Server maintains a queue of outbound packets for each user Packets which are older than the applicable max_queue_time are discarded Each incoming request to the server takes up to max_batch_down bytes from the queue and returns them as the POST response body payload Each incoming request contains up to max_batch_up bytes of payload. It's a multipart/form-data. Authentication: for now, plaintext password Routing assistance: none needed; secnet polypath will DTRT Client form parameters (multipart/form-data): m metadata, newline-separated list (text file) of client ip address (textual) password target_requests_outstanding http_timeout d data (SLIP format, with SLIP_ESC and `-' swapped) Future nonce-based authentication: server keeps big nonce counter for each client meaning is: nonce counter is most recent nonce client has sent also server keeps bitmap of the previous ?64 nonces, whether client has sent them client picks.... xxx