X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=PROTOCOL;fp=PROTOCOL;h=0000000000000000000000000000000000000000;hb=67428fbe03098743b6128f42d2cb5e9d08b7ccb3;hp=eea9c5b805e7bc9133edf1a861005e13fe99a292;hpb=0f6744bc86924cb7533e57a6a58fc310119103ae;p=hippotat.git diff --git a/PROTOCOL b/PROTOCOL deleted file mode 100644 index eea9c5b..0000000 --- a/PROTOCOL +++ /dev/null @@ -1,47 +0,0 @@ -Server maintains a queue of outbound packets for each user - -Packets which are older than the applicable max_queue_time are discarded - -Each incoming request to the server takes up to max_batch_down bytes -from the queue and returns them as the POST response body payload - -Each incoming request contains up to max_batch_up bytes of payload. -It's a multipart/form-data. - -Authentication: clock-based lifetime-limited bearer tokens. - -Encryption and integrity checking: none. Use a real VPN over this! - -Routing assistance: none in hippotat; can be requested on client - from userv-ipif via `vroutes' parameter. Use with secnet polypath - ideally uses the special support in secnet 0.4.x. - -Client form parameters (multipart/form-data): - m metadata, newline-separated list (text file) of - client ip address (textual) - token - target_requests_outstanding - http_timeout - mtu } not supplied - max_batch_down } by older - max_batch_up } clients - d data (SLIP format, with SLIP_ESC and `-' swapped) - - -Authentication token is: - -(separated by a single space). The hmac is - HMAC(secret, ) -and the hash function is SHA256 - - -Possible future nonce-based authentication: - -server keeps big nonce counter for each client -meaning is: - nonce counter is most recent nonce client has sent -also server keeps bitmap of the previous ?64 nonces, - whether client has sent them - -difficult because client-generated nonces would have to never go -backwaards which basically means never-rewinding state on the client.