael Freedman within Roger Dingledine's freehaven
<a href="http://www.freehaven.net/doc/freehaven10.ps">thesis</a>, and with some similarities to
<a href="http://onion-router.net/">onion routing</a>. <B style="color:black;background-color:#ffff66">I2P's</B> garlic routing allows multiple messages
<a href="http://onion-router.net/">onion routing</a>. I2P's garlic routing allows multiple messages
("cloves") to be wrapped inside a single message ("garlic") so that only the intended recipient can
determine how many cloves are contained as well as how those cloves should be processed.</p>
<p>To deal with a wide range of attacks, <B style="color:black;background-color:#ffff66">I2P</B> is fully distributed with no centralized resources - and
<p>To deal with a wide range of attacks, I2P is fully distributed with no centralized resources - and
hence there are no directory servers keeping statistics regarding the performance and reliability of
routers within the network. As such, each router must keep and maintain profiles of various routers
and is responsible for selecting appropriate peers to meet the anonymity, performance, and reliability
@ -94,7 +94,7 @@ a full laundry list includes 2048bit ElGamal encryption, 256bit AES in CBC mode
1024bit DSA signatures, SHA256 hashes, 2048bit Diffie-Hellman negotiated connections with station to
station authentication, and <a href="/book/view/46?PHPSESSID=a2cc81573922db94d0656146d3764863">ElGamal / AES+SessionTag</a>.</p>
<p>Content sent over <B style="color:black;background-color:#ffff66">I2P</B> is encrypted through three or four layers - end to end encryption (absolutely
<p>Content sent over I2P is encrypted through three or four layers - end to end encryption (absolutely
no routers get the plaintext, ever), garlic encryption (used to verify the delivery of the message to
the recipient), tunnel encryption (all messages passing through a tunnel is encrypted by the tunnel
gateway to the tunnel endpoint), and interrouter transport layer encryption (e.g. the TCP transport
@ -111,18 +111,18 @@ delays and FIFO tunnels are currently in place. Additionally, the 2.0 release wi
up and operate behind restricted routes (perhaps with trusted peers), as well as the deployment of more
flexible and anonymous transports.</p>
<p>Some questions have been raised with regards to the scalability of <B style="color:black;background-color:#ffff66">I2P</B>, and reasonably so. There
<p>Some questions have been raised with regards to the scalability of I2P, and reasonably so. There
will certainly be more analysis over time, but peer lookup and integration should be bounded by
<code>O(log(N))</code> due to the <a href="/book/view/44?PHPSESSID=a2cc81573922db94d0656146d3764863">network database</a>'s algorithm, while end to end
messages should be <code>O(log(1))</code> (scale free), since messages go out K hops through the outbound
tunnel and another K hops through the inbound tunnel - the size of the network (N) bears no impact.</p>
<h2>When?</h2>
<p><B style="color:black;background-color:#ffff66">I2P</B> initially began in Feb 2003 as a proposed modification to
<p>I2P initially began in Feb 2003 as a proposed modification to
<a href="http://freenetproject.org">freenet</a> to allow it to use alternate transports, such as
<a href="http://java.sun.com/products/jms/index.jsp">JMS</a>, then grew into its own as an
'anonCommFramework' in April 2003, turning into <B style="color:black;background-color:#ffff66">I2P</B> in July, with code being cut in earnest in August,
reaching the 0.2 release in September and 0.3 in March. <B style="color:black;background-color:#ffff66">I2P</B> is currently moving forward according to
'anonCommFramework' in April 2003, turning into I2P in July, with code being cut in earnest in August,
reaching the 0.2 release in September and 0.3 in March. I2P is currently moving forward according to
the <a href="/roadmap?PHPSESSID=a2cc81573922db94d0656146d3764863">roadmap</a>.</p>
<p>The network itself is not ready for general use, and should not be used by those who need anonymity
@ -131,7 +131,7 @@ until it has been met with sufficient peer review.</p>
<h2>Who?</h2>
<p>We have a small <a href="/team?PHPSESSID=a2cc81573922db94d0656146d3764863">team</a> spread around several continents, working to advance different
aspects of the project. We are very open to other developers who want to get involved and anyone else
