Public Peer Review requests!

Lance James 0x90 at invisiblenet.net
Wed Sep 3 16:05:02 EDT 2003


InvisibleNet has formed the Invisible Internet Project (I2P) to support
the efforts of those trying to build a more free society by offering
them an uncensorable, anonymous, and secure communication system.  I2P
is a development effort producing a variable latency, fully distributed,
 autonomous, scalable, anonymous, resilient, and secure network.  The
goal is to be able to operate successfully in arbitrarily hostile
environments
- even when an organization with unlimited financial and political resources
attacks it.

I2P is not a filesharing app.  I2P is essentially an anonymizing and
secure replacement IP stack, running on top of the existing network.
There has already been progress made in writing applications on top of
the network to enable generic TCP/IP applications to tunnel through the
network transparently, as well as to enable nym lookup and management
- two applications which, when paired together, would allow any web browser
to point at http://www.[yournym].iip/ and communicate with your webserver
anonymously and securely.  There are many more ideas for what I2P could
be used for, and its certain we won't think of the most interesting ones.

I2P is an absurdly ambitious effort.  Depending on what mailing lists
you read or people you talk with, they'll either say its impossible or
just insanely hard.  To be perfectly frank, I2P by itself doesn't contribute
anything really significant to the CS/P2P research community, but it
does take the great work of other projects and research efforts - such
as freenet, iip, kademlia, mnet, tarzan, the remailers, and many, many
more - and attempts to apply good software engineering techniques to
provide hard anonymity and security in a variable latency network.

"Variable latency" is repeated so often because I2P doesn't try to operate
with a one size fits all set of anonymity and security constraints, and
different people will require different tradeoffs.  Bin Laden will probably
not be able to pull off live streaming video, but Joe and Jane Sixpack
and should be able to.

Is I2P ready to download and run with?  No.  So why bother mentioning
it?  Because we need more critical eyes to make sure we address the right
issues the right ways.  We think we've got things pegged so that it'll
not only work, but also be secure and anonymous.  We're moving forward
on the development path towards getting an alpha network release out
the door, but we need these specs reviewed for flaws that we've missed.
 Of course, we also need lots of other things, from coders to documenters
to QA to network simulators to CS people, but it is your eyeballs that
we're calling out for today.

What we have ready for review:

- Invisible Internet Network Protocol (I2NP) spec[1], describing how
network "routers" operate and what messages they send to other routers

- Common Data Structures spec[2], describing the serialization of objects
described in other specs, as well as the encryption algorithms used.

- Invisible Internet Client Protocol (I2CP) spec[3], describing a simple
local client protocol for making use of the network.

- Polling HTTP Transport spec[4], an example transport protocol for use
with I2NP to allow actual communication between routers, regardless of
firewall, NAT, or HTTP proxy.

We also have the 0.2 release of a software development kit (I2P SDK)[5],
 which includes everything necessary to design, develop, and test
applications
to run over the network, as well as all of the above specs. It includes
a Java client API implementing I2CP, a sample application (ATalk, a one
to one chat app that supports file transfer), a Java router, and a Python
router.  There are also C and Python client API implementations of I2CP
are on the way.  These router are "local only" - meaning they don't talk
to other routers.  This can be used in the same way we can build normal
networked applications - by running the server on the local machine and
pointing the applications at it.

We've been keeping this quiet because its too easy to hype up a vaporware
product and we wanted to wait until there was something worth reading
about before saying anything.  So please read these specs and send in
your comments - either to info at invisiblenet.net or to the iip-dev mailing
list[6].  Perhaps even jump on that list if you want to discuss things
(archives are linked to from the web page), browse the wiki[7], or join
us on IIP for development meetings - every tuesday at 9P GMT in #iip-
dev (archives[8] since meeting 48 are pretty
much I2P specific).

Thanks for your time, and we look forward to any responses.
- The InvisibleNet team




[1] http://www.invisiblenet.net/i2p/I2NP_spec.pdf
[2] http://www.invisiblenet.net/i2p/datastructures.pdf
[3] http://www.invisiblenet.net/i2p/I2CP_spec.pdf
[4] http://www.invisiblenet.net/i2p/polling_http_transport.pdf
[5] http://www.invisiblenet.net/i2p/I2P_SDK.zip
[6] http://www.invisiblenet.net/iip/devMailinglist.php
[7] http://wiki.invisiblenet.net/iip-wiki?I2P
[8] http://wiki.invisiblenet.net/iip-wiki?Meetings





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list