i2p.www/www.i2p2/pages/techintro_fr.html

{% extends "_layout_fr.html" %}
{% block title %}Présentation d'I2P{% endblock %}
{% block content %}

  <center>
    <b class="title"> 
    <h1>I2P: <font size="3">Une plate-forme modulaire pour la communication anonyme</font></h1>
    </b> 
  </center>
Traduction (en cours) de mars 2011. <a href="techintro.html">Version anglaise actuelle</a>
  <div id="toc">
    <h2>Table des matières</h2>
      <ul>
        <li><a href="#intro">Introduction</a></li>
        <li>
              <a href="#op">Fonctionnement d'I2P</a>
              <ul>
                <li><a href="#op.overview">Aperçu</a></li>
                <li><a href="#op.tunnels">Tunnels</a></li>
                <li><a href="#op.netdb">Base de donnée du réseau</a></li>
                <li><a href="#op.transport">Protocoles de transport </a></li>
                <li><a href="#op.crypto">Cryptographie</a></li>
              </ul>
        </li>
      </ul>
  </div> 

  <br/>
  <h1 id="intro">Introduction</h1>
  <p>
    I2P est une couche réseau par paquets commutée, modulaire, à tolérance de panne, auto-adaptative, et anonyme 
    sur laquelle peuvent fonctionner n'importe quel nombre d'applications conçues pour l'anonymat ou la sécurité. 
    Chacune de ces applications peut gérer ses propres contraintes d'anonymat, de latence et de débit, 
    sans avoir à se soucier d'une implémentation correcte d'un  
    <a href="http://en.wikipedia.org/wiki/Mix_network">réseau croisé (mixnet)</a> 
    d'accès libre qui leur permet de mêler leur activité au grand groupe d'utilisateurs anonymisés
 déjà présents sur I2P.
  </p>
  <p>
    Des applications d'ores et déjà disponibles offrent un large éventail de fonctionnalités Internet classiques 
    <b>mais anonymes</b>: exploration web, hébergement, chat, partage de fichiers, e-mail,
    blogs et publications simultanées, newsgroups, tout comme plusieurs autres applications en cours de développement.
    <ul>
      <li>Exploration web: en utilisant tout navigateur compatible avec un serveur mandataire (proxy).</li>
      <li>Chat: IRC, Jabber, <a href="#app.i2pmessenger">I2P-messenger</a>, ou tout autre compatible proxy.</li>
      <li>Partage de fichiers: <a href="#app.i2psnark">I2PSnark</a>, <a href="#app.robert">Robert</a>,
        <a href="#app.i2phex">I2Phex</a>, <a href="#app.pybit">PyBit</a>, <a href="#app.i2pbt">I2P-bt</a>
        et d'autres.
      </li>
      <li>E-mail: <a href="#app.i2pmail">susimail</a> et <a href="#app.i2pbote">I2P-Bote</a>.</li>
      <li>Newsgroups: via un lecteur de newsgroups compatible proxy.</li>
    </ul>
  <p>
    Contrairement aux sites web hébergés sur des réseaux de distribution de contenu comme 
    <a href="#similar.freenet">Freenet</a> ou <a href="http://www.ovmj.org/GNUnet/">GNUnet</a>, 
    les services hébergés sur I2P sont totalement interactifs: il y des moteurs de recherches traditionnels, 
    des BBS, des blogs sur lesquels vous pouvez déposer des commentaires, des sites pilotés par bases de données, 
    et des ponts pour interroger les systèmes statiques comme Freenet sans devoir en faire une installation locale. 
  </p>
  <p>
    Grâce à toutes ces applications prenant l'anonymat en considération, I2P prend le rôle 
    de plaque tournante "orientée messages": les applications demandent à envoyer des données 
    à un identifiant cryptographique (une "destination") et I2P prend soin de s'assurer qu'elles 
    y parviennent en toute sécurité et anonymat. I2P fournit aussi une bibliothèque simple pour les 
    <a href="#app.streaming">flux</a> (streaming) pour permettre le transfert fiable et ordonné de messages 
    de flux anonymes, en offrant de façon transparente un algorithme de contrôle de congestion basé sur TCP 
    et optimisé pour les applications à haute bande passante au sein réseau. 
    Bien qu'il y ait eu plusieurs simple mandataires SOCKS disponibles pour attirer des applications existantes 
    dans le réseau, leur intérêt a été limité car preque toutes exposent intrinsèquement ce qui, du point de vue 
    de l'anonymat, s'avère être des informations sensibles. La seule façon d'avancer est d'analyser complètement  
    une application pour s'assurer d'un fonctionnement irréprochable, et pour y aider, nous fournissons 
    une série d'API dans divers langages, qui permettent d'en faire le plus possible en dehors du réseau.
  </p> 
  <p>
    I2P n'est pas un projet de recherche (universitaire, commercial, ou gouvernemental), mais un effort 
    d'ingénierie dont le but est de faire tout le nécessaire pour assurer  
    un niveau d'anonymat suffisant à ceux qui en ont besoin. Il est en développement actif 
    depuis les débuts de 2003 avec un développeur à temps plein et un groupe dédié de  
    contributeurs à temps partiel répartis dans le monde entier. Tout le travail fourni pour I2P 
    est "open source" et gratuitement disponible sur le <a href="index_fr.html">site</a>, 
    pour lequel la plus grande partie du code est publié directement dans le domaine public, bien que 
    faisant usage de quelques routines cryptographiques sous licences de style BSD. L'équipe d'I2P 
    ne contrôle pas le cadre légal de publication des applications tierce partie. Il y a plusieurs  
    applications disponibles sous licence GPL (<a href="#app.i2ptunnel">I2PTunnel</a>, 
    <a href="#app.i2pmail">susimail</a>, <a href="#app.i2psnark">I2PSnark</a>, 
    <a href="#app.i2phex">I2Phex</a> et d'autres).
    Le <a href="http://www.i2p.net/halloffame">financement</a> d'I2P vient entièrement de dons,
    et ne bénéficie pour l'instant d'aucune dispense d'impôts de la part de quelque juridiction que ce soit,
    vu que la plupart des développeurs sont anonymes.
  </p>
  <h1 id="op">Fonctionnement</h1>
  <h2 id="op.overview">Aperçu</h2>
  <p>
    Pour comprendre le fonctionnement d'I2P, quelques concepts fondamentaux sont prérequis. 
    Tout d'abord, I2P fait une séparation stricte entre le logiciel participant au réseau  
    (un "routeur") et les point terminaux anonymes (les "destinations") associés aux applications particulières.
    Que quelqu'un utilise I2P n'est généralement pas un secret. Ce qui est caché, c'est 
    c'est tout ce que l'utilisateur en fait, aussi bien qu'à quelle destination particulière le routeur est connecté. 
    En général, l'utilisateur dispose sur son routeur de plusieurs destinations locales: une, par exemple, 
    pour se connecter en proxy aux serveurs IRC, une autre pour héberger son propre site Internet  
    anonyme ("eepsite"), une autre pour une instance I2Phex, une autre encore pour les torrents, etc...
  </p>
  <p>
    Un autre concept majeur est celui de "tunnel".
    Un tunnel un chemin orienté passant par une liste de routeurs explicitement sélectionnés.
    Un cryptage en couches est utilisé pour que chacun des routeurs n'en puisse décrypter qu'une seule.
    L'information décryptée contient l'IP du routeur suivant, avec l'information cryptée à faire suivre.
    Chaque tunnel a un point de départ (le premier routeur, appelé "passerelle")
    et un point terminal. Les messages ne peuvent être envoyés que dans un seul sens. Pour les réponses, 
    un autre tunnel est nécessaire.
  </p>
  <center>
    <div class="box">
      <img src="_static/images/tunnels_fr.png" alt="Schéma de tunnels entrant et sortant" 
      title="Schéma de tunnels entrant et sortant" />
      <br /><br />
      Figure 1: Les deux types de tunnels: entrant et sortant.
    </div>
  </center><br/>
  <p>
    Il y deux types de tunnels:
    Les <b>tunnels "sortants"</b> expédient des messages depuis le créateur du tunnel, alors
    que les <b>tunnels "entrants"</b> ramènent des messages vers le créateur du tunnel.
    La combinaison de ces deux tunnels permet aux utilisateurs de s'envoyer des messages les uns aux autres.
    L'expéditeur ("Alice" dans l'illustration ci-dessus) crée un tunnel sortant,
    et le récepteur ("Bob" ci-dessus) crée un tunnel entrant.
    La passerelle d'un tunnel entrant peut recevoir des messages de n'importe quel autre utilisateur
    et les envoie jusqu'au point terminal ("Bob").
    Le point terminal du tunnel sortant devra pouvoir envoyer le message vers la passerelle du tunnel entrant.
    Pour le permettre, l'expéditeur ("Alice") ajoute à son message crypté des instructions cryptées à l'intention 
    du point terminal sortant. Une fois décryptées par celui-ci, il dispose alors des informations nécessaires 
    au tranfert vers la bonne passerelle entrante (la passerelle vers "Bob").
  </p>
  <p>
    Le troisième concept fondamental est la <b>"base de données"</b> I2P (ou "netDb"): 
    une paire d'algorithmes utilisés pour le partage des métadonnées du réseau. Les deux types de métadonnées 
    transportées sont la <b>"routerInfo"</b> et les <b>"jeux de baux"</b> (leaseSets): 
    la routerInfo donne aux routeurs les données nécessaires pour contacter un autre routeur particulier 
    (ses clés publiques, adresse de transport, etc...), et les jeux de baux donnent au routeurs les informations 
    nécessaires pour joindre une destination particulière. Un jeu de baux contient un certain nombre de "baux". 
    Chacun de ces baux indique une passerelle de tunnel qui permet d'atteindre une destination particulière.
    Détail complet des informations contenues dans un bail:
    <ul>
      <li>Passerelle entrante pour un tunnel permettant d'atteindre une certaine destination.</li>
      <li>Moment d'expiration du tunnel.</li>
      <li>Paire de clés publiques pour pouvoir crypter les messages (à envoyer à travers le tunnel 
           et atteindre la destination).</li>
    </ul>
    Les routers envoient eux-mêmes directement leur "routerInfo" à la base de données, 
    alors que les jeux de baux sont envoyés par des tunnels sortants (ils doivent rester anonymes, pour 
    empêcher toute tentative de corrélation entre un routeur et ses jeux de baux).
  </p>
  <p>On peut combiner les trois concepts exposés ci-dessus pour établir des connexions effectives dans le réseau.
  </p>
  <p>
    Pour créer ses propres tunnels entrants et sortants, Alice fait une recherche dans la "netDb" pour obtenir 
    des "routerInfo".
    De cette façon, elle constitue des listes de pairs qu'elle peut utiliser en tant que sauts dans ses tunnels.