who would like to contribute in other ways, such as critiques, peer review, testing, writing <B style="color:black;background-color:#ffff66">I2P</B> enabled
who would like to contribute in other ways, such as critiques, peer review, testing, writing I2P enabled
applications, or documentation. The entire system is open source - the router and most of the SDK are
outright public domain with some BSD and Cryptix licensed code, while some applications like I2PTunnel
and I2PSnark are GPL. Almost everything is written in Java (1.3+), though some third party applications
@ -140,11 +140,11 @@ we are hoping to get it working on <a href="http://gcc.gnu.org/java/">GCJ</a> so
<h2>Where?</h2>
<p>Anyone interested should subscribe to the <a href="http://i2p.net/pipermail/i2p/">mailing list</a> and
join us on the irc channel #<B style="color:black;background-color:#ffff66">i2p</B> (hosted concurrently on <a href="http://invisiblenet.net/iip/">IIP</a>,
irc.freenode.net, irc.duck.<B style="color:black;background-color:#ffff66">i2p</B>, and irc.baffled.<B style="color:black;background-color:#ffff66">i2p</B>). Weekly development meetings are held there every
join us on the irc channel #i2p (hosted concurrently on <a href="http://invisiblenet.net/iip/">IIP</a>,
irc.freenode.net, irc.duck.i2p, and irc.baffled.i2p). Weekly development meetings are held there every
Tuesday at 9pm GMT with <a href="/node/view/49?PHPSESSID=a2cc81573922db94d0656146d3764863">archives available</a>.</p>
<p>The current source is available through an anonymous CVS repository</p>
<pre>
cvs -d :pserver:anoncvs@<B style="color:black;background-color:#ffff66">i2p</B>.net/cvsroot co <B style="color:black;background-color:#ffff66">i2p</B></pre>
cvs -d :pserver:anoncvs@i2p.net/cvsroot co i2p</pre>
<p>with the password <code>anoncvs</code>. </p>

40
pages/how_threatmodel.html
View File

@ -1,7 +1,7 @@
<h1>Threatmodel</h1>
<p>
There are a great many other applications and projects working on anonymous
communication and <B style="color:black;background-color:#ffff66">I2P</B> has been inspired by much of their efforts. This is not
communication and I2P has been inspired by much of their efforts. This is not
a comprehensive list of anonymity resources - both freehaven's
<a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a>
and GNUnet's <a href="http://www.ovmj.org/GNUnet/links.php3">related projects</a> serve
@ -26,13 +26,13 @@ anonymizing proxies, allowing people to tunnel out through the low latency
mix network. Morphmix includes some very interesting collusion detection
algorithms and Sybil defenses, while Tarzan makes use of the scarcity of IP
addresses to accomplishs the same. The two primary differences between
these systems and <B style="color:black;background-color:#ffff66">I2P</B> are related to <B style="color:black;background-color:#ffff66">I2P's</B> <a href="/book/view/41?PHPSESSID=42d2b0545f243f2537476db228ce1636"><B style="color:black;background-color:#A0FFFF">threat </B><B style="color:black;background-color:#99ff99">model</B></a>
these systems and I2P are related to I2P's <a href="/book/view/41?PHPSESSID=42d2b0545f243f2537476db228ce1636">threat model</a>
and their out-proxy design (as opposed to providing both sender and receiver
anonymity). There is source code available to both systems, but we are not aware
of their use outside of academic environments.</p>
<p>
Stealing quite directly from the Tarzan paper, the following includes a quick
comparison of Tarzan, Crowds, Onion Routing (OR), and <B style="color:black;background-color:#ffff66">I2P</B>:</p>
comparison of Tarzan, Crowds, Onion Routing (OR), and I2P:</p>
<img src="http://i2p.net/~jrandom/wiki/comparison.png">
@ -43,36 +43,36 @@ comparison of Tarzan, Crowds, Onion Routing (OR), and <B style="color:black;back
<p>
TOR and Onion Routing are both anonymizing proxy networks, allowing people
to tunnel out through their low latency mix network. The two primary
differences between TOR / OnionRouting and <B style="color:black;background-color:#ffff66">I2P</B> are again related to differences
in the <B style="color:black;background-color:#A0FFFF">threat </B><B style="color:black;background-color:#99ff99">model</B> and the out-proxy design (though TOR is working to provide
differences between TOR / OnionRouting and I2P are again related to differences
in the threat model and the out-proxy design (though TOR is working to provide
redevous points within the mix network, which will provide recipient anonymity).
