Changeset 10891

Timestamp:

02/19/2008 03:44:01 PM (10 months ago)

Author:

dave

Message:

ip and port number in announce is now also obscured.

Files:

• dotorg/trunk/html/beps/bep_0008.rst (modified) (12 diffs)

dotorg/trunk/html/beps/bep_0008.rst

@@ -23 +23 @@
 
 
-Announce Parameter
-==================
+Announce Parameters
+===================
 
 When using this extension, instead of passing the ``info_hash`` parameter
@@ -39 +39 @@
 ``sha_ih`` above when url encoded becomes
 ``kO%89%A5N-%27%EC%D7%E8%DA%05%B4%AB%8F%D9%D1%D8%B1%19``.
+
+If the ``sha_ih`` is passed then the value for the ``port`` parameter
+should be treated as a 16 bit integer and must be obscured in the same
+manner as the peer list as described in the `Obfuscation Method`_
+section.  Similarly if the optional ``ip`` parameter is passed in the
+announce then its value MUST also be so oscured.
 
 This extension does not change the semantics of any parameter passed
@@ -55 +61 @@
 These are discussed in the optimizations_ section.
 
-Peer List Obfuscation
-=====================
+Obfuscation Method
+==================
+
+The values for the``ip`` and ``port`` announce parameters, the
+*returned peer list* and any other values that contain peer
+information are obscured using the method described in this section.
 
 We distinguish between the *tracker peer list* and the *returned peer
@@ -68 +78 @@
 of the ip-port pairs in the *tracker peer list*.
 
-The returned peer list is encrypted using RC4-drop768 encryption using
-the infohash as a shared secret and optionally employing an
-initialization vector.
+When a parameter is obscured, it is encrypted using RC4-drop768
+encryption using the infohash as a shared secret and optionally
+employing an initialization vector.  
 
 For the remainder of this document RC4 refers to RC4-drop768.  In the
@@ -82 +92 @@
 
 To communicate an initialization vector, the tracker includes in the
-bencoded response the key ``iv`` with value set to a byte string
+bencoded response the parameter ``iv`` with value set to a byte string
 containing the initialization vector.  The initialization vector can
-be of arbitrary length and is sent in plaintext.
+be of arbitrary length and is sent in plaintext.  Initialization
+vectors can only be applied to parameters in tracker responses and NOT
+to announces.
 
 If the tracker sends no initialization vector then the infohash is
@@ -134 +146 @@
 
 The tracker MAY also cache the encrypted tracker peer list.  To
-support this the tracker MUST pass two additional keys *i* and *n*
+support this the tracker MUST pass two additional parameters *i* and *n*
 each with 32-bit integer values, except the tracker MAY omit *i* and
 *n* when *i=0* and the *returned peer list* is the entire *tracker peer
@@ -149 +161 @@
 arbitrarily long pseudorandom string to support large swarms, we
 assume the tracker bounds the length of the pseudorandom string and
-reports the length in ip-port pairs as the value to key *n*.  *n*
+reports the length in ip-port pairs as the value to parameter *n*.  *n*
 excludes reserved and discarded bytes.  We RECOMMEND that *n* be equal
 to the length of the tracker peer list or random but within constant
@@ -166 +178 @@
 
    **Figure 1:** The first 768 bytes of the RC4 pseudorandom
-   string are discarded.  The key *i* in the tracker response has
-   value ``x xor i``.  The key *n* has value ``y xor n``.
+   string are discarded.  The parameter *i* in the tracker response has
+   value ``x xor i``.  The parameter *n* has value ``y xor n``.
 
 We describe encryption in the following example for an ipv4 tracker peer 
@@ -216 +228 @@
 Trackers that support obfuscation are identified in the .torrent file
 by the inclusion of an ``obfuscate-announce-list`` which otherwise has the 
-same semantics as the ``announce-list`` key.  Peers that do not support
+same semantics as the ``announce-list`` parameter.  Peers that do not support
 obfuscation simply ignore the ``obfuscate-announce-list``.  
 
@@ -289 +301 @@
 
 - The entire plaintext of the peer list is not easily obtained even if
-  an eavesdropper identifies ip-port pairs from subsequent connections
-  initiated by a peer that has received a tracker response.
+  an eavesdropper identifies one or more subsequent connections as
+  using BitTorrent and the corresponding ip-port pairs appeared in the
+  ciphertext of the tracker response.
 
 - Even when a subsequent connection from a peer that has received a 
@@ -315 +328 @@
 and subsequent connections, it is possible to attack the encryption.
 RC4 is known to have a number of weaknesses especially in the way it
-was used with WEP [#Borisov]_ [#Scott]_ [#Stubblefeld]_.  However,
-with tracker peer obfuscation, the number of bytes transferred between
-the tracker and a client is likely significantly smaller than transferred
+is used with WEP [#Borisov]_ [#Scott]_ [#Stubblefeld]_.  However, with
+tracker peer obfuscation, the number of bytes transferred between the
+tracker and a client is likely significantly smaller than transferred
 between a wireless computer and a basestation.  An attacker faces a
-much larger task in obtaining sufficient probable plaintext to
-directly break the encryption.
+much larger task in obtaining sufficient ciphertext to directly break
+the encryption.
 
 Hobbling the RC4 encryption by using a bounded-length RC4 pseudorandom
@@ -336 +349 @@
 peer-to-peer communication is available to network operators.
 
-For larger swarms, hobbling RC4 may more significantly impact breaking
-the encryption since the same pseudorandom string is used repeatedly
-across the peer list.  Some study is in order on this point taking
-into account that the tracker can periodically change intiailization
-vectors.
+For larger swarms, hobbling RC4 may simplify breaking the encryption
+since the same pseudorandom string is used repeatedly across the peer
+list.  Some study is in order taking into account that the tracker can
+periodically change intiailization vectors.
 
 We know from experience that periodically reshuffling peer lists on