| 1 | tracker peer obfuscation extension |
|---|
| 2 | ================================== |
|---|
| 3 | |
|---|
| 4 | This extends the tracker protocol to support simple obfuscation |
|---|
| 5 | of the peers it returns, using the info hash as a shared secret between |
|---|
| 6 | the peer and the tracker. The obfuscation does not provide any security |
|---|
| 7 | against eavesdroppers that know the info-hash of the torrent, it does |
|---|
| 8 | however make it a harder for an eavesdropper to listen on tracker |
|---|
| 9 | traffic in general to pick up the responses. |
|---|
| 10 | |
|---|
| 11 | The goal is to prevent internet service providers and other network |
|---|
| 12 | administrators from blocking or disrupting bittorrent traffic |
|---|
| 13 | connections that span between the receiver of a tracker response and any peer |
|---|
| 14 | IP-port appearing in that tracker response. |
|---|
| 15 | |
|---|
| 16 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", |
|---|
| 17 | "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are |
|---|
| 18 | to be interpreted as described in IETF `RFC 2119`_. |
|---|
| 19 | |
|---|
| 20 | .. _`RFC 2119`: http://tools.ietf.org/html/rfc2119 |
|---|
| 21 | |
|---|
| 22 | |
|---|
| 23 | announce parameter |
|---|
| 24 | ------------------ |
|---|
| 25 | |
|---|
| 26 | When using this extension, instead of passing the ``info_hash`` parameter |
|---|
| 27 | to the tracker, an ``xor_ih`` is passed. |
|---|
| 28 | |
|---|
| 29 | The value of ``xor_ih`` MUST be the info-hash of the torrent, bit-wise XORed |
|---|
| 30 | with the byte-wise reverse of itself. |
|---|
| 31 | |
|---|
| 32 | For example. If the info-hash is ``0102030405060708090a0b0c0d0e0f1011121314`` |
|---|
| 33 | (hex encoded), the value passed as the ``xor_ih`` should be: |
|---|
| 34 | ``0102030405060708091011121314`` XOR ``1413121110090807060504030201``. The |
|---|
| 35 | value MUST be url encoded, just like the ``info_hash``. |
|---|
| 36 | |
|---|
| 37 | This extension does not change the semantics of any parameter. |
|---|
| 38 | |
|---|
| 39 | announce response |
|---|
| 40 | ----------------- |
|---|
| 41 | |
|---|
| 42 | If the tracker supports this extension, the response should be exactly the |
|---|
| 43 | same as if the ``info_hash`` was passed, except that any field that contains |
|---|
| 44 | peer information (such as ``peers``, ``peers6`` or any other field defined |
|---|
| 45 | by another extension) MUST be bit-wise XORed by the info-hash. So that |
|---|
| 46 | XORed peer lists can be precomputed and retained in tracker memory |
|---|
| 47 | without sacrificing the tracker's ability to return a random subset of |
|---|
| 48 | peers, each ip-port pair MUST be XORed independently aligned to the |
|---|
| 49 | beginning of the infohash. |
|---|
| 50 | |
|---|
| 51 | In the case ``peers`` (or another filed containing peer info) is not a single |
|---|
| 52 | string, only the strings which contain the addresses and ports MUST be XORed. |
|---|
| 53 | |
|---|
| 54 | The tracker response MUST remain a valid bencoded message. |
|---|
| 55 | |
|---|
| 56 | backwards compatibility |
|---|
| 57 | ----------------------- |
|---|
| 58 | |
|---|
| 59 | Trackers that support obfuscation are identified in the .torrent file |
|---|
| 60 | by the inclusion of the letter 'o' following 'http' in the URL, e.g., |
|---|
| 61 | httpo://tracker.bittorrent.com. |
|---|
| 62 | |
|---|
| 63 | A client that is configured to use this extension should always send the |
|---|
| 64 | ``xor_ih`` to any tracker supporting 'o'. Peers that do not recognize |
|---|
| 65 | the 'httpo' will not contact that tracker. If the tracker wishes |
|---|
| 66 | to allow legacy peers to connect to the tracker then the announce |
|---|
| 67 | URL should appear twice in the announce list. Once with the 'httpo' and |
|---|
| 68 | once with 'http'. Even if a tracker appears twice in the announce list, |
|---|
| 69 | if the tracker appears with an 'httpo' protocol in any announce URL, then |
|---|
| 70 | peers that support obfuscation SHOULD NOT query the tracker without |
|---|
| 71 | obfuscation since this would enable an attack where ISPs always discard |
|---|
| 72 | the first tracker request. |
|---|
| 73 | |
|---|
| 74 | Peers SHOULD never send both infohash and XOR'd infohash |
|---|
| 75 | parameters in the same request, since that would defeat the purpose of |
|---|
| 76 | the shared secret. |
|---|
| 77 | |
|---|
| 78 | rationale |
|---|
| 79 | --------- |
|---|
| 80 | |
|---|
| 81 | By XORing the info-hash with itself the tracker is able to identify |
|---|
| 82 | torrents without sending the plaintext infohash and without |
|---|
| 83 | requiring an additional prior exchange of a shared secret. |
|---|
| 84 | Where trackers now maintain mappings from infohash to the |
|---|
| 85 | corresponding torrent's peerlist and other torrent-specific state. |
|---|
| 86 | Trackers would need one additional mapping from XORed infohash to |
|---|
| 87 | the existing torrent's state. If XORed peerlists are precomputed then |
|---|
| 88 | this method adds no computational overhead when a peer queries the |
|---|
| 89 | tracker for a peerlist. |
|---|
| 90 | |
|---|
| 91 | This method requires decidedly less computational or communication |
|---|
| 92 | overhead than SSH or similar symmetric encryption methods. |
|---|
| 93 | |
|---|
| 94 | |
|---|
| 95 | authors |
|---|
| 96 | ------- |
|---|
| 97 | |
|---|
| 98 | | `Greg Hazel`__ |
|---|
| 99 | | `David Harrison`__ |
|---|
| 100 | | `Arvid Norberg`__ |
|---|
| 101 | | `Anthony Ciani`__ |
|---|
| 102 | |
|---|
| 103 | .. __: mailto:greg@bittorrent.com |
|---|
| 104 | .. __: mailto:dave@bittorrent.com |
|---|
| 105 | .. __: mailto:arvid@bittorrent.com |
|---|
| 106 | .. __: mailto:tony@ciani.phy.uic.edu |
|---|