In addition, these networks take the directory based approach - providing a
centralized point to manage the overall 'view' of the network, as well as gather
and report statistics, as opposed to <B style="color:black;background-color:#ffff66">I2P's</B> distributed
and report statistics, as opposed to I2P's distributed
<a href="/book/view/44?PHPSESSID=42d2b0545f243f2537476db228ce1636">network database</a> and <a href="/book/view/135?PHPSESSID=42d2b0545f243f2537476db228ce1636">peer selection</a>.</p>
<p>On the technical side, there are 5 main differences between TOR and <B style="color:black;background-color:#ffff66">I2P</B>:</p>
<p>On the technical side, there are 5 main differences between TOR and I2P:</p>
<ul>
<li>TOR is centrally managed (trusted directories, only some people fully participate
in the network with cover traffic) while <B style="color:black;background-color:#ffff66">I2P</B> is fully distributed. This has serious
in the network with cover traffic) while I2P is fully distributed. This has serious
anonymity implications for people using TOR that are not one of the TOR nodes,
since a powerful attacker could determine your identity, or coerce the maintainer
of TOR's directory server to include untrustworthy nodes.</li>
<li>TOR is circuit based (with reliable, ordered, bidirectional tunnels), while <B style="color:black;background-color:#ffff66">I2P</B>
<li>TOR is circuit based (with reliable, ordered, bidirectional tunnels), while I2P
is packet based (with unreliable, unordered, unidirectional tunnels). As with the
TCP/IP separation, <B style="color:black;background-color:#ffff66">I2P</B> optionally adds TCL-like functionality on top of the packet
TCP/IP separation, I2P optionally adds TCL-like functionality on top of the packet
based network by means of mihi's ministreaming library.</li>
<li>TOR is low latency, while <B style="color:black;background-color:#ffff66">I2P</B> is variable latency (both ASAP and stop+go). This will
allow <B style="color:black;background-color:#ffff66">I2P</B> to provide a higher level of anonymity by blending the anonymity set of
<li>TOR is low latency, while I2P is variable latency (both ASAP and stop+go). This will
allow I2P to provide a higher level of anonymity by blending the anonymity set of
different user bases together - for example, filesharing users and militants look
the same, though make use of different techniques to balance their own anonymity
and security needs)</li>
<li>TOR is IP addressed, relying on the security of the IP layer for authenticating
and securing the message delivery, while <B style="color:black;background-color:#ffff66">I2P</B> is cryptographically addressed.</li>
<li>TOR is written in C on *nix (windows port w/ cygwin?), while <B style="color:black;background-color:#ffff66">I2P</B> is written in
and securing the message delivery, while I2P is cryptographically addressed.</li>
<li>TOR is written in C on *nix (windows port w/ cygwin?), while I2P is written in
Java and tested on *nix, windows, and macs</li>
</ul>
@ -83,8 +83,8 @@ and report statistics, as opposed to <B style="color:black;background-color:#fff
<p>
Mixminion and Mixmaster are networks to support anonymous email against a very
powerful adversary. <B style="color:black;background-color:#ffff66">I2P</B> aims to provide an adequate means to meet their <B style="color:black;background-color:#A0FFFF">threat
</B><B style="color:black;background-color:#99ff99">model</B> as we reach <B style="color:black;background-color:#ffff66">I2P</B> 3.0 along side the needs of low latency users, providing
powerful adversary. I2P aims to provide an adequate means to meet their threat
model as we reach I2P 3.0 along side the needs of low latency users, providing
a significantly larger anonymity set. As with TOR and Onion Routing above,
both Mixminion and Mixmaster take the directory based approach as well.</p>
@ -94,12 +94,12 @@ both Mixminion and Mixmaster take the directory based approach as well.</p>
<p>
Freenet is a fully distributed, peer to peer anonymous publishing network.
