1 Server maintains a queue of outbound packets for each user
3 Packets which are older than the applicable max_queue_time are discarded
5 Each incoming request to the server takes up to max_batch_down bytes
6 from the queue and returns them as the POST response body payload
8 Each incoming request contains up to max_batch_up bytes of payload.
9 It's a multipart/form-data.
11 Authentication: clock-based lifetime-limited bearer tokens.
13 Encryption and integrity checking: none. Use a real VPN over this!
15 Routing assistance: none in hippotat; can be requested on client
16 from userv-ipif via `vroutes' parameter. Use with secnet polypath
17 ideally uses the special support in secnet 0.4.x.
19 Client form parameters (multipart/form-data):
20 m metadata, newline-separated list (text file) of
21 client ip address (textual)
23 target_requests_outstanding
27 d data (SLIP format, with SLIP_ESC and `-' swapped)
30 Authentication token is:
31 <time_t in hex with no leading 0s> <hmac in base64>
32 (separated by a single space). The hmac is
33 HMAC(secret, <time_t in hex>)
34 and the hash function is SHA256
37 Possible future nonce-based authentication:
39 server keeps big nonce counter for each client
41 nonce counter is most recent nonce client has sent
42 also server keeps bitmap of the previous ?64 nonces,
43 whether client has sent them
45 difficult because client-generated nonces would have to never go
46 backwaards which basically means never-rewinding state on the client.