    Ensuite elle peut envoyer au premier saut un message élaboré, demandant la création d'un tunnel, et de faire passer
    cette demande plus loin, jusqu'à ce que le tunnel soit entièrement créé.
  </p>
  <center>
    <div class="box">
      <img src="_static/images/netdb_get_routerinfo_1_fr.png" alt="Demande d'informations sur d'autres routeurs" 
       title="Demande d'informations sur d'autres routeurs" />
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
      <img src="_static/images/netdb_get_routerinfo_2_fr.png" 
        alt="Construction d'un tunnel grâce aux informations sur les routeurs" 
        title="Construction d'un tunnel grâce aux informations sur les routeurs" />
      <br /><br />
      Figure 2: Les informations sur les routeurs servent à construire les tunnels.
    </div>
  </center><br/>
  <p>
    Quand Alice désire envoyer un message à Bob, elle recherche tout d'abord dans la netDb 
    un jeu de baux de Bob, ce qui lui donne ses passerelles entrantes de tunnels. 
    Elle choisit ensuite un de ses tunnels sortants et y envoie le message avec les 
    instructions pour le point terminal afin qu'il fasse suivre le message à l'une des 
    passerelles de tunnels entrants de Bob. Quand le point terminal reçois ces instructions,  
    il transfère le message comme demandé, et quand la passerelle de tunnel entrant de Bob le reçoit, 
    elle le transfère dans le tunnel vers le routeur de Bob. Si Alice veut que Bob puisse répondre, 
    elle doit lui indiquer explicitement sa propre destination en tant qu'élément du message lui-même.
    On y parvient en introduisant une couche de haut niveau, ce qui est fait par la bibliothèque de flux
    <a href="#app.streaming">flux</a> (streaming).
    Alice peut aussi raccourcir le temps de réponse en fournissant dans le message son jeu de baux le plus récent, 
    en sorte que Bob soit dispensé d'une requête à netDb quand il voudra répondre. Mais ceci est optionnel.
  </p>
  <center>
    <div class="box">
      <img src="_static/images/netdb_get_leaseset_fr.png" alt="Connexion de tunnels grâce au jeux de baux" 
title="Connexion de tunnels grâce au jeux de baux" />
      <br /><br />
      Figure 3: Les jeux de baux sont utilisés pour connecter les tunnels sortants et entrants.
    </div>
  </center><br/>
  <p>
    De même que les tunnels ont eux-mêmes un cryptage étagé pour empêcher un dévoilement non autorisé  
    par les pairs au sein du réseau (comme la couche transport le fait elle-même pour protéger des pairs 
    les contenus en dehors du réseau), il est nécessaire d'ajouter une couche additionnelle 
    de cryptage de bout en bout pour cacher le message au point terminal sortant et à la passerelle entrante. 
    Ce cryptage "<a href="#op.garlic">en tête d'ail</a>" (garlic) 
    fait que le routeur d'Alice va "emballer" de multiples messages dans un seul message 
    (la tête d'ail="garlic message"), crypté pour une certaine clé publique en sorte que les pairs intermédiaires 
    ne puissent déterminer ni combien il y a de messages (des gousses ou caïeux si on veut pousser plus loin
    l'analogie botanique) dans le bulbe, ni si ces messages sont amers ou sucrés (ce qu'ils disent), ni si ces gousses 
    vont servir à frotter un plat à cassoulet, finir fondus dans un gigot 
    ou hachés/grillés sur une dorade (à qui elles sont destinées). Pour une communication typique
    de point à point entre Alice et Bob, la tête d'ail va être cryptée avec la clé publique annoncée  
    dans le jeu de baux de Bob, ce qui permet le cryptage sans donner la clé publique du routeur de Bob.
  </p>
  <p>
    Une autre donnée importante qu'il faut garder à l'esprit, est qu'I2P est entièrement basé sur l'échange 
    de messages et que quelques messages pourraient se perdre en chemin. Les applications utilisant I2P peuvent 
    utiliser les interfaces "orientées messages" et s'occuper de leur propre contrôle de congestion et besoins de 
    fiabilité, mais elles seront mieux servies en utilisant la bibliothèque de <a href="#app.streaming">streaming</a>
    fournie en vue de voir I2P comme un réseau "orienté flux".
  </p>
  <h2 id="op.tunnels">Les tunnels</h2>
  <p>
    Les tunnels entrants et sortants partagent les mêmes principes de fonctionnement.
    La passerelle de tunnel accumule un certain nombre de messages, en les pré-traitant éventuellement 
    en vue d'une distribution dans le tunnel. Ensuite, elle crypte ces données préparées  
    et les transfère vers le premier saut. Ce pair et les participants suivants du tunnel
    y ajoutent une couche de cryptage après avoir vérifié qu'il ne s'agit pas d'un doublon et avant  
    de le transférer au pair suivant. Le message arrive éventuellement au point terminal  
    où les messages sont de nouveau séparés et transférés comme demandé. La différence réside  
    dans l'action du créateur du tunnel: pour les tunnels entrants, le créateur est le point terminal,
    et il déchiffre simplement toutes les couches ajoutées, alors que pour les tunnels sortants, 
    le créateur est la passerelle, et il pré-déchiffre toutes les couches pour qu'une fois toutes 
    les couches de crytpage par saut ajoutées, le message arrive en clair au point terminal.
  </p>
  <p>
    Le choix de pairs spécifiques pour passer les messages, ainsi que la définition de leur séquence,  
    est important pour une bonne compréhention de l'anatomie et des performances d'I2P.
    Alors que la base de données dispose de ses propres critères de sélection lors du choix  
    des pairs à interroger et pour mémoriser les entrées correspondantes, les creators de tunnels utilisent
    n'importe quels pairs du réseau et dans n'importe quel ordre (et même un nombre de fois indéfini) dans le 
    même tunnel. Si des données précises de latence et de capacité étaient globalement connues, la sélection et 
    le tri seraient pilotés par les besoins particuliers du client en relation avec leur modèle de sécurité. 
    Malheureusement, la latence et les capacités ne sont pas simples à collecter anonymement, et avoir besoin 
    besoin de pairs sans confiance établie pour fournir ces informations pose de sérieux problèmes d'anonymat.
  </p>
  <p>
    Du point de vue de l'anonymat, la technique la plus simple serait de sélectionner des pairs au hasard 
    dans la totalité du réseau, de les trier aléatoirement, et de les utiliser dans cet ordre ad vitam æternam.
    Mais pour les performances, la plus simple façon serait de ne retenir que les plus rapides disposant de la 
    réserve de capacité suffisante, de répartir la charge sur différents pairs pour gérer les défaillances 
    de façon transparente, et de recréer le tunnel chaque fois que l'information de capacité est modifiée.
    alors que la première façon est à la fois fragile et inefficace, la seconde demande des informations 
    indisponibles et n'offre qu'un anonymat insuffisant. 
    I2P fonctionne plutôt en utilisant une gamme de stratégies de sélection des pairs, 
    couplée à du code d'évaluation du niveau d'anonymat pour organiser ces pairs selon leur profil.
  </p>
  <p>
    À la base, I2P classe en permanance les pairs avec lesquels il interagit en mesurant indirectement 
    leur comportement: par exemple, quand un pair répond à une requête netDb en 1,3s,  
    cette latence d'aller-retour est enregistrée dans les profils pour tous les routeurs impliqués 
    dans les deux tunnels (entrant et sortant) au travers desquels la requête et la réponse sont passées,  
    ainsi que le profil du pair. Les mesures directes, telles que la latence de la couche transport ou la congestion, 
    ne sont pas utilisées en tant que données de profil car elles peuvent être manipulées au routeur mesurant,
    l'exposant ainsi à des attaques basiques. En rassemblant ces profils, une série de calculs est lancée 
    sur chacun pour synthétiser ses performances: sa latence, sa capacité à gérer beaucoup d'activités, s'il est 
    actuellement surchargé, et à quel point il semble bien intégré au réseau.
    Les résultats de ces calculs sont alors comparés pour les pairs actifs afin de 
    répartir les routeurs en quatre groupes: les rapides à hautes capacités, ceux de hautes capacités, les non 
    défaillants, et les défaillants. Les seuils de ces groupes sont déterminés dynamiquement, et comme ils n'utilisent
    actuellement que des algorithmes assez simples, il y a d'autres possibilités.
  </p>
  <p> Pour utiliser ces données de profils, la stratégie de sélection la plus simple consiste à 
    les prendre aléatoirement dans le premier groupe (celui des plus rapides à fortes capacités), 
    et c'est ce qui est actuellement employé pour les tunnels clients. 
    Les tunnels exploratoires (utilisés pour les communications avec la base de données et la gestion des tunnels)
    prennent les pairs aléatoirement dans le troisième groupe des non défaillants (qui inclut ceux du premier), 
    ce qui permet une base de sélection plus étoffée avec pour effet l'optimisation de la sélection
    via une progression aléatoire. Ces stratégies laissent cependant fuir des informations concernant les pairs 
    du premier groupe utilisables par des attaques du type collecte de base de données et du type prédecessur. 
    En retour, il y a plusieurs alternatives qui bien que n'équilibrant pas la charge aussi uniformément,  
    bloquent les attaques lancées par certains types d'ennemis.
  </p>
  <p>
    En sélectionnant une clé aléatoire et en triant les pairs selon leur distance "eXORisée" à cette clé,  
    la fuite d'information est réduite pour les attaques prédécesseur et collecte, suivant le taux de défaillance
    des pairs et le renouvellement des seuils des groupes. Une autre stratégie simple pour parer aux 
    attaques par collecte de la netDb consiste simplement à obliger la passerelle entrante à figer  
    aléatoirement la position des pairs situés plus loin dans le tunnnel. Pour gérer les attaques de prédécesseur 
    par des adversaires que le client contacte, le point terminal de tunnel devrait aussi rester statique. 
    La sélection du pair à figer au point le plus vulnérable doit bien sûr être limitée en durée, 
    car tous les pairs sont suceptibles de défaillance, et donc elle doit soit être ajustée en réaction, ou