As such, generic anonymous communication over it requires the use of the global
blackboard <B style="color:black;background-color:#99ff99">model</B> - storing data somewhere that the recipient will then check
blackboard model - storing data somewhere that the recipient will then check
for a message. Freenet also does not support the concept of user defined delays -
it stores and fetches data as quickly as it can, rather than queueing up, pooling,
delaying, and mixing the data, leaving a hole with regards to long term intersection
attacks. In addition, there seem to be some performance issues that can arguably
be attributed to the global blackboard <B style="color:black;background-color:#99ff99">model</B> which will likely rule out interactive
be attributed to the global blackboard model which will likely rule out interactive
low latency communication.</p>
<H2>JAP</H2>
@ -110,8 +110,8 @@ low latency communication.</p>
JAP (Java Anonymous Proxy) is a network of mix cascades for anonymizing web requests,
and as such it has a few centralized nodes (participants in the cascade) that blend
and mix requests from clients through the sequence of nodes (the cascade) before
proxying out onto the web. The scope, <B style="color:black;background-color:#A0FFFF">threat </B><B style="color:black;background-color:#99ff99">model</B>, and security is substantially
different from <B style="color:black;background-color:#ffff66">I2P</B>, but for those who don't require significant anonymity but still
proxying out onto the web. The scope, threat model, and security is substantially
different from I2P, but for those who don't require significant anonymity but still
are not satisfied with an Anonymizer-like service, JAP is worth reviewing. One
caution to note is that anyone under the jurisdiction of the German courts may want
to take care, as the German Federal Bureau of Criminal Investigation (FBCI) has has

4
pages/jbigi.html
View File

@ -42,8 +42,8 @@ native = 14.223802103622907% of pure java time
</pre>
If the native is indeed 5-7x faster then it looks all good. If not, please report.</li>
<li>Copy <code>libjbigi.so</code> to your <B style="color:black;background-color:#ffff66">i2p</B> directory</li>
<li>Restart your <B style="color:black;background-color:#ffff66">I2P</B> programs.</li>
<li>Copy <code>libjbigi.so</code> to your i2p directory</li>
<li>Restart your I2P programs.</li>
<li>On <a href="http://localhost:7655/routerStats.html">http://localhost:7655/routerStats.html</a>
the <code>crypto.elGamal.decrypt</code> and <code>crypto.elGamal.encrypt</code> should be a lot faster.</li>

10
pages/minwww.html
View File

@ -1,9 +1,9 @@
<h1>MinWWW</h1>
Here's an outline and rationale for a minimal WWW proxy app for use
over <a href="iip-wiki?I2P&PHPSESSID=6e225478566d893d09caaefd76f406ce"><B style="color:black;background-color:#ffff66">I2P</B></a>.
over <a href="iip-wiki?I2P&PHPSESSID=6e225478566d893d09caaefd76f406ce">I2P</a>.
<p>
HTTP operation over <B style="color:black;background-color:#ffff66">I2P</B> using I2PTunnel. When the base SocketLibrary
HTTP operation over I2P using I2PTunnel. When the base SocketLibrary
is out, the only significant difference will be the 'wrapRequest' and
'unwrapRequest' will functionally be placed in the socketLibrary, not
in the router (but later versions of the SocketLibrary will be able to
@ -68,14 +68,14 @@ operate significantly faster:
The difference in network load and latency is significant - this is essentially
a UDP version of HTTP. On the normal web, we can't really do that, since most
HTTP requests and responses are orders of magnitude larger than UDP packets
functionally support, but in <B style="color:black;background-color:#ffff66">I2P</B>, messages can be large. The savings for the
functionally support, but in I2P, messages can be large. The savings for the
network load comes from the fact that we don't need to send any ACK messages -
rather than the earlier wrap/unwrap request (that bundles a DataMessage with
a DeliveryStatusMessage to provide guaranteed delivery), the MinWWW proxy deals
with resends (if necessary - in I2PTunnel today, there are no resends).
