Changeset 10165

Timestamp:

01/10/08 03:42:18 (2 years ago)

Author:

dave

Message:

explicitly state XOR's should be peer IP-port aligned.
include proposal of 'httpo'.
massage text.

Files:

• dotorg/trunk/html/tracker_peer_obfuscation.rst (modified) (3 diffs)

dotorg/trunk/html/tracker_peer_obfuscation.rst

@@ -2 +2 @@
 ==================================
 
-This extension extends the tracker protocol to support simple obfuscation
+This extends the tracker protocol to support simple obfuscation
 of the peers it returns, using the info hash as a shared secret between
 the peer and the tracker. The obfuscation does not provide any security
 against eavesdroppers that know the info-hash of the torrent, it does
-however make it a lot harder for an eavesdropper to listen on tracker
+however make it a harder for an eavesdropper to listen on tracker
 traffic in general to pick up the responses.
 
 The goal is to prevent internet service providers and other network
-administrators to block or disrupt bittorrent traffic in general. It
-will leave the possibility to block or disrupt bittorrent traffic for
-a certain torrent (given the attacker knows the info-hash).
+administrators from blocking or disrupting bittorrent traffic 
+connections that span between the receiver of a tracker response and any peer 
+IP-port appearing in that tracker response.
 
 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
@@ -43 +43 @@
 same as if the ``info_hash`` was passed, except that any field that contains
 peer information (such as ``peers``, ``peers6`` or any other field defined
-by another extension) MUST be bit-wise XORed by the info-hash.
+by another extension) MUST be bit-wise XORed by the info-hash.  So that
+XORed peer lists can be precomputed and retained in tracker memory 
+without sacrificing the tracker's ability to return a random subset of
+peers, each ip-port pair MUST be XORed independently aligned to the 
+beginning of the infohash.
 
 In the case ``peers`` (or another filed containing peer info) is not a single
@@ -53 +57 @@
 -----------------------
 
+Trackers that support obfuscation are identified in the .torrent file
+by the inclusion of the letter 'o' following 'http' in the URL, e.g.,
+httpo://tracker.bittorrent.com.  
+
 A client that is configured to use this extension should always send the
-``xor_ih`` to any new tracker first. If it fails, the standard ``info_hash``
-parameter should be used instead. It is important to never send both
-parameters in the same request, since that would defeat the purpose with
-the shared secret (since the secret would be sent in plain text in the announce).
+``xor_ih`` to any tracker supporting 'o'.   Peers that do not recognize
+the 'httpo' will not contact that tracker.   If the tracker wishes
+to allow legacy peers to connect to the tracker then the announce
+URL should appear twice in the announce list.  Once with the 'httpo' and 
+once with 'http'.  Even if a tracker appears twice in the announce list,
+if the tracker appears with an 'httpo' protocol in any announce URL, then
+peers that support obfuscation SHOULD NOT query the tracker without 
+obfuscation since this would enable an attack where ISPs always discard 
+the first tracker request.
+
+Peers SHOULD never send both infohash and XOR'd infohash
+parameters in the same request, since that would defeat the purpose of 
+the shared secret.
 
 rationale
 ---------
 
-The reason to XOR the info-hash with itself is because the tracker then
-only needs one extra lookup table for XORed hashes. Instead of applying
-a scheme where a shared secret is exchanged. This will add no computational
-overhead on the tracker for the torrent lookup.
+By XORing the info-hash with itself the tracker is able to identify
+torrents without sending the plaintext infohash and without
+requiring an additional prior exchange of a shared secret.
+Where trackers now maintain mappings from infohash to the 
+corresponding torrent's peerlist and other torrent-specific state.  
+Trackers would need one additional mapping from XORed infohash to 
+the existing torrent's state.   If XORed peerlists are precomputed then
+this method adds no computational overhead when a peer queries the
+tracker for a peerlist.
+
+This method requires decidedly less computational or communication
+overhead than SSH or similar symmetric encryption methods.
+
 
 authors