    préventivement empêchée pour simuler le MTBF (temps moyen entre défaillances) mesuré d'autres routeurs. 
    Ces deux stratégies peuvent ensuite être combinées, en utilisant un pair vulnérable figé et un tri sur XOR 
    dans les tunnels eux-mêmes. Une stratégie plus stricte consisterait à définir les pairs précis et leur ordre
    dans un tunnel potentiel, en utilisant uniquement de pairs qui accepteraient tous de participer de la même 
    façon à chaque fois. Ceci diffère du tri basé sur le résultat de l'XOR en ce que le prédécesseur 
    et le successeur de chaque pair serait toujours les mêmes, alors que le tri sur l'XOR ne permet que de s'assurer
    que leur ordre ne change pas.
  </p>
  <p>
    Comme déjà mentionné, I2P, actuellement en version 0.8 inclut la stratégie basée sur les groupes, 
    avec le tri basé sur le XOR. Une discussion plus poussée des mécanismes impliqués dans les opérations de tunnel
    la gestion et la sélection des pairs est disponible sur la page 
    <a href="tunnel-alt.html">spécification des tunnels</a>. 
  </p>
  <h2 id="op.netdb">Base de donnée</h2>
  <p>
    As mentioned earlier, I2P's netDb works to share the network's metadata.
    This is detailed in <a href="how_networkdatabase.html">the networkdatabase</a> page,
    but a basic explanation is available below.
  </p>
  <p>
    A percentage of I2P users are appointed as 'floodfill peers'.
    Currently, I2P installations that have a lot of bandwidth and are fast enough,
    will appoint themselves as floodfill as soon as the number of existing floodfill routers
    drops too low.
  </p>
  <p>
    Other I2P routers will store their data and lookup data by sending simple 'store' and 'lookup' queries to the floodfills.
    If a floodfill router receives a 'store' query, it will spread the information to other floodfill routers
    using the <a href="http://en.wikipedia.org/wiki/Kademlia">Kademlia algorithm</a>.
    The 'lookup' queries currently function differently, to avoid an important
    <a href="how_networkdatabase.html#lookup">security issue</a>.
    When a lookup is done, the floodfill router will not forward the lookup to other peers,
    but will always answer by itself (if it has the requested data).
  </p>
  <p>
    Two types of information are stored in the network database.
    <ul>
        <li>A <b>routerInfo</b> stores information on a specific I2P router and how to contact it</li>
        <li>A <b>leaseSet</b> stores information on a specific destination (e.g. I2P website, e-mail server...)</li>
    </ul>
    All of this information is signed by the publishing party, and verified by any I2P router using or storing the information.
    In addition, the data contains timing information, to avoid storage of old entries and possible attacks.
    This is also why I2P bundles the necessary code for maintaining the correct time, occasionally querying some SNTP servers 
    (the <a href="http://www.pool.ntp.org/">pool.ntp.org</a> round robin by default)
    and detecting skew between routers at the transport layer.
  </p>
  <p>
    Some additional remarks are also important.
    <ul>
      <li>
        <b>Unpublished and encrypted leasesets:</b>
        <p>
          One could only want specific people to be able to reach a destination.
          This is possible by not publishing the destination in the netDb. You will however have to transmit the destination by other means.
          An alternative are the 'encrypted leaseSets'. These leaseSets can only be decoded by people with access to the decryption key.
        </p>
      </li>
      <li>
        <b>Bootstrapping:</b>
        <p>
          Bootstrapping the netDb is quite simple. Once a router manages to receive a single routerInfo of a reachable peer,
          it can query that router for references to other routers in the network.
          Currently, a number of users post their routerInfo files to a website to make this information available.
          I2P automatically connects to one of these websites to gather routerInfo files and bootstrap.
        </p>
      </li>
      <li>
        <b>Lookup scalability:</b>
        <p>
            Lookups in the I2P network are not forwarded to other netDb routers.
            Currently, this is not a major problem, since the network is not very large.
            However, as the network grows, not all routerInfo and leaseSet files will be present
            on each netDb router. This will cause a deterioration of the percentage of successful lookups.
            Because of this, refinements to the netDb will be done in the next releases.
        </p>
      </li>
    </ul>
  </p>
  <h2 id="op.transport">Transport protocols</h2>
  <p> Communication between routers needs to provide confidentiality and integrity 
    against external adversaries while authenticating that the router contacted 
    is the one who should receive a given message. The particulars of how routers 
    communicate with other routers aren't critical - three separate protocols 
    have been used at different points to provide those bare necessities. </p>
  <p> I2P started with a TCP-based protocol which 
    has since been disabled. Then, to accommodate the need for high degree communication 
    (as a number of routers will end up speaking with many others), I2P moved 
    from a TCP based transport to a <a href="udp.html">UDP-based one</a> - "Secure 
    Semireliable UDP", or "SSU". </p>
  <p> As described in the <a href="udp.html">SSU spec</a>:</p>
  <blockquote> The goal of this protocol is to provide secure, authenticated, 
    semireliable, and unordered message delivery, exposing only a minimal amount 
    of data easily discernible to third parties. It should support high degree 
    communication as well as TCP-friendly congestion control, and may include 
    PMTU detection. It should be capable of efficiently moving bulk data at rates 
    sufficient for home users. In addition, it should support techniques for addressing 
    network obstacles, like most NATs or firewalls. </blockquote>
  <p> Following the introduction of SSU, after issues with congestion collapse 
    appeared, a new NIO-based TCP transport called <a href="ntcp.html">NTCP</a> 
    was implemented. It is enabled by default for outbound connections only. Those 
    who configure their NAT/firewall to allow inbound connections and specify 
    the external host and port (dyndns/etc is ok) on /config.jsp can receive inbound 
    connections. As NTCP is NIO based, so it doesn't suffer from the 1 thread 
    per connection issues of the old TCP transport. </p>
  <p> I2P supports multiple transports simultaneously. A particular transport 
    for an outbound connection is selected with "bids". Each transport bids for 
    the connection and the relative value of these bids assigns the priority. 
    Transports may reply with different bids, depending on whether there is already 
    an established connection to the peer. </p>
  <p> The current implementation ranks NTCP as the highest-priority transport 
    for outbound connections in most situations. SSU is enabled for both outbound 
    and inbound connections. Your firewall and your I2P router must be configured 
    to allow inbound NTCP connections. For further information see the <a href="ntcp.html">NTCP 
    page</a>. </p>
  <h2 id="op.crypto">Cryptography</h2>
  <p> A bare minimum set of cryptographic primitives are combined together to 
    provide I2P's layered defenses against a variety of adversaries. At the lowest 
    level, inter router communication is protected by the transport layer security 
    - SSU encrypts each packet with AES256/CBC with both an explicit IV and MAC 
    (HMAC-MD5-128) after agreeing upon an ephemeral session key through a 2048bit 
    Diffie-Hellman exchange, station-to-station authentication with the other 
    router's DSA key, plus each network message has their own hash for local integrity 
    checking. <a href="#op.tunnels">Tunnel</a> messages passed over the transports 
    have their own layered AES256/CBC encryption with an explicit IV and verified 
    at the tunnel endpoint with an additional SHA256 hash. Various other messages 
    are passed along inside "garlic messages", which are encrypted with ElGamal/AES+SessionTags 
    (explained below). </p>
  <h3 id="op.garlic">Garlic messages</h3>
  <p> Garlic messages are an extension of "onion" layered encryption, allowing 
    the contents of a single message to contain multiple "cloves" - fully formed 
    messages alongside their own instructions for delivery. Messages are wrapped 
    into a garlic message whenever the message would otherwise be passing in cleartext 
    through a peer who should not have access to the information - for instance, 
    when a router wants to ask another router to participate in a tunnel, they 
    wrap the request inside a garlic, encrypt that garlic to the receiving router's 
    2048bit ElGamal public key, and forward it through a tunnel. Another example 
    is when a client wants to send a message to a destination - the sender's router 
    will wrap up that data message (alongside some other messages) into a garlic, 
    encrypt that garlic to the 2048bit ElGamal public key published in the recipient's 
    leaseSet, and forward it through the appropriate tunnels. </p>
  <p> The "instructions" attached to each clove inside the encryption layer includes 
    the ability to request that the clove be forwarded locally, to a remote router, 
    or to a remote tunnel on a remote router. There are fields in those instructions 
    allowing a peer to request that the delivery be delayed until a certain time 
    or condition has been met, though they won't be honored until the <a href="#future.variablelatency">nontrivial 
    delays</a> are deployed. It is possible to explicitly route garlic messages 
    any number of hops without building tunnels, or even to reroute tunnel messages 
    by wrapping them in garlic messages and forwarding them a number of hops prior 
    to delivering them to the next hop in the tunnel, but those techniques are 
    not currently used in the existing implementation. </p>
  <h3 id="op.sessiontags">Session tags</h3>
  <p> As an unreliable, unordered, message based system, I2P uses a simple combination 
    of asymmetric and symmetric encryption algorithms to provide data confidentiality 
    and integrity to garlic messages. As a whole, the combination is referred 
    to as ElGamal/AES+SessionTags, but that is an excessively verbose way to describe 
    the simple use of 2048bit ElGamal, AES256, SHA256, and 32 byte nonces. </p>
  <p> The first time a router wants to encrypt a garlic message to another router, 
    they encrypt the keying material for an AES256 session key with ElGamal and 
    append the AES256/CBC encrypted payload after that encrypted ElGamal block. 
    In addition to the encrypted payload, the AES encrypted section contains the 
    payload length, the SHA256 hash of the unencrypted payload, as well as a number 
    of "session tags" - random 32 byte nonces. The next time the sender wants 
    to encrypt a garlic message to another router, rather than ElGamal encrypt 
    a new session key they simply pick one of the previously delivered session 
    tags and AES encrypt the payload like before, using the session key used with 
    that session tag, prepended with the session tag itself. When a router receives 
    a garlic encrypted message, they check the first 32 bytes to see if it matches 
    an available session tag - if it does, they simply AES decrypt the message, 
    but if it does not, they ElGamal decrypt the first block. </p>
  <p> Each session tag can be used only once so as to prevent internal adversaries 
    from unnecessarily correlating different messages as being between the same 
    routers. The sender of an ElGamal/AES+SessionTag encrypted message chooses 
    when and how many tags to deliver, prestocking the recipient with enough tags 
    to cover a volley of messages. Garlic messages may detect the successful tag 
    delivery by bundling a small additional message as a clove (a "delivery status 
    message") - when the garlic message arrives at the intended recipient and 
    is decrypted successfully, this small delivery status message is one of the 
    cloves exposed and has instructions for the recipient to send the clove back 
    to the original sender (through an inbound tunnel, of course). When the original 
    sender receives this delivery status message, they know that the session tags 
    bundled in the garlic message were successfully delivered. </p>
  <p> Session tags themselves have a very short lifetime, after which they are 
    discarded if not used. In addition, the quantity stored for each key is limited, 
    as are the number of keys themselves - if too many arrive, either new or old 
    messages may be dropped. The sender keeps track whether messages using session 
    tags are getting through, and if there isn't sufficient communication it may 
    drop the ones previously assumed to be properly delivered, reverting back 
    to the full expensive ElGamal encryption. </p>
  <p> One alternative is to transmit only a single session tag, and from that, 
    seed a deterministic PRNG for determining what tags to use or expect. By keeping 
    this PRNG roughly synchronized between the sender and recipient (the recipient 
    precomputes a window of the next e.g. 50 tags), the overhead of periodically 
    bundling a large number of tags is removed, allowing more options in the space/time 
    tradeoff, and perhaps reducing the number of ElGamal encryptions necessary. 
    However, it would depend upon the strength of the PRNG to provide the necessary 
    cover against internal adversaries, though perhaps by limiting the amount 
    of times each PRNG is used, any weaknesses can be minimized. At the moment, 
    there are no immediate plans to move towards these synchronized PRNGs. </p>
  <h1 id="future">Future</h1>
  <p> While I2P is currently functional and sufficient for many scenarios, there 
    are several areas which require further improvement to meet the needs of those 
    facing more powerful adversaries as well as substantial user experience optimization. 
  </p>
  <h2 id="future.restricted">Restricted route operation</h2>
  <p> I2P is an overlay network designed to be run on top of a functional packet 
    switched network, exploiting the end to end principle to offer anonymity and 
    security. While the Internet no longer fully embraces the end to end principle
    (due to the usage of NAT), 
    I2P does require a substantial portion of the network to be reachable - there 
    may be a number of peers along the edges running using restricted routes, 
    but I2P does not include an appropriate routing algorithm for the degenerate 
    case where most peers are unreachable. It would, however work on top of a 
    network employing such an algorithm. </p>
  <p> Restricted route operation, where there are limits to what peers are reachable 
    directly, has several different functional and anonymity implications, dependent 
    upon how the restricted routes are handled. At the most basic level, restricted 
    routes exist when a peer is behind a NAT or firewall which does not allow 
    inbound connections. This was largely addressed in I2P 0.6.0.6 by integrating 
    distributed hole punching into the transport layer, allowing people behind 
    most NATs and firewalls to receive unsolicited connections without any configuration. 
    However, this does not limit the exposure of the peer's IP address to routers 
    inside the network, as they can simply get introduced to the peer through 
    the published introducer. </p>
  <p> Beyond the functional handling of restricted routes, there are two levels 
    of restricted operation that can be used to limit the exposure of one's IP 
    address - using router-specific tunnels for communication, and offering 'client 
    routers'. For the former, routers can either build a new pool of tunnels or 
    reuse their exploratory pool, publishing the inbound gateways to some of them 
    as part of their routerInfo in place of their transport addresses. When a 
    peer wants to get in touch with them, they see those tunnel gateways in the 
    netDb and simply send the relevant message to them through one of the published 
    tunnels. If the peer behind the restricted route wants to reply, it may do 
    so either directly (if they are willing to expose their IP to the peer) or 
    indirectly through their outbound tunnels. When the routers that the peer 
    has direct connections to want to reach it (to forward tunnel messages, for 
    instance), they simply prioritize their direct connection over the published 
    tunnel gateway. The concept of 'client routers' simply extends the restricted 
    route by not publishing any router addresses. Such a router would not even 
    need to publish their routerInfo in the netDb, merely providing their self 
    signed routerInfo to the peers that it contacts (necessary to pass the router's 
    public keys). Both levels of restricted route operation are planned for I2P 
    2.0. </p>
  <p> There are tradeoffs for those behind restricted routes, as they would likely 
    participate in other people's tunnels less frequently, and the routers which 
    they are connected to would be able to infer traffic patterns that would not 
    otherwise be exposed. On the other hand, if the cost of that exposure is less 
    than the cost of an IP being made available, it may be worthwhile. This, of 
    course, assumes that the peers that the router behind a restricted route contacts 
    are not hostile - either the network is large enough that the probability 
    of using a hostile peer to get connected is small enough, or trusted (and 
    perhaps temporary) peers are used instead. </p>
  <h2 id="future.variablelatency">Variable latency</h2>
  <p> Even though the bulk of I2P's initial efforts have been on low latency communication, 
    it was designed with variable latency services in mind from the beginning. 
    At the most basic level, applications running on top of I2P can offer the 
    anonymity of medium and high latency communication while still blending their 
    traffic patterns in with low latency traffic. Internally though, I2P can offer 
    its own medium and high latency communication through the garlic encryption 
    - specifying that the message should be sent after a certain delay, at a certain 
    time, after a certain number of messages have passed, or another mix strategy. 
    With the layered encryption, only the router that the clove exposed the delay 
    request would know that the message requires high latency, allowing the traffic 
    to blend in further with the low latency traffic. Once the transmission precondition 
    is met, the router holding on to the clove (which itself would likely be a 
    garlic message) simply forwards it as requested - to a router, to a tunnel, 
    or, most likely, to a remote client destination. </p>
  <p> There are a substantial number of ways to exploit this capacity for high 
    latency comm in I2P, but for the moment, doing so has been scheduled for the 
    I2P 3.0 release. In the meantime, those requiring the anonymity that high 
    latency comm can offer should look towards the application layer to provide 
    it. </p>
  <h2 id="future.open">Open questions</h2>
  <pre>
How to get rid of the timing constraint?
Can we deal with the sessionTags more efficiently?
What, if any, batching/mixing strategies should be made available on the tunnels?
What other tunnel peer selection and ordering strategies should be available?
</pre>
  <h1 id="similar">Similar systems</h1>
  <p> I2P's architecture builds on the concepts of message oriented middleware, 
    the topology of DHTs, the anonymity and cryptography of free route mixnets, 
    and the adaptability of packet switched networking. The value comes not from 
    novel concepts of algorithms though, but from careful engineering combining 
    the research results of existing systems and papers. While there are a few 
    similar efforts worth reviewing, both for technical and functional comparisons, 
    two in particular are pulled out here - Tor and Freenet. </p>
  <p> See also the <a href="how_networkcomparisons.html">Network Comparisons Page</a>. 
  </p>

  <h2 id="similar.tor">Tor</h2>
  <p><i><a href="http://www.torproject.org/">website</a></i></p>
  <p> At first glance, Tor and I2P have many functional and anonymity related 
    similarities. While I2P's development began before we were aware of the early 
    stage efforts on Tor, many of the lessons of the original onion routing and 
    ZKS efforts were integrated into I2P's design. Rather than building an essentially 
    trusted, centralized system with directory servers, I2P has a self organizing 
    network database with each peer taking on the responsibility of profiling 
    other routers to determine how best to exploit available resources. Another 
    key difference is that while both I2P and Tor use layered and ordered paths 
    (tunnels and circuits/streams), I2P is fundamentally a packet switched network, 
    while Tor is fundamentally a circuit switched one, allowing I2P to transparently 
    route around congestion or other network failures, operate redundant pathways, 
    and load balance the data across available resources. While Tor offers the 
    useful outproxy functionality by offering integrated outproxy discovery and 
    selection, I2P leaves such application layer decisions up to applications 
    running on top of I2P - in fact, I2P has even externalized the TCP-like streaming 
    library itself to the application layer, allowing developers to experiment 
    with different strategies, exploiting their domain specific knowledge to offer 
    better performance. </p>
  <p> From an anonymity perspective, there is much similarity when the core networks 
    are compared. However, there are a few key differences. When dealing with 
    an internal adversary or most external adversaries, I2P's simplex tunnels 
    expose half as much traffic data than would be exposed with Tor's duplex circuits 
    by simply looking at the flows themselves - an HTTP request and response would 
    follow the same path in Tor, while in I2P the packets making up the request 
    would go out through one or more outbound tunnels and the packets making up 
    the response would come back through one or more different inbound tunnels. 
    While I2P's peer selection and ordering strategies should sufficiently address 
    predecessor attacks, I2P can trivially mimic Tor's non-redundant duplex tunnels 
    by simply building an inbound and outbound tunnel along the same routers.</p>
  <p> Another anonymity issue comes up in Tor's use of telescopic tunnel creation, 
    as simple packet counting and timing measurements as the cells in a circuit 
    pass through an adversary's node exposes statistical information regarding 
    where the adversary is within the circuit. I2P's unidirectional tunnel creation 
    with a single message so that this data is not exposed. Protecting the position 
    in a tunnel is important, as an adversary would otherwise be able to mounting 
    a series of powerful predecessor, intersection, and traffic confirmation attacks. 
  </p>
  <p> Tor's support for a second tier of "onion proxies" does offer a nontrivial 
    degree of anonymity while requiring a low cost of entry, while I2P will not 
    offer this topology until <a href="#future.restricted">2.0</a>. </p>
  <p> On the whole, Tor and I2P complement each other in their focus - Tor works 
    towards offering high speed anonymous Internet outproxying, while I2P works 
    towards offering a decentralized resilient network in itself. In theory, both 
    can be used to achieve both purposes, but given limited development resources, 
    they both have their strengths and weaknesses. The I2P developers have considered 
    the steps necessary to modify Tor to take advantage of I2P's design, but concerns 
    of Tor's viability under resource scarcity suggest that I2P's packet switching 
    architecture will be able to exploit scarce resources more effectively. </p>

  <h2 id="similar.freenet">Freenet</h2>
  <p><i><a href="http://www.freenetproject.org/">website</a></i></p>
  <p> Freenet played a large part in the initial stages of I2P's design - giving 
    proof to the viability of a vibrant pseudonymous community completely contained 
    within the network, demonstrating that the dangers inherent in outproxies 
    could be avoided. The first seed of I2P began as a replacement communication 
    layer for Freenet, attempting to factor out the complexities of a scalable, 
    anonymous and secure point to point communication from the complexities of 
    a censorship resistant distributed data store. Over time however, some of 
    the anonymity and scalability issues inherent in Freenet's algorithms made 
    it clear that I2P's focus should stay strictly on providing a generic anonymous 
    communication layer, rather than as a component of Freenet. Over the years, 
    the Freenet developers have come to see the weaknesses in the older design, 
    prompting them to suggest that they will require a "premix" layer to offer 
    substantial anonymity. In other words, Freenet needs to run on top of a mixnet 
    such as I2P or Tor, with "client nodes" requesting and publishing data through 
    the mixnet to the "server nodes" which then fetch and store the data according 
    to Freenet's heuristic distributed data storage algorithms. </p>
  <p> Freenet's functionality is very complementary to I2P's, as Freenet natively 
    provides many of the tools for operating medium and high latency systems, 
    while I2P natively provides the low latency mix network suitable for offering 
    adequate anonymity. The logic of separating the mixnet from the censorship 
    resistant distributed data store still seems self evident from an engineering, 
    anonymity, security, and resource allocation perspective, so hopefully the 
    Freenet team will pursue efforts in that direction, if not simply reusing 
    (or helping to improve, as necessary) existing mixnets like I2P or Tor. </p>
  <p> It is worth mentioning that there has recently been discussion and work 
    by the Freenet developers on a "globally scalable darknet" using restricted 
    routes between peers of various trust. While insufficient information has 
    been made publicly available regarding how such a system would operate for 
    a full review, from what has been said the anonymity and scalability claims 
    seem highly dubious. In particular, the appropriateness for use in hostile 
    regimes against state level adversaries has been tremendously overstated, 
    and any analysis on the implications of resource scarcity upon the scalability 
    of the network has seemingly been avoided. Further questions regarding susceptibility 
    to traffic analysis, trust, and other topics do exist, but a more in-depth 
    review of this "globally scalable darknet" will have to wait until the Freenet 
    team makes more information available. </p>

  <h1 id="app">Appendix A: Application layer</h1>

  <p>
    I2P itself doesn't really do much - it simply sends messages to remote destinations 
    and receives messages targeting local destinations - most of the interesting 
    work goes on at the layers above it. By itself, I2P could be seen as an anonymous 
    and secure IP layer, and the bundled <a href="#app.streaming">streaming library</a> 
    as an implementation of an anonymous and secure TCP layer on top of it. Beyond 
    that, <a href="#app.i2ptunnel">I2PTunnel</a> exposes a generic TCP proxying 
    system for either getting into or out of the I2P network, plus a variety of 
    network applications provide further functionality for end users.
  </p>

  <h2 id="app.streaming">Streaming library</h2>
  <p>
    The I2P streaming library can be viewed as a generic streaming interface (mirroring TCP sockets),
    and the implementation supports a <a href="http://en.wikipedia.org/wiki/Sliding_Window_Protocol">sliding window protocol</a>
    with several optimizations, to take into account the high delay over I2P.
    Individual streams may adjust the maximum packet size and 
    other options, though the default of 4KB compressed seems a reasonable tradeoff 
    between the bandwidth costs of retransmitting lost messages and the latency 
    of multiple messages.
  </p>
  <p>
    In addition, in consideration of the relatively high cost of subsequent 
    messages, the streaming library's protocol for scheduling and delivering messages 
    has been optimized to allow individual messages passed to contain as much 
    information as is available. For instance, a small HTTP transaction proxied 
    through the streaming library can be completed in a single round trip - the 
    first message bundles a SYN, FIN, and the small payload (an HTTP request typically 
    fits) and the reply bundles the SYN, FIN, ACK, and the small payload (many 
    HTTP responses fit). While an additional ACK must be transmitted to tell the 
    HTTP server that the SYN/FIN/ACK has been received, the local HTTP proxy can 
    deliver the full response to the browser immediately.
  </p>
  <p>
    On the whole, however, the streaming library bears much resemblance to an 
    abstraction of TCP, with its sliding windows, congestion control algorithms 
    (both slow start and congestion avoidance), and general packet behavior (ACK, 
    SYN, FIN, RST, etc).
  </p>

  <h2 id="app.naming">Naming library and addressbook</h2>
  <p><i> For more information see the <a href="naming.html">Naming and Addressbook</a> 
    page.</i></p>
  <p><i>Developed by: mihi, Ragnarok</i></p>
  <p> Naming within I2P has been an oft-debated topic since the very beginning 
    with advocates across the spectrum of possibilities. However, given I2P's 
    inherent demand for secure communication and decentralized operation, the 
    traditional DNS-style naming system is clearly out, as are "majority rules" 
    voting systems. Instead, I2P ships with a generic naming library and a base 
    implementation designed to work off a local name to destination mapping, as 
    well as an optional add-on application called the "addressbook". The addressbook 
    is a web-of-trust driven secure, distributed, and human readable naming system, 
    sacrificing only the call for all human readable names to be globally unique 
    by mandating only local uniqueness. While all messages in I2P are cryptographically 
    addressed by their destination, different people can have local addressbook 
    entries for "Alice" which refer to different destinations. People can still 
    discover new names by importing published addressbooks of peers specified 
    in their web of trust, by adding in the entries provided through a third party, 
    or (if some people organize a series of published addressbooks using a first 
    come first serve registration system) people can choose to treat these addressbooks 
    as name servers, emulating traditional DNS. </p>
  <p> I2P does not promote the use of DNS-like services though, as the damage 
    done by hijacking a site can be tremendous - and insecure destinations have 
    no value. DNSsec itself still falls back on registrars and certificate authorities, 
    while with I2P, requests sent to a destination cannot be intercepted or the 
    reply spoofed, as they are encrypted to the destination's public keys, and 
    a destination itself is just a pair of public keys and a certificate. DNS-style 
    systems on the other hand allow any of the name servers on the lookup path 
    to mount simple denial of service and spoofing attacks. Adding on a certificate 
    authenticating the responses as signed by some centralized certificate authority 
    would address many of the hostile nameserver issues but would leave open replay 
    attacks as well as hostile certificate authority attacks. </p>
  <p> Voting style naming is dangerous as well, especially given the effectiveness 
    of Sybil attacks in anonymous systems - the attacker can simply create an 
    arbitrarily high number of peers and "vote" with each to take over a given 
    name. Proof-of-work methods can be used to make identity non-free, but as 
    the network grows the load required to contact everyone to conduct online 
    voting is implausible, or if the full network is not queried, different sets 
    of answers may be reachable. </p>
  <p> As with the Internet however, I2P is keeping the design and operation of 
    a naming system out of the (IP-like) communication layer. The bundled naming 
    library includes a simple service provider interface which alternate naming 
    systems can plug into, allowing end users to drive what sort of naming tradeoffs 
    they prefer. </p>

  <h2 id="app.syndie">Syndie</h2>
  <p><i> The old Syndie bundled with I2P has been replaced by the new Syndie which 
    is distributed separately. For more information see the <a href="http://syndie.i2p2.de/">Syndie</a> 
    pages.</i></p>
  <p> Syndie is a safe, anonymous blogging / content publication / content aggregation 
    system. It lets you create information, share it with others, and read posts 
    from those you're interested in, all while taking into consideration your 
    needs for security and anonymity. Rather than building its own content distribution 
    network, Syndie is designed to run on top of existing networks, syndicating 
    content through eepsites, Tor hidden services, Freenet freesites, normal websites, 
    usenet newsgroups, email lists, RSS feeds, etc. Data published with Syndie 
    is done so as to offer pseudonymous authentication to anyone reading or archiving 
    it. </p>