<p>
The data that the MinWWW proxy and server need to wrap is trivial - when the
proxy wants to send "GET /", it prepends it with the <B style="color:black;background-color:#ffff66">I2P</B> Destination sending
proxy wants to send "GET /", it prepends it with the I2P Destination sending
the request, followed by a 4 byte request ID. The MinWWW server receives those
requests, contacts the appropriate HTTPD, sends the request, waits for the
response, and sends a reply to the MinWWW proxy containing the response, prefixed
@ -94,7 +94,7 @@ ROUTERA will really never talk directly to ROUTERB. ROUTERA will send each
of the messages through two additional outbound routers, then forwarded to
two additional inbound routers to ROUTERB, so the lag there is significant -
while the above only saves 11 steps, 8 of those steps need to traverse the
entire <B style="color:black;background-color:#A0FFFF">tunnel</B> path (4+ remote hops each time when tunnels are 2 remote hops
entire tunnel path (4+ remote hops each time when tunnels are 2 remote hops
in each stretch), leaving MinWWW with only two full traversals (one for the
request, one for the response), instead of 10.

16
pages/performance.html
View File

@ -1,12 +1,12 @@
<h1>Performance</h1>
<p>Probably one of the most frequent things people ask is "how fast is <B style="color:black;background-color:#ffff66">I2P</B>?", and no one seems to like the answer - "it depends". After trying out <B style="color:black;background-color:#ffff66">I2P</B>, the next thing they ask is "will it get faster?", and the answer to that is a most emphatic <b>yes</b>.</p>
<p>Probably one of the most frequent things people ask is "how fast is I2P?", and no one seems to like the answer - "it depends". After trying out I2P, the next thing they ask is "will it get faster?", and the answer to that is a most emphatic <b>yes</b>.</p>
<p>There are a few major techniques that can be done to improve the percieved performance of <B style="color:black;background-color:#ffff66">I2P</B> - some of the following are CPU related, others bandwidth related, and others still are protocol related. However, all of those dimensions affect the latency, throughput, and percieved performance of the network, as they reduce contention for scarce resources. This list is of course not comprehensive, but it does cover the major ones that I see.</p>
<p>There are a few major techniques that can be done to improve the percieved performance of I2P - some of the following are CPU related, others bandwidth related, and others still are protocol related. However, all of those dimensions affect the latency, throughput, and percieved performance of the network, as they reduce contention for scarce resources. This list is of course not comprehensive, but it does cover the major ones that I see.</p>
<h2>Native math</h2>
<p>When I last profiled the <B style="color:black;background-color:#ffff66">I2P</B> code, the vast majority of time was spent within one function: java.math.BigInteger's <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/math/BigInteger.html#modPow(java.math.BigInteger,%20java.math.BigInteger)">modPow</a>. Rather than try to tune this method, we'll call out to <a href="http://www.swox.com/gmp/">GNU MP</a> - an insanely fast math library (with tuned assembler for many architectures). (<i>Editor: see <a href="/node/view/147?PHPSESSID=288375bed2d584c74d7a9fdbc87e326a">NativeBigInteger for faster public key cryptography</a></i>)</p>
<p>When I last profiled the I2P code, the vast majority of time was spent within one function: java.math.BigInteger's <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/math/BigInteger.html#modPow(java.math.BigInteger,%20java.math.BigInteger)">modPow</a>. Rather than try to tune this method, we'll call out to <a href="http://www.swox.com/gmp/">GNU MP</a> - an insanely fast math library (with tuned assembler for many architectures). (<i>Editor: see <a href="/node/view/147?PHPSESSID=288375bed2d584c74d7a9fdbc87e326a">NativeBigInteger for faster public key cryptography</a></i>)</p>
<p><a href="/user/view/8?PHPSESSID=288375bed2d584c74d7a9fdbc87e326a">ughabugha</a> and <a href="/user/view/7?PHPSESSID=288375bed2d584c74d7a9fdbc87e326a">duck</a> are working on the C/JNI glue code, and the existing java code is already deployed with hooks for that whenever its ready. Preliminary results look fantastic - running the router with the native GMP modPow is providing over a 800% speedup in encryption performance, and the load was cut in half. This was just on one user's machine, and things are nowhere near ready for packaging and deployment, yet.</p>
