chiark
/
gitweb
/
~ian
/
hippotat.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
replace plaintext secret transmission with time-limited hmac-based bearer tokens
[hippotat.git]
/
PROTOCOL
diff --git
a/PROTOCOL
b/PROTOCOL
index 4e07db163296421c402714f8858a0059a1e5725a..e18cf0e1554da169e6ffdcd8994ba3a727f8c17c 100644
(file)
--- a/
PROTOCOL
+++ b/
PROTOCOL
@@
-8,7
+8,9
@@
from the queue and returns them as the POST response body payload
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
-Authentication: for now, plaintext secret
+Authentication: clock-based lifetime-limited bearer tokens.
+
+Encryption and integrity checking: none. Use a real VPN over this!
Routing assistance: none in hippotat; can be requested on client
from userv-ipif via `vroutes' parameter. Use with secnet polypath
Routing assistance: none in hippotat; can be requested on client
from userv-ipif via `vroutes' parameter. Use with secnet polypath
@@
-17,12
+19,16
@@
Routing assistance: none in hippotat; can be requested on client
Client form parameters (multipart/form-data):
m metadata, newline-separated list (text file) of
client ip address (textual)
Client form parameters (multipart/form-data):
m metadata, newline-separated list (text file) of
client ip address (textual)
- password
+ token
target_requests_outstanding
http_timeout
d data (SLIP format, with SLIP_ESC and `-' swapped)
target_requests_outstanding
http_timeout
d data (SLIP format, with SLIP_ESC and `-' swapped)
+Authentication token is:
+ <time_t in hex with no leading 0s> <hmac in base64>
+(separated by a single space). The hmac is
+ HMAC(secret, <time_t in hex>)
Possible future nonce-based authentication:
Possible future nonce-based authentication: