I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b2bd7b7f28bb99ac925a43120a7500ed1e4ac7f7
i2p.www/pots/docs.pot
str4d b2bd7b7f28 Updated translation strings
2016-06-01 11:50:28 +00:00

15947 lines
532 KiB
Plaintext
Raw Blame History

# Translations template for I2P.
# Copyright (C) 2016 ORGANIZATION
# This file is distributed under the same license as the I2P project.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: I2P website\n"
"Report-Msgid-Bugs-To: http://trac.i2p2.de\n"
"POT-Creation-Date: 2016-06-01 11:46+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 1.3\n"
#: i2p2www/pages/site/docs/index.html:2 i2p2www/pages/site/docs/index.html:23
msgid "Index to Technical Documentation"
msgstr ""
#: i2p2www/pages/site/docs/index.html:3 i2p2www/pages/site/docs/reseed.html:3
#: i2p2www/pages/site/docs/how/elgamal-aes.html:3
msgid "January 2016"
msgstr ""
#: i2p2www/pages/site/docs/index.html:6
msgid "Following is an index to the technical documentation for I2P."
msgstr ""
#: i2p2www/pages/site/docs/index.html:10
msgid ""
"This index is ordered from the highest to lowest layers.\n"
"The higher layers are for \"clients\" or applications;\n"
"the lower layers are inside the router itself.\n"
"The interface between applications and the router is the I2CP (I2P "
"Control Protocol) API."
msgstr ""
#: i2p2www/pages/site/docs/index.html:17
#, python-format
msgid ""
"The I2P Project is committed to maintaining accurate, current "
"documentation.\n"
"If you find any inaccuracies in the documents linked below, please\n"
"<a href=\"%(trac)s\">enter a ticket identifying the problem</a>."
msgstr ""
#: i2p2www/pages/site/docs/index.html:25 i2p2www/pages/site/docs/naming.html:6
#: i2p2www/pages/site/docs/api/i2ptunnel.html:7
#: i2p2www/pages/site/docs/api/streaming.html:6
#: i2p2www/pages/site/docs/applications/embedding.html:7
#: i2p2www/pages/site/docs/applications/managed-clients.html:7
#: i2p2www/pages/site/docs/how/elgamal-aes.html:6
#: i2p2www/pages/site/docs/how/network-database.html:6
#: i2p2www/pages/site/docs/how/peer-selection.html:6
#: i2p2www/pages/site/docs/how/tech-intro.html:9
#: i2p2www/pages/site/docs/how/tech-intro.html:93
#: i2p2www/pages/site/docs/how/tunnel-routing.html:6
#: i2p2www/pages/site/docs/tunnels/implementation.html:67
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:6
msgid "Overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:27
msgid "Technical Introduction"
msgstr ""
#: i2p2www/pages/site/docs/index.html:28
msgid "A Less-Technical Introduction"
msgstr ""
#: i2p2www/pages/site/docs/index.html:29
msgid "Threat model and analysis"
msgstr ""
#: i2p2www/pages/site/docs/index.html:30
msgid "Comparisons to other anonymous networks"
msgstr ""
#: i2p2www/pages/site/docs/index.html:31
msgid "Specifications"
msgstr ""
#: i2p2www/pages/site/docs/index.html:32
msgid "Protocol stack chart"
msgstr ""
#: i2p2www/pages/site/docs/index.html:33
msgid "Papers on I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:34
msgid "Presentations, articles, tutorials, videos, and interviews"
msgstr ""
#: i2p2www/pages/site/docs/index.html:35
#, python-format
msgid ""
"<a href=\"%(pdf)s\">Invisible Internet Project (I2P) Project Overview</a>"
" August 28, 2003 (pdf)"
msgstr ""
#: i2p2www/pages/site/docs/index.html:38
msgid "Application-Layer Topics"
msgstr ""
#: i2p2www/pages/site/docs/index.html:41 i2p2www/pages/site/docs/naming.html:2
msgid "Naming and Addressbook"
msgstr ""
#: i2p2www/pages/site/docs/index.html:42
msgid "Plugins Overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:43
msgid "Plugin Specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:44
#: i2p2www/pages/site/docs/applications/managed-clients.html:2
#: i2p2www/pages/site/docs/applications/managed-clients.html:20
msgid "Managed Clients"
msgstr ""
#: i2p2www/pages/site/docs/index.html:45 i2p2www/pages/site/docs/index.html:223
msgid "Embedding the router in your application"
msgstr ""
#: i2p2www/pages/site/docs/index.html:46
#: i2p2www/pages/site/docs/applications/bittorrent.html:2
msgid "Bittorrent over I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:47
msgid "I2PControl Plugin API"
msgstr ""
#: i2p2www/pages/site/docs/index.html:48
msgid "hostsdb.blockfile Format"
msgstr ""
#: i2p2www/pages/site/docs/index.html:49 i2p2www/pages/site/docs/index.html:195
msgid "Configuration File Format"
msgstr ""
#: i2p2www/pages/site/docs/index.html:52
msgid "Application Layer API and Protocols"
msgstr ""
#: i2p2www/pages/site/docs/index.html:53
msgid ""
"High-level, easy-to-use APIs for applications written in any language to "
"send and receive data."
msgstr ""
#: i2p2www/pages/site/docs/index.html:55
msgid "Application Development Overview and Guide"
msgstr ""
#: i2p2www/pages/site/docs/index.html:59
#: i2p2www/pages/site/docs/api/i2ptunnel.html:51
msgid "I2PTunnel Configuration"
msgstr ""
#: i2p2www/pages/site/docs/index.html:75
msgid "SAM Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:77
msgid "SAMv2 Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:79
msgid "SAMv3 Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:81
msgid "BOB Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:84
msgid "End-to-End Transport API and Protocols"
msgstr ""
#: i2p2www/pages/site/docs/index.html:85
msgid ""
"The end-to-end protocols used by clients for reliable and unreliable "
"communication."
msgstr ""
#: i2p2www/pages/site/docs/index.html:87
#: i2p2www/pages/site/docs/api/streaming.html:2
msgid "Streaming Library"
msgstr ""
#: i2p2www/pages/site/docs/index.html:89
msgid "Streaming Protocol Specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:91
msgid "Streaming Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:93
#: i2p2www/pages/site/docs/api/datagrams.html:2
msgid "Datagrams"
msgstr ""
#: i2p2www/pages/site/docs/index.html:95
msgid "Datagram Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:98
msgid "Client-to-Router Interface API and Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:99
msgid ""
"The lowest-level API used for clients (applications) to send and receive "
"traffic to a router.\n"
"Traditionally used only by Java applications and higher-level APIs."
msgstr ""
#: i2p2www/pages/site/docs/index.html:104
msgid "I2CP - I2P Control Protocol / API overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:106
msgid "I2CP Specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:108
msgid "I2CP API Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:110
#: i2p2www/pages/site/docs/index.html:140
msgid "Common data structures specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:112
#: i2p2www/pages/site/docs/index.html:142
msgid "Data Structures Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:115
msgid "End-to-End Encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:116
msgid "How client messages are end-to-end encrypted by the router."
msgstr ""
#: i2p2www/pages/site/docs/index.html:118
msgid "ElGamal/AES+SessionTag encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:119
#: i2p2www/pages/site/docs/index.html:153
msgid "ElGamal and AES cryptography details"
msgstr ""
#: i2p2www/pages/site/docs/index.html:122
#: i2p2www/pages/site/docs/how/tech-intro.html:11
#: i2p2www/pages/site/docs/how/tech-intro.html:325
msgid "Network Database"
msgstr ""
#: i2p2www/pages/site/docs/index.html:123
msgid ""
"Distributed storage and retrieval of information about routers and "
"clients."
msgstr ""
#: i2p2www/pages/site/docs/index.html:125
msgid "Network database overview, details, and threat analysis"
msgstr ""
#: i2p2www/pages/site/docs/index.html:126
msgid "Cryptographic hashes"
msgstr ""
#: i2p2www/pages/site/docs/index.html:127
msgid "Cryptographic signatures"
msgstr ""
#: i2p2www/pages/site/docs/index.html:128
#: i2p2www/pages/site/docs/index.html:187
msgid "Router reseed specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:131
msgid "Router Message Protocol"
msgstr ""
#: i2p2www/pages/site/docs/index.html:132
msgid ""
"I2P is a message-oriented router. The messages sent between routers are "
"defined by the I2NP protocol."
msgstr ""
#: i2p2www/pages/site/docs/index.html:134
msgid "I2NP - I2P Network Protocol Overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:136
msgid "I2NP Specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:138
msgid "I2NP Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:145
#: i2p2www/pages/site/docs/how/tech-intro.html:10
#: i2p2www/pages/site/docs/how/tech-intro.html:224
msgid "Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/index.html:146
msgid ""
"Selecting peers, requesting tunnels through those peers, and encrypting "
"and routing messages through these tunnels."
msgstr ""
#: i2p2www/pages/site/docs/index.html:148
msgid "Peer profiling and selection"
msgstr ""
#: i2p2www/pages/site/docs/index.html:149
msgid "Tunnel routing overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:150
msgid "Garlic routing and \"garlic\" terminology"
msgstr ""
#: i2p2www/pages/site/docs/index.html:151
msgid "Tunnel building and encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:152
msgid "ElGamal/AES"
msgstr ""
#: i2p2www/pages/site/docs/index.html:152
msgid "for build request encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:154
msgid "Tunnel building specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:155
msgid "Low-level tunnel message specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:156
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:2
msgid "Unidirectional Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/index.html:157
#: i2p2www/pages/site/docs/how/peer-selection.html:299
msgid "Peer Profiling and Selection in the I2P Anonymous Network"
msgstr ""
#: i2p2www/pages/site/docs/index.html:158
msgid "2009 paper (pdf), not current but still generally accurate"
msgstr ""
#: i2p2www/pages/site/docs/index.html:161
msgid "Transport Layer"
msgstr ""
#: i2p2www/pages/site/docs/index.html:162
msgid "The protocols for direct (point-to-point) router to router communication."
msgstr ""
#: i2p2www/pages/site/docs/index.html:164
msgid "Transport layer overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:166
msgid "TCP-based transport overview and specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:168
msgid "UDP-based transport overview"
msgstr ""
#: i2p2www/pages/site/docs/index.html:170
msgid "SSU specification"
msgstr ""
#: i2p2www/pages/site/docs/index.html:172
msgid "NTCP transport encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:174
msgid "SSU transport encryption"
msgstr ""
#: i2p2www/pages/site/docs/index.html:176
msgid "Transport Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:178
msgid "NTCP Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:180
msgid "SSU Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/index.html:183
msgid "Other Router Topics"
msgstr ""
#: i2p2www/pages/site/docs/index.html:185
msgid "Router software updates"
msgstr ""
#: i2p2www/pages/site/docs/index.html:189
msgid "Native BigInteger Library"
msgstr ""
#: i2p2www/pages/site/docs/index.html:191
msgid "Time synchronization and NTP"
msgstr ""
#: i2p2www/pages/site/docs/index.html:193
msgid "Performance"
msgstr ""
#: i2p2www/pages/site/docs/index.html:200
msgid "Developer's Guides and Resources"
msgstr ""
#: i2p2www/pages/site/docs/index.html:202
msgid "New Developer's Guide"
msgstr ""
#: i2p2www/pages/site/docs/index.html:204
msgid "New Translator's Guide"
msgstr ""
#: i2p2www/pages/site/docs/index.html:206
msgid "Monotone Guide"
msgstr ""
#: i2p2www/pages/site/docs/index.html:208
msgid "Developer Guidelines"
msgstr ""
#: i2p2www/pages/site/docs/index.html:210
msgid "Javadocs on the standard internet:"
msgstr ""
#: i2p2www/pages/site/docs/index.html:211
#: i2p2www/pages/site/docs/index.html:215
#: i2p2www/pages/site/docs/index.html:216
#: i2p2www/pages/site/docs/index.html:217
#, python-format
msgid "Server %(num)s"
msgstr ""
#: i2p2www/pages/site/docs/index.html:212
#: i2p2www/pages/site/docs/index.html:221
msgid ""
"Note: always verify that javadocs are current by checking the release "
"number."
msgstr ""
#: i2p2www/pages/site/docs/index.html:214
msgid "Javadocs inside I2P:"
msgstr ""
#: i2p2www/pages/site/docs/index.html:225
msgid "How to Set up a Reseed Server"
msgstr ""
#: i2p2www/pages/site/docs/index.html:227
msgid "Ports used by I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:229
msgid "Automatic updates to development builds inside I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:231
msgid "Updating the wrapper manually"
msgstr ""
#: i2p2www/pages/site/docs/index.html:233
msgid "User forum"
msgstr ""
#: i2p2www/pages/site/docs/index.html:235
msgid "Developer forum inside I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:237
msgid "Bug tracker"
msgstr ""
#: i2p2www/pages/site/docs/index.html:239
msgid "Viewmtn inside I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:241
msgid "I2P Source exported to GitHub"
msgstr ""
#: i2p2www/pages/site/docs/index.html:243
msgid "I2P Source Git Repo inside I2P"
msgstr ""
#: i2p2www/pages/site/docs/index.html:245
msgid "Source translation at Transifex"
msgstr ""
#: i2p2www/pages/site/docs/index.html:247
msgid "Roadmap"
msgstr ""
#: i2p2www/pages/site/docs/index.html:249
msgid "To Do List"
msgstr ""
#: i2p2www/pages/site/docs/index.html:249
msgid "not current"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:3
#: i2p2www/pages/site/docs/transport/ssu.html:3
msgid "May 2016"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:8
msgid ""
"I2P ships with a generic naming library and a base implementation \n"
"designed to work off a local name to destination mapping, as well as an\n"
"add-on application called the <a href=\"#addressbook\">addressbook</a>. \n"
"I2P also supports <a href=\"#base32\">Base32 hostnames</a> similar to "
"Tor's .onion addresses."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:15
msgid ""
"The addressbook is a web-of-trust\n"
"driven secure, distributed, and human readable naming system, sacrificing"
" only\n"
"the call for all human readable names to be globally unique by mandating "
"only\n"
"local uniqueness. While all messages in I2P are cryptographically "
"addressed\n"
"by their destination, different people can have local addressbook entries"
" for\n"
"\"Alice\" which refer to different destinations. People can still "
"discover new\n"
"names by importing published addressbooks of peers specified in their web"
" of trust,\n"
"by adding in the entries provided through a third party, or (if some "
"people organize\n"
"a series of published addressbooks using a first come first serve "
"registration\n"
"system) people can choose to treat these addressbooks as name servers, "
"emulating\n"
"traditional DNS."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:29
#, python-format
msgid ""
"NOTE: For the reasoning behind the I2P naming system, common arguments "
"against it\n"
"and possible alternatives see the <a href=\"%(namingdiscussion)s\">naming"
" discussion</a>\n"
"page."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:36
msgid "Naming System Components"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:38
msgid ""
"There is no central naming authority in I2P.\n"
"All hostnames are local."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:43
msgid ""
"The naming system is quite simple and most of it is implemented\n"
"in applications external to the router, but bundled with\n"
"the I2P distribution.\n"
"The components are:"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:51
msgid ""
"The local <a href=\"#lookup\">naming service</a> which does lookups\n"
"and also handles <a href=\"#base32\">Base32 hostnames</a>."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:55
msgid ""
"The <a href=\"#httpproxy\">HTTP proxy</a> which asks the router for "
"lookups and points\n"
"the user to remote jump services to assist with failed lookups."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:59
msgid ""
"HTTP <a href=\"#add-services\">host-add forms</a> which allow users to "
"add hosts to their local hosts.txt"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:62
msgid ""
"HTTP <a href=\"#jump-services\">jump services</a> which provide their own"
" lookups and redirection."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:65
msgid ""
"The <a href=\"#addressbook\">addressbook</a> application which merges "
"external\n"
"host lists, retrieved via HTTP, with the local list."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:69
msgid ""
"The <a href=\"#susidns\">SusiDNS</a> application which is a simple web "
"front-end\n"
"for addressbook configuration and viewing of the local host lists."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:76
msgid "Naming Services"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:78
#, python-format
msgid ""
"All destinations in I2P are 516-byte (or longer) keys.\n"
"(To be more precise, it is a 256-byte public key plus a 128-byte signing "
"key\n"
"plus a null certificate, which in Base64 representation is 516 bytes.\n"
"<a href=\"%(namingdiscussion)s#certificates\">Certificates</a> are not "
"used now,\n"
"if they are, the keys will be longer.\n"
"One possible use of certificates is for <a "
"href=\"%(todo)s#hashcash\">proof of work</a>.)"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:87
msgid ""
"If an application (i2ptunnel or the HTTP proxy) wishes to access\n"
"a destination by name, the router does a very simple local lookup\n"
"to resolve that name."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:93
msgid "Hosts.txt Naming Service"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:95
msgid ""
"The hosts.txt Naming Service does a simple linear search through\n"
"text files. This naming service was the default until\n"
"release 0.8.8 when it was replaced by the Blockfile Naming Service.\n"
"The hosts.txt format had become too slow after the file grew to thousands"
" of entries."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:102
#, python-format
msgid ""
"It does a linear search through three local files, in order, to\n"
"look up host names and convert them to a 516-byte destination key.\n"
"Each file is in a simple <a href=\"%(configuration)s\">configuration file"
" format</a>, with hostname=base64, one per line.\n"
"The files are:"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:114
msgid "Blockfile Naming Service"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:116
msgid ""
"The Blockfile Naming Service stores multiple \"addressbooks\" in a single"
"\n"
"database file named hostsdb.blockfile.\n"
"This Naming Service is the default since release 0.8.8."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:122
#, python-format
msgid ""
"A blockfile is simply on-disk storage of multiple sorted maps (key-value "
"pairs),\n"
"implemented as skiplists.\n"
"The blockfile format is specified on the <a "
"href=\"%(blockfile)s\">Blockfile page</a>.\n"
"It provides fast Destination lookup in a compact format. While the "
"blockfile overhead is substantial,\n"
"the destinations are stored in binary rather than in Base 64 as in the "
"hosts.txt format.\n"
"In addition, the blockfile provides the capability of arbitrary metadata "
"storage\n"
"(such as added date, source, and comments) for each entry to implement "
"advanced addressbook features.\n"
"The blockfile storage requirement is a modest increase over the hosts.txt"
" format, and the blockfile provides\n"
"approximately 10x reduction in lookup times."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:134
msgid ""
"On creation, the naming service imports entries from the three files used"
" by the hosts.txt Naming Service.\n"
"The blockfile mimics the previous implementation by maintaining three "
"maps that\n"
"are searched in-order, named privatehosts.txt, userhosts.txt, and "
"hosts.txt.\n"
"It also maintains a reverse-lookup map to implement rapid reverse lookups."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:141
msgid "Other Naming Service Facilities"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:143
#, python-format
msgid ""
"The lookup is case-insensitive.\n"
"The first match is used, and conflicts are not detected.\n"
"There is no enforcement of naming rules in lookups.\n"
"Lookups are cached for a few minutes.\n"
"Base 32 resolution is <a href=\"#base32\">described below</a>.\n"
"For a full description of the Naming Service API see the\n"
"<a href=\"%(nsjavadocs)s\">Naming Service Javadocs</a>.\n"
"This API was significantly expanded in release 0.8.7 to provide\n"
"adds and removes, storage of arbitrary properties with the hostname,\n"
"and other features."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:156
msgid "Alternatives and Experimental Naming Services"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:158
#, python-format
msgid ""
"The naming service is specified with the configuration property "
"<tt>i2p.naming.impl=class</tt>.\n"
"Other implementations are possible. For example,\n"
"there is an experimental facility for real-time lookups (a la DNS) over "
"the network within the router.\n"
"For more information see the <a "
"href=\"%(namingdiscussion)s#alternatives\">alternatives on the discussion"
" page</a>."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:165
msgid ""
"The HTTP proxy does a lookup via the router for all hostnames ending in "
"'.i2p'.\n"
"Otherwise, it forwards the request to a configured HTTP outproxy.\n"
"Thus, in practice, all HTTP (eepsite) hostnames must end in the pseudo-"
"Top Level Domain '.i2p'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:171
#, python-format
msgid ""
"We have <a href=\"%(i2ptld)s\">applied to reserve the .i2p TLD</a>\n"
"following the procedures specified in <a href=\"%(rfc6761)s\">RFC "
"6761</a>."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:177
msgid ""
"If the router fails to resolve the hostname, the HTTP proxy returns\n"
"an error page to the user with links to several \"jump\" services.\n"
"See below for details."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:183
msgid "Addressbook"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:184
msgid "Incoming Subscriptions and Merging"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:186
msgid ""
"The addressbook application periodically\n"
"retrieves other users' hosts.txt files and merges\n"
"them with the local hosts.txt, after several checks.\n"
"Naming conflicts are resolved on a first-come first-served\n"
"basis."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:194
msgid ""
"Subscribing to another user's hosts.txt file involves\n"
"giving them a certain amount of trust.\n"
"You do not want them, for example, 'hijacking' a new site\n"
"by quickly entering in their own key for a new site before\n"
"passing the new host/key entry to you."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:202
msgid ""
"For this reason, the only subscription configured by\n"
"default is <code>http://i2p-projekt.i2p/hosts.txt "
"(http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt)</code>,"
" \n"
"which contains a copy of the hosts.txt included\n"
"in the I2P release.\n"
"Users must configure additional subscriptions in their\n"
"local addressbook application (via subscriptions.txt or <a "
"href=\"#susidns\">SusiDNS</a>)."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:211
msgid "Some other public addressbook subscription links:"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:218
msgid ""
"The operators of these services may have various policies for listing "
"hosts.\n"
"Presence on this list does not imply endorsement."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:223
#: i2p2www/pages/site/docs/naming.html:235
msgid "Naming Rules"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:224
msgid ""
"While there are hopefully not any technical limitations within I2P on "
"host names,\n"
"the addressbook enforces several restrictions on host names\n"
"imported from subscriptions.\n"
"It does this for basic typographical sanity and compatibility with "
"browsers,\n"
"and for security.\n"
"The rules are essentially the same as those in RFC2396 Section 3.2.2.\n"
"Any hostnames violating these rules may not be propagated\n"
"to other routers."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:239
msgid "Names are converted to lower case on import."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:243
msgid ""
"Names are checked for conflict with existing names in the existing "
"userhosts.txt and hosts.txt\n"
"(but not privatehosts.txt) after conversion to lower case."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:248
msgid "Must contain only [a-z] [0-9] '.' and '-' after conversion to lower case."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:252
msgid "Must not start with '.' or '-'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:256
msgid "Must end with '.i2p'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:260
msgid "67 characters maximum, including the '.i2p'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:264
msgid "Must not contain '..'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:268
msgid "Must not contain '.-' or '-.' (as of 0.6.1.33)."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:272
msgid "Must not contain '--' except in 'xn--' for IDN."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:276
msgid ""
"Base32 hostnames (*.b32.i2p) are reserved for base 32 use and so are not "
"allowed to be imported."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:280
msgid ""
"Certain hostnames reserved for project use are not allowed\n"
"(proxy.i2p, router.i2p, console.i2p, *.proxy.i2p, *.router.i2p, "
"*.console.i2p, and others)"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:285
msgid "Keys are checked for base64 validity."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:289
msgid ""
"Keys are checked for conflict with existing keys in hosts.txt (but not "
"privatehosts.txt)."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:293
msgid "Minimum key length 516 bytes."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:297
msgid "Maximum key length 616 bytes (to account for certs up to 100 bytes)."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:302
msgid ""
"Any name received via subscription that passes all the checks is added "
"via the local naming service."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:306
msgid ""
"Note that the '.' symbols in a host name are of no significance,\n"
"and do not denote any actual naming or trust hierarchy.\n"
"If the name 'host.i2p' already exists, there is nothing\n"
"to prevent anybody from adding a name 'a.host.i2p' to their hosts.txt,\n"
"and this name can be imported by others' addressbook.\n"
"Methods to deny subdomains to non-domain 'owners' (certificates?),\n"
"and the desirability and feasibility of these methods,\n"
"are topics for future discussion."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:317
msgid ""
"International Domain Names (IDN) also work in i2p (using punycode 'xn--' "
"form).\n"
"To see IDN .i2p domain names rendered correctly in Firefox's location "
"bar,\n"
"add 'network.IDN.whitelist.i2p (boolean) = true' in about:config."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:323
msgid ""
"As the addressbook application does not use privatehosts.txt at all, in "
"practice\n"
"this file is the only place where it is appropriate to place private "
"aliases or\n"
"\"pet names\" for sites already in hosts.txt."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:329
msgid "Advanced Subscription Feed Format"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:337
msgid "Outgoing Subscriptions"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:338
msgid ""
"Addressbook will publish the merged hosts.txt to a location\n"
"(traditionally hosts.txt in the local eepsite's home directory) to be "
"accessed by others\n"
"for their subscriptions.\n"
"This step is optional and is disabled by default."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:346
msgid ""
"The addressbook application, together with eepget, saves the Etag and/or "
"Last-Modified\n"
"information returned by the web server of the subscription.\n"
"This greatly reduces the bandwidth required, as the web server will\n"
"return a '304 Not Modified' on the next fetch if nothing has changed."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:353
msgid ""
"However the entire hosts.txt is downloaded if it has changed.\n"
"See below for discussion on this issue."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:358
msgid ""
"Hosts serving a static hosts.txt or an equivalent CGI application\n"
"are strongly encouraged to deliver\n"
"a Content-Length header, and either an Etag or Last-Modified header.\n"
"Also ensure that the server delivers a '304 Not Modified' when "
"appropriate.\n"
"This will dramatically reduce the network bandwidth, and\n"
"reduce chances of corruption."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:367
msgid "Host Add Services"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:368
msgid ""
"A host add service is a simple CGI application that takes a hostname and "
"a Base64 key as parameters\n"
"and adds that to its local hosts.txt.\n"
"If other routers subscribe to that hosts.txt, the new hostname/key\n"
"will be propagated through the network."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:375
msgid ""
"It is recommended that host add services impose, at a minimum, the "
"restrictions imposed by the addressbook application listed above.\n"
"Host add services may impose additional restrictions on hostnames and "
"keys, for example:"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:380
msgid "A limit on number of 'subdomains'."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:384
msgid "Authorization for 'subdomains' through various methods."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:388
msgid "Hashcash or signed certificates."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:392
msgid "Editorial review of host names and/or content."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:396
msgid "Categorization of hosts by content."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:400
msgid "Reservation or rejection of certain host names."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:404
msgid "Restrictions on the number of names registered in a given time period."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:408
msgid "Delays between registration and publication."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:412
msgid "Requirement that the host be up for verification."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:416
msgid "Expiration and/or revocation."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:420
msgid "IDN spoof rejection."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:425
msgid "Jump Services"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:426
msgid ""
"A jump service is a simple CGI application that takes a hostname as a "
"parameter\n"
"and returns a 301 redirect to the proper URL with a "
"<code>?i2paddresshelper=key</code>\n"
"string appended.\n"
"The HTTP proxy will interpret the appended string and\n"
"use that key as the actual destination.\n"
"In addition, the proxy will cache that key so the\n"
"address helper is not necessary until restart."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:436
msgid ""
"Note that, like with subscriptions, using a jump service\n"
"implies a certain amount of trust, as a jump service could maliciously\n"
"redirect a user to an incorrect destination."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:442
msgid ""
"To provide the best service, a jump service should be subscribed to\n"
"several hosts.txt providers so that its local host list is current."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:448
msgid ""
"SusiDNS is simply a web interface front-end to configuring addressbook "
"subscriptions\n"
"and accessing the four addressbook files.\n"
"All the real work is done by the 'addressbook' application."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:454
msgid ""
"Currently, there is little enforcement of addressbook naming rules within"
" SusiDNS,\n"
"so a user may enter hostnames locally that would be rejected by\n"
"the addressbook subscription rules."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:460
msgid "Base32 Names"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:461
msgid ""
"I2P supports Base32 hostnames similar to Tor's .onion addresses.\n"
"Base32 addresses are much shorter and easier to handle than the\n"
"full 516-character Base64 Destinations or addresshelpers.\n"
"Example: "
"<code>ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p</code>"
msgstr ""
#: i2p2www/pages/site/docs/naming.html:468
#, python-format
msgid ""
"In Tor, the address is 16 characters (80 bits), or half of the SHA-1 "
"hash.\n"
"I2P uses 52 characters (256 bits) to represent the full SHA-256 hash.\n"
"The form is {52 chars}.b32.i2p.\n"
"Tor has recently published a\n"
"<a href=\"https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94"
"-december-4th-2013\">proposal</a>\n"
"to convert to an identical format of {52 chars}.onion for their hidden "
"services.\n"
"Base32 is implemented in the naming service, which queries the\n"
"router over I2CP to lookup the LeaseSet to get the full Destination.\n"
"Base32 lookups will only be successful when the Destination is up and "
"publishing\n"
"a LeaseSet.\n"
"Because resolution may require a network database lookup, it may take "
"significantly\n"
"longer than a local address book lookup."
msgstr ""
#: i2p2www/pages/site/docs/naming.html:483
msgid ""
"Base32 addresses can be used in most places where hostnames or full "
"destinations\n"
"are used, however there are some exceptions where they may fail if the\n"
"name does not immediately resolve. I2PTunnel will fail, for example, if\n"
"the name does not resolve to a destination."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:2
msgid "Plugins"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:3
msgid "June 2012"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:6
msgid "General Information"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:7
msgid ""
"I2P includes a plugin architecture\n"
"to support easy development and installation of additional software."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:12
msgid ""
"There are now plugins available that support distributed email, blogs, "
"IRC\n"
"clients, distributed file storage, wikis, and more."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:17
msgid "Benefits to i2p users and app developers:"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:22
msgid "Easy distribution of applications"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:26
msgid ""
"Allows innovation and use of additional libraries without worrying about\n"
"increasing the size of <code>i2pupdate.sud</code>"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:31
msgid ""
"Support large or special-purpose applications that would never be bundled"
"\n"
"with the I2P installation"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:36
msgid "Cryptographically signed and verified applications"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:40
msgid "Automatic updates of applications, just like for the router"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:44
msgid ""
"Separate initial install and update packages, if desired, for smaller "
"update downloads"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:48
msgid ""
"One-click installation of applications. No more asking users to modify\n"
"<code>wrapper.config</code> or <code>clients.config</code>"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:53
msgid "Isolate applications from the base <code>$I2P</code> installation"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:57
msgid ""
"Automatic compatibility checking for I2P version, Java version, Jetty\n"
"version, and previous installed application version"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:62
msgid "Automatic link addition in console"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:66
msgid ""
"Automatic startup of application, including modifying classpath, without "
"requiring a restart"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:70
msgid "Automatic integration and startup of webapps into console Jetty instance"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:74
#, python-format
msgid ""
"Facilitate creation of 'app stores' like the one at\n"
"<a href=\"http://%(pluginsite)s\">%(pluginsite)s</a>"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:79
msgid "One-click uninstall"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:83
msgid "Language and theme packs for the console"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:87
msgid "Bring detailed application information to the router console"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:91
msgid "Non-java applications also supported"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:97
msgid "Required I2P version"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:98
msgid "0.7.12 or newer."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:100
msgid "Installation"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:101
msgid ""
"To install and start a plugin, copy the <code>.xpi2p</code> install link "
"to\n"
"the form at the bottom of\n"
"<a "
"href=\"http://127.0.0.1:7657/configclients.jsp#plugin\">configclients.jsp"
" in\n"
"your router console</a> and click the \"install plugin\" button. After a"
"\n"
"plugin is installed and started, a link to the plugin will usually appear"
" at\n"
"the top of your summary bar."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:110
msgid ""
"To update a plugin to the latest version, just click the update button on"
"\n"
"<a "
"href=\"http://127.0.0.1:7657/configclients.jsp#plugin\">configclients.jsp</a>."
"\n"
"There is also a button to check if the plugin has a more recent version, "
"as\n"
"well as a button to check for updates for all plugins. Plugins will be "
"checked\n"
"for updates automatically when updating to a new I2P release (not "
"including dev\n"
"builds)."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:120
msgid "Development"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:121
#, python-format
msgid ""
"See the latest <a href=\"%(pluginspec)s\">plugin specification</a> and "
"the\n"
"<a href=\"http://%(zzz)s/forums/16\">plugin forum</a> on %(zzz)s."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:126
#, python-format
msgid ""
"See also the sources for plugins developed by various people. Some "
"plugins, such\n"
"as <a href=\"http://%(pluginsite)s/plugins/snowman\">snowman</a>, were "
"developed\n"
"specifically as examples."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:132
msgid ""
"<b>Developers wanted!</b> Plugins are a great way to learn more about I2P"
"\n"
"or easily add some feature."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:137
msgid "Getting Started"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:138
#, python-format
msgid ""
"To create a plugin from an existing binary package you will need to get\n"
"makeplugin.sh from <a href=\"%(url)s\">the i2p.scripts branch in "
"monotone</a>."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:144
msgid "Known Issues"
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:145
msgid ""
"Note that the router's plugin architecture does <b>NOT</b> currently\n"
"provide any additional security isolation or sandboxing of plugins."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:151
msgid ""
"Updates of a plugin with included jars (not wars) won't be recognized if\n"
"the plugin was already run, as it requires class loader trickery to flush"
" the\n"
"class cache; a full router restart is required."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:157
msgid "The stop button may be displayed even if there is nothing to stop."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:161
msgid ""
"Plugins running in a separate JVM create a <code>logs/</code> directory "
"in\n"
"<code>$CWD</code>."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:166
msgid ""
"No initial keys are present, except for those of jrandom and zzz (using "
"the\n"
"same keys as for router update), so the first key seen for a signer is\n"
"automatically accepted&mdash;there is no signing key authority."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:172
msgid ""
"When deleting a plugin, the directory is not always deleted, especially "
"on\n"
"Windows."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:177
msgid ""
"Installing a plugin requiring Java 1.6 on a Java 1.5 machine will result "
"in a\n"
"\"plugin is corrupt\" message if pack200 compression of the plugin file "
"is used."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:182
msgid "Theme and translation plugins are untested."
msgstr ""
#: i2p2www/pages/site/docs/plugins.html:186
msgid "Disabling autostart doesn't always work."
msgstr ""
#: i2p2www/pages/site/docs/ports.html:2
msgid "Ports Used by I2P"
msgstr ""
#: i2p2www/pages/site/docs/ports.html:3
msgid "December 2015"
msgstr ""
#: i2p2www/pages/site/docs/ports.html:7
msgid ""
"These are the ports used or reserved by I2P, including those for known "
"plugins,\n"
"common alternates,\n"
"and some typical related applications."
msgstr ""
#: i2p2www/pages/site/docs/ports.html:13
#, python-format
msgid ""
"Note that many of these are not enabled by default.\n"
"There is more information in <a href=\"%(faq)s#ports\">the FAQ</a>.\n"
"See also the documentation for individual plugins.\n"
"Plugin authors please add any ports you use here.\n"
"For new plugins, we recommend using the next available port\n"
"in the 766x range."
msgstr ""
#: i2p2www/pages/site/docs/ports.html:53
msgid "recommended spot for new plugins/applications"
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:2
msgid "Reseed Hosts"
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:8
msgid "About Reseed hosts"
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:10
msgid ""
"Reseed hosts are needed to for bootstrapping, that is, providing the "
"initial set of I2P nodes for your I2P node to talk to. Depending on the "
"status of your node it may need to bootstrap every now and then if many "
"of the nodes it knows of aren't contactable."
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:14
msgid ""
"Reseeding is done over an encrypted connection and all of the bootstrap "
"information is signed by the reseed host you connect to, making it "
"impossible for an unauthenticated source to provide you with false "
"information."
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:19
msgid "Running a Reseed host"
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:21
msgid ""
"The more reseed hosts that are run, the more resilient the I2P network "
"becomes, and the harder it is to prevent users of I2P from connecting to "
"the network."
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:25
msgid ""
"There have also been cases where the reseed hosts we had, have been under"
" heavy load due to botnet activities."
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:33
msgid "Thank you"
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:35
msgid ""
"If you are running a reseed server, We would like to thank you for "
"helping to\n"
"make the I2P network stronger and more resilient than ever."
msgstr ""
#: i2p2www/pages/site/docs/reseed.html:41
msgid "Thank you."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:2
msgid "BOB - Basic Open Bridge"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:3
msgid "November 2015"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:12
msgid "Technical differences from SAM (for the better?)"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:14
msgid ""
"BOB has separate command and data channels. \n"
"One, an application command channel socket to router to configure.\n"
"Two, the application data sockets to/from router that carry only data.\n"
"The command channel is only needed for making or setting the initial\n"
"destination key, and to set the destination key to port bindings. \n"
"All connections run in parallel."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:23
msgid ""
"SAM has one connection that does everything, and you need to parse every "
"packet."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:27
msgid ""
"BOB does not hold keypair values, nor does the router.\n"
"Your application holds the keypair values. \n"
"This is to reduce any extra complexity in the router code, it also adds "
"to\n"
"your privacy."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:34
msgid "SAM router stores every keypair you ever make."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:38
msgid "Those are the important differences."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:42
msgid "<code>KEYS</code> = keypair public+private, these are BASE64"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:45
msgid "<code>KEY</code> = public key, also BASE64"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:48
msgid ""
"<code>ERROR</code> as is implied returns the message <code>\"ERROR "
"\"+DESCRIPTION+\"\\n\"</code>, where the <code>DESCRIPTION</code> is what"
" went wrong."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:51
msgid ""
"<code>OK</code> returns <code>\"OK\"</code>, and if data is to be "
"returned, it is on the same line. <code>OK</code> means the command is "
"finished."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:54
msgid ""
"<code>DATA</code> lines contain information that you requested. There may"
" be multiple <code>DATA</code> lines per request."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:58
msgid ""
"<b>NOTE:</b> The help command is the ONLY command that has an exception "
"to\n"
"the rules... it can actually return nothing! This is intentional, since\n"
"help is a HUMAN and not an APPLICATION command."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:64
msgid ""
"<b>PLEASE NOTE:</b>\n"
"For CURRENT details on the commands PLEASE use the built-in help command."
" \n"
"Just telnet to localhost 2827 and type help and you can get full "
"documentation on each command."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:70
msgid ""
"Commands never get obsoleted or changed, however new commands do get "
"added from time to time."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:74
msgid "Here are the commands we have as of this writing:"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:79
msgid "COMMAND"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:79
msgid "OPERAND"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:79
msgid "RETURNS"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:107
msgid ""
"Once set up, all TCP sockets can and will block as needed, and there is "
"no need for any \n"
"additional messages to/from the command channel. This allows the router "
"to pace the\n"
"stream without exploding with OOM like SAM does as it chokes on "
"attempting to shove \n"
"many streams in or out one socket -- that can't scale when you have alot "
"of connections!"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:114
msgid ""
"What is also nice about this particular interface is that writing "
"anything to interface \n"
"to it, is much much easier than SAM. There is no other processing to do "
"after the set up.\n"
"It's configuration is so simple, that very simple tools, such as nc "
"(netcat) can be used \n"
"to point to some application. The value there is that one could schedule "
"up and down times \n"
"for an application, and not have to change the application to do that, or"
" to even have \n"
"to stop that application. Instead, you can literally \"unplug\" the "
"destination, and \n"
"\"plug it in\" again. As long as the same IP/port addresses and "
"destination keys are used \n"
"when bringing the bridge up, the normal TCP application won't care, and "
"won't notice.\n"
"It will simply be fooled -- the destinations are not reachable, and that "
"nothing is coming in."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:126
msgid ""
"For the following example, we'll setup a very simple local loopback "
"connection, \n"
"with two destinations. Destination \"mouth\" will be the CHARGEN service "
"from \n"
"the INET superserver daemon. Destination \"ear\" will be a local port "
"that you\n"
"can telnet into, and watch the pretty ASCII test puke forth."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:134
msgid "EXAMPLE SESSION DIALOGUE -- simple telnet 127.0.0.1 2827 works"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:135
msgid "Application"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:136
msgid "BOB's Command response."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:138
#: i2p2www/pages/site/docs/api/bob.html:150
#: i2p2www/pages/site/docs/api/bob.html:170
#: i2p2www/pages/site/docs/api/bob.html:278
#: i2p2www/pages/site/docs/api/bob.html:290
#: i2p2www/pages/site/docs/api/bob.html:305
msgid "FROM"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:138
#: i2p2www/pages/site/docs/api/bob.html:150
#: i2p2www/pages/site/docs/api/bob.html:170
#: i2p2www/pages/site/docs/api/bob.html:278
#: i2p2www/pages/site/docs/api/bob.html:290
#: i2p2www/pages/site/docs/api/bob.html:305
msgid "TO"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:138
#: i2p2www/pages/site/docs/api/bob.html:150
#: i2p2www/pages/site/docs/api/bob.html:170
#: i2p2www/pages/site/docs/api/bob.html:278
#: i2p2www/pages/site/docs/api/bob.html:290
#: i2p2www/pages/site/docs/api/bob.html:305
msgid "DIALOGUE"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:145
msgid "MAKE NOTE OF THE ABOVE DESTINATION KEY, YOURS WILL BE DIFFERENT!"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:159
msgid ""
"At this point, there was no error, a destination with a nickname of "
"\"mouth\" \n"
"is set up. When you contact the destination provided, you actually "
"connect \n"
"to the <code>CHARGEN</code> service on <code>19/TCP</code>."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:165
msgid "Now for the other half, so that we can actually contact this destination."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:185
msgid ""
"Now all we need to do is telnet into 127.0.0.1, port 37337,\n"
"send the destination key or host address from addressbook we want to "
"contact.\n"
"In this case, we want to contact \"mouth\", all we do is paste in the\n"
"key and it goes."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:192
msgid ""
"<b>NOTE:</b> The \"quit\" command in the command channel does NOT "
"disconnect the tunnels like SAM."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:209
msgid "After a few virtual miles of this spew, press <code>Control-]</code>"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:221
msgid "Here is what happened..."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:229
msgid "You can connect to EEPSITES too!"
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:262
msgid ""
"Pretty cool isn't it? Try some other well known EEPSITES if you like, "
"nonexistent ones, \n"
"etc, to get a feel for what kind of output to expect in different "
"situations. \n"
"For the most part, it is suggested that you ignore any of the error "
"messages. \n"
"They would be meaningless to the application, and are only presented for "
"human debugging."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:269
msgid "Let's put down our destinations now that we are all done with them."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:273
msgid "First, lets see what destination nicknames we have."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:285
msgid "Alright, there they are. First, let's remove \"mouth\"."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:299
msgid ""
"Now to remove \"ear\", note that this is what happens when you type too "
"fast,\n"
"and shows you what typical ERROR messages looks like."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:318
msgid ""
"I won't bother to show an example of the receiver end of a bridge\n"
"because it is very simple. There are two possible settings for it, and\n"
"it is toggled with the \"quiet\" command."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:324
msgid ""
"The default is NOT quiet, and the first data to come into your\n"
"listening socket is the destination that is making the contact. It is a\n"
"single line consisting of the BASE64 address followed by a newline.\n"
"Everything after that is for the application to actually consume."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:331
msgid ""
"In quiet mode, think of it as a regular Internet connection. No\n"
"extra data comes in at all. It's just as if you are plain connected to\n"
"the regular Internet. This mode allows a form of transparency much like\n"
"is available on the router console tunnel settings pages, so that you\n"
"can use BOB to point a destination at a web server, for example, and\n"
"you would not have to modify the web server at all."
msgstr ""
#: i2p2www/pages/site/docs/api/bob.html:340
msgid ""
"The advantage with using BOB for this is as discussed\n"
"previously. You could schedule random uptimes for the application,\n"
"redirect to a different machine, etc. One use of this may be something\n"
"like wanting to try to goof up router-to-destination upness guessing.\n"
"You could stop and start the destination with a totally different\n"
"process to make random up and down times on services. That way you\n"
"would only be stopping the ability to contact such a service, and not\n"
"have to bother shutting it down and restarting it. You could redirect\n"
"and point to a different machine on your LAN while you do updates, or\n"
"point to a set of backup machines depending on what is running, etc,\n"
"etc. Only your imagination limits what you could do with BOB."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:3
#: i2p2www/pages/site/docs/protocol/index.html:3
msgid "August 2010"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:6
msgid "Datagram Overview"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:7
#, python-format
msgid ""
"Datagrams build upon the base <a href=\"%(i2cp)s\">I2CP</a> to provide "
"authenticated\n"
"and repliable messages in a standard format. This lets applications "
"reliably read\n"
"the \"from\" address out of a datagram and know that the address really "
"sent the\n"
"message. This is necessary for some applications since the base I2P "
"message is\n"
"completely raw - it has no \"from\" address (unlike IP packets). In "
"addition, the\n"
"message and sender are authenticated by signing the payload."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:16
#, python-format
msgid ""
"Datagrams, like <a href=\"%(streaming)s\">streaming library packets</a>,\n"
"are an application-level construct.\n"
"These protocols are independent of the low-level <a "
"href=\"%(transports)s\">transports</a>;\n"
"the protocols are converted to I2NP messages by the router, and\n"
"either protocol may be carried by either transport."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:25
msgid "Application Guide"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:26
#, python-format
msgid ""
"Applications written in Java may use the \n"
"<a href=\"%(url)s\">datagram API</a>,\n"
"while applications in other languages \n"
"can use <a href=\"%(sam)s\">SAM</a>'s datagram support.\n"
"There is also limited support in i2ptunnel in the <a "
"href=\"%(socks)s\">SOCKS proxy</a>,\n"
"the 'streamr' tunnel types, and udpTunnel classes."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:37
msgid "Datagram Length"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:38
msgid ""
"The application designer should carefully consider the tradeoff of "
"repliable vs. non-repliable\n"
"datagrams. Also, the datagram size will affect reliability, due to tunnel"
" fragmentation into 1KB\n"
"tunnel messages. The more message fragments, the more likely that one of "
"them will be dropped\n"
"by an intermediate hop. Messages larger than a few KB are not "
"recommended.\n"
"Over about 10 KB, the delivery probablility drops dramatically.\n"
"Messages over 16 KB cannot be delivered over NTCP, dropping delivery "
"chances even more."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:47
#, python-format
msgid ""
"Also note that the various overheads added by lower layers, in particular"
" asymmetric\n"
"<a href=\"%(elgamalaes)s\">ElGamal/AES</a>, place a large burden on "
"intermittent messages\n"
"such as used by a Kademlia-over-UDP application. The implementations are "
"currently tuned\n"
"for frequent traffic using the streaming library. There are a high number"
"\n"
"of session tags delivered, and a short session tag lifetime, for example."
"\n"
"There are currently no configuration parameters available within I2CP to "
"tune\n"
"the ElGamal Session Tag parameters."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:57
msgid "I2CP Protocol Number and Ports"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:58
msgid ""
"The standard I2CP protocol number for datagrams is PROTO_DATAGRAM (17).\n"
"Applications may or may not choose to set the\n"
"protocol in the I2CP header. It is not set by default.\n"
"It must be set to demultiplex datagram and streaming traffic received on "
"the same Destination."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:65
#, python-format
msgid ""
"As datagrams are not connection-oriented, the application may require\n"
"port numbers to correlate datagrams with particular peers or "
"communications sessions,\n"
"as is traditional with UDP over IP.\n"
"Applications may add 'from' and 'to' ports to the I2CP (gzip) header as "
"described in\n"
"the <a href=\"%(i2cp)s#format\">I2CP page</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:73
#, python-format
msgid ""
"There is no method within the datagram API to specify whether it is non-"
"repliable (raw)\n"
"or repliable. The application should be designed to expect the "
"appropriate type.\n"
"The I2CP protocol number or port should be used by the application to\n"
"indicate datagram type.\n"
"The I2CP protocol numbers PROTO_DATAGRAM (signed) and PROTO_DATAGRAM_RAW "
"are defined in the\n"
"<a href=\"%(i2psession)s\">I2PSession API</a>\n"
"for this purpose. A common design pattern in client/server datagram "
"applications is to\n"
"use signed datagrams for a request which includes a nonce, and use a raw "
"datagram\n"
"for the reply, returning the nonce from the request."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:85
#, python-format
msgid ""
"The protocols and ports may be set in I2CP's\n"
"<a href=\"%(i2psession)s\">I2PSession API</a>,\n"
"as implemented in\n"
"<a href=\"%(i2psessionmuxed)s\">I2PSessionMuxedImpl</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:93
#: i2p2www/pages/site/docs/api/streaming.html:404
msgid "Data Integrity"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:94
#, python-format
msgid ""
"Data integrity is assured by the gzip CRC-32 checksum implemented in\n"
"<a href=\"%(i2cp)s#format\">the I2CP layer</a>.\n"
"There is no checksum field in the datagram protocol."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:100
#: i2p2www/pages/site/docs/api/streaming.html:412
msgid "Packet Encapsulation"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:101
#, python-format
msgid ""
"Each datagram is sent through I2P as a single message (or as an "
"individual clove in a\n"
"<a href=\"%(garlicrouting)s\">Garlic Message</a>).\n"
"Message encapsulation is implemented in the underlying\n"
"<a href=\"%(i2cp)s\">I2CP</a>,\n"
"<a href=\"%(i2np)s\">I2NP</a>, and\n"
"<a href=\"%(tunnelmessage)s\">tunnel message</a> layers.\n"
"There is no packet delimiter mechanism or length field in the datagram "
"protocol."
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:114
#: i2p2www/pages/site/docs/transport/ssu.html:624
msgid "Specification"
msgstr ""
#: i2p2www/pages/site/docs/api/datagrams.html:116
msgid "See the Datagrams Specification page."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:2
msgid "I2PControl - Remote Control Service"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:4
#, python-format
msgid ""
"I2P enables a <a href=\"http://en.wikipedia.org/wiki/JSON-"
"RPC\">JSONRPC2</a> interface via the plugin <a "
"href=\"%(itoopie)s\">I2PControl</a>.\n"
"The aim of the interface is to provide simple way to interface with a "
"running I2P node. A client, itoopie, has been developed in parallel.\n"
"The JSONRPC2 implementation for the client as well as the plugin is "
"provided by the java libraries <a href=\"http://software.dzhuvinov.com"
"/json-rpc-2.0.html\">JSON-RPC 2.0</a>. \n"
"A list of implementations of JSON-RPC for various languages can be found "
"at <a href=\"http://json-rpc.org/wiki/implementations\">the JSON-RPC "
"wiki</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:11
msgid "I2PControl is by default listening on https://localhost:7650"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:13
msgid "API, version 1."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:14
msgid "Parameters are only provided in a named way (maps)."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:18
msgid "JSON-RPC 2 format"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:19
#: i2p2www/pages/site/docs/api/i2pcontrol.html:44
#: i2p2www/pages/site/docs/api/i2pcontrol.html:57
#: i2p2www/pages/site/docs/api/i2pcontrol.html:67
#: i2p2www/pages/site/docs/api/i2pcontrol.html:76
#: i2p2www/pages/site/docs/api/i2pcontrol.html:86
#: i2p2www/pages/site/docs/api/i2pcontrol.html:101
#: i2p2www/pages/site/docs/api/i2pcontrol.html:154
#: i2p2www/pages/site/docs/api/i2pcontrol.html:175
msgid "Request:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:32
#: i2p2www/pages/site/docs/api/i2pcontrol.html:49
#: i2p2www/pages/site/docs/api/i2pcontrol.html:61
#: i2p2www/pages/site/docs/api/i2pcontrol.html:71
#: i2p2www/pages/site/docs/api/i2pcontrol.html:81
#: i2p2www/pages/site/docs/api/i2pcontrol.html:92
#: i2p2www/pages/site/docs/api/i2pcontrol.html:118
#: i2p2www/pages/site/docs/api/i2pcontrol.html:164
#: i2p2www/pages/site/docs/api/i2pcontrol.html:190
msgid "Response:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:43
#: i2p2www/pages/site/docs/api/i2pcontrol.html:45
#: i2p2www/pages/site/docs/api/i2pcontrol.html:46
#: i2p2www/pages/site/docs/api/i2pcontrol.html:50
#: i2p2www/pages/site/docs/api/i2pcontrol.html:51
#: i2p2www/pages/site/docs/protocol/i2cp.html:108
#: i2p2www/pages/site/docs/protocol/i2cp.html:483
msgid "Description"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:47
msgid ""
"Token used for authenticating every request (excluding the 'Authenticate'"
" RPC method)"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:55
msgid "Implemented methods"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:56
msgid ""
"Creates and returns an authentication token used for further "
"communication."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:58
msgid "The version of the I2PControl API used by the client."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:59
msgid "The password used for authenticating against the remote server."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:62
msgid "The primary I2PControl API version implemented by the server."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:63
msgid "The token used for further communication."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:66
msgid "Echoes the value of the echo key, used for debugging and testing."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:68
msgid "Value will be returned in response."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:69
#: i2p2www/pages/site/docs/api/i2pcontrol.html:79
#: i2p2www/pages/site/docs/api/i2pcontrol.html:90
#: i2p2www/pages/site/docs/api/i2pcontrol.html:116
#: i2p2www/pages/site/docs/api/i2pcontrol.html:162
msgid ""
"Token used for authenticating the client. Is provided by the server via "
"the 'Authenticate' RPC method."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:72
msgid "Value of the key 'echo' in the request."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:75
msgid ""
"Fetches rateStat from router statManager. Creates stat if not already "
"created."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:77
#, python-format
msgid ""
"Determines which rateStat to fetch, see <a "
"href=\"%(ratestats)s\">ratestats</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:78
msgid "Determines which period a stat is fetched for. Measured in ms."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:82
msgid "Returns the average value for the reuested rateStat and period."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:85
msgid "Manages I2PControl. Ports, passwords and the like."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:87
msgid ""
"Sets a new listen address for I2PControl (only 127.0.0.1 and 0.0.0.0 are "
"implemented in I2PControl currently)."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:88
msgid ""
"Sets a new password for I2PControl, all Authentication tokens will be "
"revoked."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:89
msgid "Switches which port I2PControl will listen for connections on."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:93
msgid "Returned if address was changed"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:94
#: i2p2www/pages/site/docs/api/i2pcontrol.html:95
msgid "Returned if setting was changed"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:96
msgid "Returns true if any changes were made."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:97
msgid "Returns true if any changes requiring a restart to take effect were made."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:100
msgid "Fetches basic information about the I2P router. Uptime, version etc."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:119
msgid "What the status of the router is."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:120
msgid "What the uptime of the router is in ms."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:121
msgid "What version of I2P the router is running."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:122
msgid "The 1 second average inbound bandwidth in Bps."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:123
msgid "The 15 second average inbound bandwidth in Bps."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:124
msgid "The 1 second average outbound bandwidth in Bps."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:125
msgid "The 15 second average outbound bandwidth in Bps."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:126
msgid "What the current network status is. According to the below enum:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:145
msgid "How many tunnels on the I2P net are we participating in."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:146
msgid "How many peers have we communicated with recently."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:147
msgid "How many peers are considered 'fast'."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:148
msgid "How many peers are considered 'high capacity'."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:149
msgid "Is the router reseeding hosts to its NetDB?"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:150
msgid "How many peers are known to us (listed in our NetDB)."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:153
msgid "Manages I2P router restart/shutdown."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:155
msgid "<b>Blocking</b>. Initiates a search for signed updates."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:156
msgid ""
"Initiates a router reseed, fetching peers into our NetDB from a remote "
"host."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:157
msgid "Restarts the router."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:158
msgid ""
"Restarts the router gracefully (waits for participating tunnels to "
"expire)."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:159
msgid "Shuts down the router."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:160
msgid ""
"Shuts down the router gracefully (waits for participating tunnels to "
"expire)."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:161
msgid "Initiates a router update from signed sources."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:165
msgid "<b>Blocking</b>. Returns true iff a signed update has been found."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:166
msgid "If requested, verifies that a reseed has been initiated."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:167
msgid "If requested, verifies that a restart has been initiated."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:168
msgid "If requested, verifies that a graceful restart has been initiated."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:169
msgid "If requested, verifies that a shutdown has been initiated"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:170
msgid "If requested, verifies that a graceful shutdown has been initiated"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:171
msgid "<b>Blocking</b>. If requested, returns the status of the the update"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:174
msgid "Fetches or sets various network related settings. Ports, addresses etc."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:176
msgid ""
"What port is used for the TCP transport. If null is submitted, current "
"setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:177
msgid ""
"What hostname is used for the TCP transport. If null is submitted, "
"current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:178
msgid ""
"Use automatically detected ip for TCP transport. If null is submitted, "
"current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:179
msgid ""
"What port is used for the UDP transport. If null is submitted, current "
"setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:180
msgid ""
"What hostname is used for the UDP transport. If null is submitted, "
"current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:181
msgid ""
"Which methods should be used for detecting the ip address of the UDP "
"transport. If null is submitted, current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:182
msgid "What ip has been detected by the UDP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:183
msgid "Is UPnP enabled. If null is submitted, current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:184
msgid ""
"How many percent of bandwidth is usable for participating tunnels. If "
"null is submitted, current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:185
msgid ""
"How many KB/s of inbound bandwidth is allowed. If null is submitted, "
"current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:186
msgid ""
"How many KB/s of outbound bandwidth is allowed. If null is submitted, "
"current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:187
msgid ""
"Is laptop mode enabled (change router identity and UDP port when IP "
"changes ). If null is submitted, current setting will be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:188
msgid ""
"Token used for authenticating the client. Is provided by the server via "
"the 'Authenticate' RPC method. If null is submitted, current setting will"
" be returned."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:191
msgid "If requested, returns the port used for the TCP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:192
msgid "If requested, returns the hostname used for the TCP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:193
msgid ""
"If requested, returns the method used for automatically detecting ip for "
"the TCP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:194
msgid "If requested, returns the port used for the UDP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:195
msgid "If requested, returns the hostname used for the UDP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:196
msgid ""
"If requested, returns methods used for detecting the ip address of the "
"UDP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:197
msgid "If requested, returns what ip has been detected by the UDP transport."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:198
msgid "If requested, returns the UPNP setting."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:199
msgid ""
"If requested, returns how many percent of bandwidth is usable for "
"participating tunnels."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:200
msgid "If requested, returns how many KB/s of inbound bandwidth is allowed."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:201
msgid "If requested, returns how many KB/s of outbound bandwidth is allowed."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:202
msgid "If requested, returns the laptop mode."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:203
msgid "Have the provided settings been saved."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:204
msgid "Is a restart needed for the new settings to be used."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:207
msgid "Allows for manipulation of advanced i2p settings"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:208
msgid "Set:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:208
msgid "Set the sent key-value pairs"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:211
msgid "SetAll:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:211
#: i2p2www/pages/site/docs/api/i2pcontrol.html:214
msgid "Set the sent key-value pairs, remove everything else"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:214
msgid "Get:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:217
msgid "GetAall:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:220
msgid "denotes an optional value."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:221
msgid "denotes a possibly occuring return value"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:223
msgid "Error codes"
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:224
msgid "Standard JSON-RPC2 error codes."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:225
msgid "JSON parse error."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:226
msgid "Invalid request."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:227
msgid "Method not found."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:228
msgid "Invalid parameters."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:229
msgid "Internal error."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:231
msgid "I2PControl specific error codes."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:232
msgid "Invalid password provided."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:233
msgid "No authentication token presented."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:234
msgid "Authentication token doesn't exist."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:235
msgid "The provided authentication token was expired and will be removed."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:236
msgid ""
"The version of the I2PControl API used wasn't specified, but is required "
"to be specified."
msgstr ""
#: i2p2www/pages/site/docs/api/i2pcontrol.html:237
msgid ""
"The version of the I2PControl API specified is not supported by "
"I2PControl."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:8
#, python-format
msgid ""
"I2PTunnel is a tool for interfacing with and providing services on I2P.\n"
"Destination of an I2PTunnel can be defined using a <a "
"href=\"%(naming)s\">hostname</a>,\n"
"<a href=\"%(naming)s#base32\">Base32</a>, or a full 516-byte destination "
"key.\n"
"An established I2PTunnel will be available on your client machine as "
"localhost:port.\n"
"If you wish to provide a service on I2P network, you simply create "
"I2PTunnel to the\n"
"appropriate ip_address:port. A corresponding 516-byte destination key "
"will be generated\n"
"for the service and it will become avaliable throughout I2P.\n"
"A web interface for I2PTunnel management is avaliable on\n"
"<a "
"href=\"http://localhost:7657/i2ptunnel/\">localhost:7657/i2ptunnel/</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:20
msgid "Default Services"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:21
msgid "Server tunnels"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:23
msgid ""
"<b>I2P Webserver</b> - A tunnel pointed to a Jetty webserver run\n"
"on <a href=\"http://localhost:7658\">localhost:7658</a> for convenient "
"and quick hosting on I2P.\n"
"<br>The document root is:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:31
msgid "Client tunnels"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:33
msgid ""
"A HTTP proxy used for browsing I2P and the regular internet anonymously "
"through I2P. \n"
"Browsing internet through I2P uses a random proxy specified by the "
"\"Outproxies:\" option."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:37
msgid "An IRC tunnel to the default anonymous IRC network, Irc2P."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:38
#, python-format
msgid ""
"The anonymous <a href=\"%(monotone)s\">monotone</a>\n"
"sourcecode repository for I2P"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:42
#, python-format
msgid ""
"A SMTP service provided by postman at <a "
"href=\"http://%(postman)s/?page_id=16\">%(postman)s</a>"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:45
#, python-format
msgid ""
"The accompanying POP sevice of postman at <a "
"href=\"http://%(postman)s/?page_id=16\">%(postman)s</a>"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:50
msgid "Configuration"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:54
msgid "Client Modes"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:55
#: i2p2www/pages/site/docs/api/i2ptunnel.html:165
msgid "Standard"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:56
msgid ""
"Opens a local TCP port that connects to a service (like HTTP, FTP or "
"SMTP) on a destination inside of I2P.\n"
"The tunnel is directed to a random host from the comma seperated (\", \")"
" list of destinations."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:62
msgid ""
"A HTTP-client tunnel. The tunnel connects to the destination specified by"
" the URL\n"
"in a HTTP request. Supports proxying onto internet if an outproxy is "
"provided. Strips HTTP connections of the following headers:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:67
msgid ""
"<b>Accept, Accept-Charset, Accept-Language\n"
" and Accept-Ranges</b> as they vary greatly between browsers and can be "
"used as an identifier."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:90
msgid ""
"Depending on if the tunnel is using an outproxy or not it will append the"
" following User-Agent:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:94
msgid "Outproxy:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:95
msgid "Internal I2P use:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:100
msgid ""
"Creates a connection to a random IRC server specified by the comma "
"seprated (\", \") \n"
"list of destinations. Only a whitelisted subset of IRC commands are "
"allowed due to anonymity concerns."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:105
msgid "Whitelist:"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:139
msgid "Enables using the I2P router as a SOCKS proxy."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:144
msgid ""
"Enables using the I2P router as a SOCKS proxy with the command whitelist "
"specified by\n"
"<a href=\"#client-mode-irc\">IRC</a> client mode."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:150
msgid ""
"Creates a HTTP tunnel and uses the HTTP request method \"CONNECT\" \n"
"to build a TCP tunnel that usually is used for SSL and HTTPS."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:156
msgid ""
"Creates a UDP-server attached to a Streamr client I2PTunnel. The streamr "
"client tunnel will \n"
"subscribe to a streamr server tunnel."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:164
msgid "Server Modes"
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:166
msgid "Creates a destination to a local ip:port with an open TCP port."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:171
msgid ""
"Creates a destination to a local HTTP server ip:port. Supports gzip for "
"requests with \n"
"Accept-encoding: x-i2p-gzip, replies with Content-encoding: x-i2p-gzip in"
" such a request."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:177
msgid ""
"Functions as both a I2PTunnel HTTP Server, and a I2PTunnel HTTP client "
"with no outproxying\n"
"capabilities. An example application would be a web application that does"
" client-type\n"
"requests, or loopback-testing an eepsite as a diagnostic tool."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:184
msgid ""
"Creates a destination that filters the reqistration sequence of a client "
"and passes \n"
"the clients destination key as a hostname to the IRC-server."
msgstr ""
#: i2p2www/pages/site/docs/api/i2ptunnel.html:190
msgid ""
"A UDP-client that connects to a media server is created. The UDP-Client "
"is coupled with a Streamr server I2PTunnel."
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:2
#: i2p2www/pages/site/docs/api/ministreaming.html:17
msgid "Ministreaming Library"
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:5
msgid "Note"
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:7
#, python-format
msgid ""
"The ministreaming library has been enhanced and extended by the\n"
"\"full\" <a href=\"%(streaming)s\">streaming library</a>.\n"
"Ministreaming is deprecated and is incompatible with today's "
"applications.\n"
"The following documentation is old.\n"
"Also note that streaming extends ministreaming in the same Java package "
"(net.i2p.client.streaming),\n"
"so the current <a href=\"%(api)s\">API documentation</a> contains both.\n"
"Obsolete ministreaming classes and methods are clearly marked as "
"deprecated in the Javadocs."
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:19
#, python-format
msgid ""
"\n"
"The ministreaming library is a layer on top of the core \n"
"<a href=\"%(i2cp)s\">I2CP</a> that allows reliable, in order, and "
"authenticated streams\n"
"of messages to operate across an unreliable, unordered, and "
"unauthenticated \n"
"message layer. Just like the TCP to IP relationship, this streaming \n"
"functionality has a whole series of tradeoffs and optimizations "
"available, but\n"
"rather than embed that functionality into the base I2P code, it has been "
"factored\n"
"off into its own library both to keep the TCP-esque complexities separate"
" and to\n"
"allow alternative optimized implementations."
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:30
#, python-format
msgid ""
"The ministreaming library was written by mihi as a part of his \n"
"<a href=\"%(i2ptunnel)s\">I2PTunnel</a> application and then factored out"
" and released\n"
"under the BSD license. It is called the \"mini\"streaming library "
"because it makes\n"
"some simplifications in the implementation, while a more robust streaming"
" library\n"
"could be further optimized for operation over I2P. The two main issues "
"with \n"
"the ministreaming library are its use of the traditional TCP two phase \n"
"establishment protocol and the current fixed window size of 1. The "
"establishment\n"
"issue is minor for long lived streams, but for short ones, such as quick "
"HTTP\n"
"requests, the impact can be <a href=\"%(minwww)s\">significant</a>. As "
"for the window\n"
"size, the ministreaming library doesn't maintain any ID or ordering "
"within the \n"
"messages sent (or include any application level ACK or SACK), so it must "
"wait \n"
"on average twice the time it takes to send a message before sending "
"another."
msgstr ""
#: i2p2www/pages/site/docs/api/ministreaming.html:45
#, python-format
msgid ""
"Even with those issues, the ministreaming library performs quite well in "
"many\n"
"situations, and its <a href=\"%(api)s\">API</a>\n"
"is both quite simple and capable of remaining unchanged as different "
"streaming\n"
"implementations are introduced. The library is deployed in its own \n"
"ministreaming.jar.\n"
"Developers in Java who would like to use it can\n"
"access the API directly, while developers in other languages can use it "
"through\n"
"<a href=\"%(samv3)s\">SAM</a>'s streaming support."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:4
msgid "SOCKS and SOCKS proxies"
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:5
msgid ""
"\n"
"The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are "
"supported.\n"
"Enable SOCKS by creating a SOCKS client tunnel in i2ptunnel.\n"
"Both shared-clients and non-shared are supported.\n"
"There is no SOCKS outproxy so it is of limited use."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:12
#, python-format
msgid ""
"\n"
"As it says on the <a href=\"%(faq)s#socks\">FAQ</a>:"
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:15
msgid ""
"Many applications leak sensitive\n"
"information that could identify you on the Internet. I2P only filters\n"
"connection data, but if the program you intend to run sends this\n"
"information as content, I2P has no way to protect your anonymity. For\n"
"example, some mail applications will send the IP address of the machine\n"
"they are running on to a mail server. There is no way for I2P to filter\n"
"this, thus using I2P to 'socksify' existing applications is possible, but"
"\n"
"extremely dangerous."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:25
msgid "And quoting from a 2005 email:"
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:28
msgid ""
"... there is a reason why human and\n"
"others have both built and abandoned the SOCKS proxies. Forwarding\n"
"arbitrary traffic is just plain unsafe, and it behooves us as\n"
"developers of anonymity and security software to have the safety of\n"
"our end users foremost in our minds."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:36
msgid ""
"Hoping that we can simply strap an arbitrary client on top of I2P\n"
"without auditing both its behavior and its exposed protocols for\n"
"security and anonymity is naive. Pretty much *every* application\n"
"and protocol violates anonymity, unless it was designed for it\n"
"specifically, and even then, most of those do too. That's the\n"
"reality. End users are better served with systems designed for\n"
"anonymity and security. Modifying existing systems to work in\n"
"anonymous environments is no small feat, orders of magnitude more\n"
"work that simply using the existing I2P APIs."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:48
msgid ""
"The SOCKS proxy\n"
"supports standard addressbook names, but not Base64 destinations.\n"
"Base32 hashes should work as of release 0.7.\n"
"It supports outgoing connections only, i.e. an I2PTunnel Client.\n"
"UDP support is stubbed out but not working yet.\n"
"Outproxy selection by port number is stubbed out."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:57
#: i2p2www/pages/site/docs/how/network-database.html:183
#: i2p2www/pages/site/docs/how/tunnel-routing.html:281
msgid "See Also"
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:59
#, python-format
msgid ""
"The notes for <a href=\"%(meeting81)s\">Meeting 81</a> and\n"
"<a href=\"%(meeting82)s\">Meeting 82</a> in March 2004."
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:69
msgid "If You Do Get Something Working"
msgstr ""
#: i2p2www/pages/site/docs/api/socks.html:70
msgid ""
"Please let us know. And please provide substantial warnings about the\n"
"risks of socks proxies."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:3
msgid "September 2015"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:8
#, python-format
msgid ""
"The streaming library is technically part of the \"application\" layer,\n"
"as it is not a core router function.\n"
"In practice, however, it provides a vital function for almost all\n"
"existing I2P applications, by providing a TCP-like\n"
"streams over I2P, and allowing existing apps to be easily ported to I2P.\n"
"The other end-to-end transport library for client communication is the\n"
"<a href=\"%(datagrams)s\">datagram library</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:18
#, python-format
msgid ""
"The streaming library is a layer on top of the core \n"
"<a href=\"%(i2cp)s\">I2CP API</a> that allows reliable, in-order, and "
"authenticated streams\n"
"of messages to operate across an unreliable, unordered, and "
"unauthenticated \n"
"message layer. Just like the TCP to IP relationship, this streaming \n"
"functionality has a whole series of tradeoffs and optimizations "
"available, but\n"
"rather than embed that functionality into the base I2P code, it has been "
"factored\n"
"off into its own library both to keep the TCP-esque complexities separate"
" and to\n"
"allow alternative optimized implementations."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:29
msgid ""
"In consideration of the relatively high cost of messages, \n"
"the streaming library's protocol for scheduling and delivering those "
"messages has been optimized to\n"
"allow individual messages passed to contain as much information as is "
"available.\n"
"For instance, a small HTTP transaction proxied through the streaming "
"library can\n"
"be completed in a single round trip - the first messages bundle a SYN, "
"FIN, and\n"
"the small HTTP request payload, and the reply bundles the SYN,\n"
"FIN, ACK, and the HTTP response payload. While an additional\n"
"ACK must be transmitted to tell the HTTP server that the SYN/FIN/ACK has "
"been\n"
"received, the local HTTP proxy can often deliver the full response to the"
" browser \n"
"immediately."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:42
msgid ""
"The streaming library bears much resemblance to an \n"
"abstraction of TCP, with its sliding windows, congestion control "
"algorithms\n"
"(both slow start and congestion avoidance), and general packet behavior "
"(ACK,\n"
"SYN, FIN, RST, rto calculation, etc)."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:49
msgid ""
"The streaming library is\n"
"a robust library\n"
"which is optimized for operation over I2P.\n"
"It has a one-phase setup, and\n"
"it contains a full windowing implementation."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:58
msgid "API"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:60
#, python-format
msgid ""
"The streaming library API provides a standard socket paradigm to Java "
"applications.\n"
"The lower-level <a href=\"%(i2cp)s\">I2CP</a> API is completely hidden, "
"except that\n"
"applications may pass <a href=\"%(i2cp)s#options\">I2CP parameters</a> "
"through the\n"
"streaming library, to be interpreted by I2CP."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:67
#, python-format
msgid ""
"The standard interface to the streaming lib is for the application to use"
" the\n"
"<a href=\"%(i2psktmf)s\">I2PSocketManagerFactory</a> to create an\n"
"<a href=\"%(i2psktm)s\">I2PSocketManager</a>. The application then asks "
"the\n"
"socket manager for an <a href=\"%(i2psess)s\">I2PSession</a>, which will "
"cause\n"
"a connection to the router via <a href=\"%(i2cp)s\">I2CP</a>. The "
"application\n"
"can then setup connections with an <a href=\"%(i2pskt)s\">I2PSocket</a> "
"or\n"
"receive connections with an <a href=\"%(i2psskt)s\">I2PServerSocket</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:82
#, python-format
msgid "Here are the <a href=\"%(url)s\">full streaming library Javadocs</a>."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:86
msgid "For a good example of usage, see the i2psnark code."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:91
msgid "Options and Defaults"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:92
#, python-format
msgid ""
"The options and current default values are listed below.\n"
"Options are case-sensitive and may be set for the whole router, for a "
"particular client, or for an individual socket on a\n"
"per-connection basis.\n"
"Many values are tuned for HTTP performance over typical I2P conditions. "
"Other applications such\n"
"as peer-to-peer services are strongly encouraged to\n"
"modify as necessary, by setting the options and passing them via the call"
" to\n"
"<a "
"href=\"%(i2psktmf)s\">I2PSocketManagerFactory</a>.createManager(_i2cpHost,"
" _i2cpPort, opts).\n"
"Time values are in ms."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:103
#, python-format
msgid ""
"Note that higher-layer APIs, such as <a href=\"%(samv3)s\">SAM</a>,\n"
"<a href=\"%(bob)s\">BOB</a>, and <a href=\"%(i2ptunnel)s\">I2PTunnel</a>,"
"\n"
"may override these defaults with their own defaults.\n"
"Also note that many options only apply to servers listening for incoming "
"connections."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:110
msgid ""