  <h2 id="app.i2ptunnel">I2PTunnel</h2>
  <p><i>Developed by: mihi</i></p>
  <p> I2PTunnel is probably I2P's most popular and versatile client application, 
    allowing generic proxying both into and out of the I2P network. I2PTunnel 
    can be viewed as four separate proxying applications - a "client" which receives 
    inbound TCP connections and forwards them to a given I2P destination, an "httpclient" 
    (aka "eepproxy") which acts like an HTTP proxy and forwards the requests to 
    the appropriate I2P destination (after querying the naming service if necessary), 
    a "server" which receives inbound I2P streaming connections on a destination 
    and forwards them to a given TCP host+port, and an "httpserver" which extends 
    the "server" by parsing the HTTP request and responses to allow safer operation. 
    There is an additional "socksclient" application, but its use is not encouraged 
    for reasons previously mentioned. </p>
  <p> I2P itself is not an outproxy network - the anonymity and security concerns 
    inherent in a mix net which forwards data into and out of the mix have kept 
    I2P's design focused on providing an anonymous network which capable of meeting 
    the user's needs without requiring external resources. However, the I2PTunnel 
    "httpclient" application offers a hook for outproxying - if the hostname requested 
    doesn't end in ".i2p", it picks a random destination from a user-provided 
    set of outproxies and forwards the request to them. These destinations are 
    simply I2PTunnel "server" instances run by volunteers who have explicitly 
    chosen to run outproxies - no one is an outproxy by default, and running an 
    outproxy doesn't automatically tell other people to proxy through you. While 
    outproxies do have inherent weaknesses, they offer a simple proof of concept 
    for using I2P and provide some functionality under a threat model which may 
    be sufficient for some users. </p>
  <p> I2PTunnel enables most of the applications in use. An "httpserver" pointing 
    at a webserver lets anyone run their own anonymous website (or "eepsite") 
    - a webserver is bundled with I2P for this purpose, but any webserver can 
    be used. Anyone may run a "client" pointing at one of the anonymously hosted 
    IRC servers, each of which are running a "server" pointing at their local 
    IRCd and communicating between IRCds over their own "client" tunnels. End 
    users also have "client" tunnels pointing at <a href="#app.i2pmail">I2Pmail's</a> 
    POP3 and SMTP destinations (which in turn are simply "server" instances pointing 
    at POP3 and SMTP servers), as well as "client" tunnels pointing at I2P's CVS 
    server, allowing anonymous development. At times people have even run "client" 
    proxies to access the "server" instances pointing at an NNTP server. </p>

  <h2 id="app.i2pbt">i2p-bt</h2>
  <p><i>Developed by: duck, et al</i></p>
  <p> i2p-bt is a port of the mainline python BitTorrent client to run both the 
    tracker and peer communication over I2P. Tracker requests are forwarded through 
    the eepproxy to eepsites specified in the torrent file while tracker responses 
    refer to peers by their destination explicitly, allowing i2p-bt to open up 
    a <a href="#app.streaming">streaming lib</a> connection to query them for 
    blocks. </p>
  <p> In addition to i2p-bt, a port of bytemonsoon has been made to I2P, making 
    a few modifications as necessary to strip any anonymity-compromising information 
    from the application and to take into consideration the fact that IPs cannot 
    be used for identifying peers. </p>

  <h2 id="app.i2psnark">I2PSnark</h2>
  <p><i>I2PSnark developed: jrandom, et al, ported from <a
href="http://www.klomp.org/mark/">mjw</a>'s <a
href="http://www.klomp.org/snark/">Snark</a> client</i></p>
  <p> Bundled with the I2P install, I2PSnark offers a simple anonymous BitTorrent 
    client with multitorrent capabilities, exposing all of the functionality through 
    a plain HTML web interface. </p>

  <h2 id="app.robert">Robert</h2>
  <p><i>Developed by: sponge</i></p>
  <p>Robert is a Bittorrent client written in Python.
    It is hosted on <a href="http://bob.i2p/Robert.html">http://bob.i2p/Robert.html</a></p> <!-- TODO: expand -->

  <h2 id="app.pybit">PyBit</h2>
  <p><i>Developed by: Blub</i></p>
  <p>PyBit is a Bittorrent client written in Python.
    It is hosted on <a href="http://pebcache.i2p/">http://pebcache.i2p/</a></p> <!-- TODO: expand -->

  <h2 id="app.i2phex">I2Phex</h2>
  <p><i>Developed by: sirup</i></p>
  <p> I2Phex is a fairly direct port of the Phex Gnutella filesharing client to 
    run entirely on top of I2P. While it has disabled some of Phex's functionality, 
    such as integration with Gnutella webcaches, the basic file sharing and chatting 
    system is fully functional. </p>
  <h2 id="app.i2pmail">I2Pmail/susimail</h2>
  <p><i>Developed by: postman, susi23, mastiejaner</i></p>
  <p> I2Pmail is more a service than an application - postman offers both internal 
    and external email with POP3 and SMTP service through I2PTunnel instances 
    accessing a series of components developed with mastiejaner, allowing people 
    to use their preferred mail clients to send and receive mail pseudonymously. 
    However, as most mail clients expose substantial identifying information, 
    I2P bundles susi23's web based susimail client which has been built specifically 
    with I2P's anonymity needs in mind. The I2Pmail/mail.i2p service offers transparent 
    virus filtering as well as denial of service prevention with hashcash augmented 
    quotas. In addition, each user has control of their batching strategy prior 
    to delivery through the mail.i2p outproxies, which are separate from the mail.i2p 
    SMTP and POP3 servers - both the outproxies and inproxies communicate with 
    the mail.i2p SMTP and POP3 servers through I2P itself, so compromising those 
    non-anonymous locations does not give access to the mail accounts or activity 
    patterns of the user. At the moment the developers work on a decentralized 
    mailsystem, called "v2mail". More information can be found on the eepsite 
    <a href="http://hq.postman.i2p/">hq.postman.i2p</a>.</p>

  <h2 id="app.i2pbote">I2P-Bote</h2>
  <p><i>Developed by: HungryHobo</i></p>
  <p>
    I2P-Bote is a distributed e-mail application. It does not use the traditional
    e-mail concept of sending an e-mail to a server and retrieving it from a server.
    Instead, it uses a Kademlia Distributed Hash Table to store mails.
    One user can push a mail into the DHT, while another can request the e-mail from the DHT.
  </p>

  <h2 id="app.i2pmessenger">I2P-messenger</h2>
  <p>
    I2P-messenger is an end-to-end encrypted serverless communication application.
    For communication between two users, they need to give each other their destination, to allow the other to connect.
  </p>
{% endblock %}