@ -30,11 +30,11 @@
<h2>Longer lasting tunnels</h2>
<p>The current default <B style="color:black;background-color:#A0FFFF">tunnel</B> duration of 10 minutes is fairly arbitrary, though it "feels ok". Once we've got <B style="color:black;background-color:#A0FFFF">tunnel</B> healing code and more effective failure detection, we'll be able to more safely vary those durations, reducing the network and CPU load (due to expensive <B style="color:black;background-color:#A0FFFF">tunnel</B> creation messages).</p>
<p>The current default tunnel duration of 10 minutes is fairly arbitrary, though it "feels ok". Once we've got tunnel healing code and more effective failure detection, we'll be able to more safely vary those durations, reducing the network and CPU load (due to expensive tunnel creation messages).</p>
<h2>Adjust the timeouts</h2>
<p>Yet another of the fairly arbitrary but "ok feeling" things we've got are the current timeouts for various activities. Why do we have a 60 second "peer unreachable" timeout? Why do we try sending through a different <B style="color:black;background-color:#A0FFFF">tunnel</B> that a LeaseSet advertises after 10 seconds? Why are the network database queries bounded by 60 or 20 second limits? Why are destinations configured to ask for a new set of tunnels every 10 minutes? Why do we allow 60 seconds for a peer to reply to our request that they join a <B style="color:black;background-color:#A0FFFF">tunnel</B>? Why do we consider a <B style="color:black;background-color:#A0FFFF">tunnel</B> that doesn't pass our test within 60 seconds "dead"?</p>
<p>Yet another of the fairly arbitrary but "ok feeling" things we've got are the current timeouts for various activities. Why do we have a 60 second "peer unreachable" timeout? Why do we try sending through a different tunnel that a LeaseSet advertises after 10 seconds? Why are the network database queries bounded by 60 or 20 second limits? Why are destinations configured to ask for a new set of tunnels every 10 minutes? Why do we allow 60 seconds for a peer to reply to our request that they join a tunnel? Why do we consider a tunnel that doesn't pass our test within 60 seconds "dead"?</p>
<p>Each of those imponderables can be addressed with more adaptive code, as well as tuneable parameters to allow for more appropriate tradeoffs between bandwidth, latency, and CPU usage.</p>
@ -42,9 +42,9 @@
<p>At the moment, all TCP connections do all of their peer validation after going through the full (expensive) Diffie-Hellman handshaking to negotiate a private session key. This means that if someone's clock is really wrong, or their NAT/firewall/etc is improperly configured (or they're just running an incompatible version of the router), they're going to consistently (though not constantly, thanks to the shitlist) cause a futile expensive cryptographic operation on all the peers they know about. While we will want to keep some verification/validation within the encryption boundary, we'll want to update the protocol to do some of it first, so that we can reject them cleanly without wasting much CPU or other resources.</p>
<h2>Adjust the <B style="color:black;background-color:#A0FFFF">tunnel</B> testing</h2>
<h2>Adjust the tunnel testing</h2>
<p>Rather than going with the fairly random scheme we have now, we should use a more context aware algorithm for testing tunnels. e.g. if we already know its passing valid data correctly, there's no need to test it, while if we haven't seen any data through it recently, perhaps its worthwhile to throw some data its way. This will reduce the <B style="color:black;background-color:#A0FFFF">tunnel</B> contetion due to excess messages, as well as improve the speed at which we detect - and address - failing tunnels.</p>
<p>Rather than going with the fairly random scheme we have now, we should use a more context aware algorithm for testing tunnels. e.g. if we already know its passing valid data correctly, there's no need to test it, while if we haven't seen any data through it recently, perhaps its worthwhile to throw some data its way. This will reduce the tunnel contetion due to excess messages, as well as improve the speed at which we detect - and address - failing tunnels.</p>
<h2>Compress some data structures</h2>
@ -56,6 +56,6 @@
<h2>Implement full streaming protocol</h2>
<p>The ministreaming protocol takes advantage of a poor design decision in the <B style="color:black;background-color:#ffff66">I2P</B> client procotol (I2CP) - the exposure of "mode=GUARANTEED", allowing what would otherwise be an unreliable, best-effort, message based protocol to be used for reliable, blocking operation (under the covers, its still all unreliable and message based, with the router providing delivery guarantees by garlic wrapping an "ack" message in with the payload, so once the data gets to the target, the ack message is forwarded back to us [through tunnels, of course]).</p>
<p>The ministreaming protocol takes advantage of a poor design decision in the I2P client procotol (I2CP) - the exposure of "mode=GUARANTEED", allowing what would otherwise be an unreliable, best-effort, message based protocol to be used for reliable, blocking operation (under the covers, its still all unreliable and message based, with the router providing delivery guarantees by garlic wrapping an "ack" message in with the payload, so once the data gets to the target, the ack message is forwarded back to us [through tunnels, of course]).</p>
<p>As I've <a href="http://i2p.net/pipermail/i2p/2004-March/000167.html">said</a>, having I2PTunnel (and the ministreaming lib) go this route was the best thing that could be done, but more efficient mechanisms are available. When we rip out the "mode=GUARANTEED" functionality, we're essentially leaving ourselves with an I2CP that looks like an anonymous IP layer, and as such, we'll be able to implement the streaming library to take advantage of the design experiences of the TCP layer - selective ACKs, congestion detection, nagle, etc.</p>

4
pages/roadmap.html
View File

@ -26,7 +26,7 @@
<h2>0.4.1 (July)</h2>
<ul>
<li><a href="/node/view/164?PHPSESSID=933181d1da8229467d99aad215034076">AMOC</a> transport to allow people behind firewalls/etc to fully participate in <B style="color:black;background-color:#ffff66">I2P</B></li>
<li><a href="/node/view/164?PHPSESSID=933181d1da8229467d99aad215034076">AMOC</a> transport to allow people behind firewalls/etc to fully participate in I2P</li>
<li>Bandwidth limiter functional</li>
<li>Router throttling code (detect/adapt to overload by refusing tunnels, shrinking # connections, minimizing networkDb activity)</li>
@ -57,7 +57,7 @@
<h2>3.0 (December)</h2>
<ul>
<li>Sender defined message delays</li>
<li>Creator defined <B style="color:black;background-color:#A0FFFF">tunnel</B> mixing and pooling of messages, as well as optional chaff messages</li>
<li>Creator defined tunnel mixing and pooling of messages, as well as optional chaff messages</li>
<li>(Mixminion integration?) </li>
</ul>

4
pages/team.html
View File

@ -57,7 +57,7 @@
</tr>
<tr>
<td valign="top" align="left">eco</td>
<td valign="top" align="left"><i>i2psnark - bittorrent over <B style="color:black;background-color:#ffff66">I2P</B></i></td>
<td valign="top" align="left"><i>i2psnark - bittorrent over I2P</i></td>
</tr>
<tr>
<td valign="top" align="left">shendaras</td>
@ -184,6 +184,6 @@
<p />
<p>
We are very open to other developers who want to get involved and anyone else who would like to contribute in other ways, such as critiques, peer review, testing, writing <B style="color:black;background-color:#ffff66">I2P</B> enabled applications, or documentation. Almost everything is written in Java (1.3+), though some third party applications are being written in Python. The code generally works on <a href="http://www.kaffe.org/">Kaffe</a>, and <a href="http://gcc.gnu.org/java/">GCJ</a> support is slated for the 1.1 release.
We are very open to other developers who want to get involved and anyone else who would like to contribute in other ways, such as critiques, peer review, testing, writing I2P enabled applications, or documentation. Almost everything is written in Java (1.3+), though some third party applications are being written in Python. The code generally works on <a href="http://www.kaffe.org/">Kaffe</a>, and <a href="http://gcc.gnu.org/java/">GCJ</a> support is slated for the 1.1 release.
</p>