"As of release 0.9.1, most, but not all, options may be changed on an "
"active socket manager or session.\n"
"See the javadocs for details."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:117
#: i2p2www/pages/site/docs/protocol/i2cp.html:103
#: i2p2www/pages/site/docs/protocol/i2cp.html:478
msgid "Option"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:117
#: i2p2www/pages/site/docs/protocol/i2cp.html:107
#: i2p2www/pages/site/docs/protocol/i2cp.html:482
msgid "Default"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:117
#: i2p2www/pages/site/docs/how/elgamal-aes.html:264
#: i2p2www/pages/site/docs/how/peer-selection.html:282
msgid "Notes"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:119
msgid ""
"Comma- or space-separated list of Base64 peer Hashes used for either "
"access list or blacklist."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:121
#: i2p2www/pages/site/docs/api/streaming.html:129
#: i2p2www/pages/site/docs/api/streaming.html:135
#: i2p2www/pages/site/docs/api/streaming.html:141
#: i2p2www/pages/site/docs/api/streaming.html:148
#: i2p2www/pages/site/docs/api/streaming.html:160
#: i2p2www/pages/site/docs/api/streaming.html:171
#: i2p2www/pages/site/docs/api/streaming.html:200
#: i2p2www/pages/site/docs/api/streaming.html:212
#: i2p2www/pages/site/docs/api/streaming.html:220
#: i2p2www/pages/site/docs/api/streaming.html:243
#: i2p2www/pages/site/docs/api/streaming.html:260
#: i2p2www/pages/site/docs/api/streaming.html:272
#: i2p2www/pages/site/docs/api/streaming.html:278
#: i2p2www/pages/site/docs/api/streaming.html:284
#: i2p2www/pages/site/docs/api/streaming.html:298
#: i2p2www/pages/site/docs/api/streaming.html:305
#: i2p2www/pages/site/docs/api/streaming.html:312
#: i2p2www/pages/site/docs/api/streaming.html:337
#: i2p2www/pages/site/docs/api/streaming.html:344
#: i2p2www/pages/site/docs/api/streaming.html:351
#, python-format
msgid "As of release %(release)s."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:125
#: i2p2www/pages/site/docs/api/streaming.html:133
msgid "Use the access list as a whitelist for incoming connections."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:127
msgid "The name or number of the signature type for a transient destination."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:139
msgid "Use the access list as a blacklist for incoming connections."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:153
msgid "Whether to respond to incoming pings"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:165
msgid ""
"Comma- or space-separated list of Base64 peer Hashes to be\n"
"blacklisted for incoming connections to ALL destinations in the context.\n"
"This option must be set in the context properties, NOT in the "
"createManager() options argument.\n"
"Note that setting this in the router context will not affect clients "
"outside the\n"
"router in a separate JVM and context."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:175
msgid ""
"How much transmit data (in bytes) will be accepted that hasn't been "
"written out yet."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:179
msgid ""
"When we're in congestion avoidance, we grow the window size at the rate\n"
"of <code>1/(windowSize*factor)</code>. In standard TCP, window sizes are"
" in bytes,\n"
"while in I2P, window sizes are in messages.\n"
"A higher number means slower growth."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:186
msgid ""
"How long to wait after instantiating a new con \n"
"before actually attempting to connect. If this is\n"
"&lt;= 0, connect immediately with no initial data. If greater than 0, "
"wait\n"
"until the output stream is flushed, the buffer fills, \n"
"or that many milliseconds pass, and include any initial data with the SYN."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:194
msgid ""
"How long to block on connect, in milliseconds. Negative means "
"indefinitely. Default is 5 minutes."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:198
msgid ""
"Whether to disable warnings in the logs when an incoming connection is "
"rejected due to connection limits."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:204
msgid ""
"Comma- or space-separated list of Base64 peer Hashes or host names to be\n"
"contacted using an alternate DSA destination.\n"
"Only applies if multisession is enabled and the primary session is non-"
"DSA\n"
"(generally for shared clients only).\n"
"This option must be set in the context properties, NOT in the "
"createManager() options argument.\n"
"Note that setting this in the router context will not affect clients "
"outside the\n"
"router in a separate JVM and context."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:216
msgid ""
"Whether to listen only for the streaming protocol.\n"
"Setting to true will prohibit communication with Destinations earlier "
"than release 0.7.1\n"
"(released March 2009). Set to true if running multiple protocols on this "
"Destination."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:224
msgid ""
"(0=noop, 1=disconnect)\n"
"What to do on an inactivity timeout - do nothing, disconnect, or send a "
"duplicate ack."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:230
msgid "Idle time before sending a keepalive"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:233
msgid "Delay before sending an ack"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:235
msgid ""
"The initial value of the resend delay field in the packet header, times "
"1000.\n"
"Not fully implemented; see below."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:240
msgid ""
"Initial timeout\n"
"(if no <a href=\"#sharing\">sharing data</a> available)."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:247
msgid ""
"Initial round trip time estimate\n"
"(if no <a href=\"#sharing\">sharing data</a> available).\n"
"Disabled as of release 0.9.8; uses actual RTT."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:253
msgid "if no <a href=\"#sharing\">sharing data</a> available"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:253
msgid ""
"In standard TCP, window sizes are in bytes, while in I2P, window sizes "
"are in messages."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:265
msgid ""
"(0 or negative value means unlimited)\n"
"This is a total limit for incoming and outgoing combined."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:270
msgid "Incoming connection limit (per peer; 0 means disabled)"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:276
#: i2p2www/pages/site/docs/api/streaming.html:282
msgid "(per peer; 0 means disabled)"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:288
msgid "The MTU in bytes."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:292
msgid "Maximum number of retransmissions before failure."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:296
msgid "Incoming connection limit (all peers; 0 means disabled)"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:302
#: i2p2www/pages/site/docs/api/streaming.html:309
msgid ""
"(all peers; 0 means disabled)\n"
"Use with caution as exceeding this will disable a server for a long time."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:318
msgid ""
"(2=interactive not supported)\n"
"This doesn't currently do anything, but setting it to a value other than "
"1 will cause an error."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:323
msgid "How long to block on read, in milliseconds. Negative means indefinitely."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:327
msgid ""
"When we're in slow start, we grow the window size at the rate\n"
"of 1/(factor). In standard TCP, window sizes are in bytes,\n"
"while in I2P, window sizes are in messages.\n"
"A higher number means slower growth."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:334
#: i2p2www/pages/site/docs/api/streaming.html:341
#: i2p2www/pages/site/docs/api/streaming.html:348
msgid ""
"Ref: RFC 2140. Floating point value.\n"
"May be set only via context properties, not connection options."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:355
msgid ""
"How long to block on write/flush, in milliseconds. Negative means "
"indefinitely."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:363
msgid "Protocol Specification"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:365
msgid "See the Streaming Library Specification page."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:369
msgid "Implementation Details"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:371
msgid "Setup"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:372
msgid ""
"The initiator sends a packet with the SYNCHRONIZE flag set. This packet "
"may contain the initial data as well.\n"
"The peer replies with a packet with the SYNCHRONIZE flag set. This packet"
" may contain the initial response data as well."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:377
msgid ""
"The initiator may send additional data packets, up to the initial window "
"size, before receiving the SYNCHRONIZE response.\n"
"These packets will also have the send Stream ID field set to 0.\n"
"Recipients must buffer packets received on unknown streams for a short "
"period of time, as they may\n"
"arrive out of order, in advance of the SYNCHRONIZE packet."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:384
msgid "MTU Selection and Negotiation"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:385
msgid ""
"The maximum message size (also called the MTU / MRU) is negotiated to the"
" lower value supported by\n"
"the two peers. As tunnel messages are padded to 1KB, a poor MTU selection"
" will lead to\n"
"a large amount of overhead.\n"
"The MTU is specified by the option i2p.streaming.maxMessageSize.\n"
"The current default MTU of 1730 was chosen to fit precisely into two 1K "
"I2NP tunnel messages,\n"
"including overhead for the typical case."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:394
msgid ""
"The first message in a connection includes a 387 byte (typical) "
"Destination added by the streaming layer,\n"
"and usually a 898 byte (typical) LeaseSet, and Session keys, bundled in "
"the Garlic message by the router.\n"
"(The LeaseSet and Session Keys will not be bundled if an ElGamal Session "
"was previously established).\n"
"Therefore, the goal of fitting a complete HTTP request in a single 1KB "
"I2NP message is not always attainable.\n"
"However, the selection of the MTU, together with careful implementation "
"of fragmentation\n"
"and batching strategies in the tunnel gateway processor, are important "
"factors in network bandwidth,\n"
"latency, reliability, and efficiency, especially for long-lived "
"connections."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:405
#, python-format
msgid ""
"Data integrity is assured by the gzip CRC-32 checksum implemented in\n"
"<a href=\"%(i2cp)s#format\">the I2CP layer</a>.\n"
"There is no checksum field in the streaming protocol."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:413
#, python-format
msgid ""
"Each packet is sent through I2P as a single message (or as an individual "
"clove in a\n"
"<a href=\"%(garlicrouting)s\">Garlic Message</a>). Message encapsulation "
"is implemented\n"
"in the underlying <a href=\"%(i2cp)s\">I2CP</a>, <a "
"href=\"%(i2np)s\">I2NP</a>, and\n"
"<a href=\"%(tunnelmessage)s\">tunnel message</a> layers. There is no "
"packet delimiter\n"
"mechanism or payload length field in the streaming protocol."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:423
msgid "Windowing"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:424
msgid ""
"The streaming lib uses standard slow-start (exponential window growth) "
"and congestion avoidance (linear window growth)\n"
"phases, with exponential backoff.\n"
"Windowing and acknowledgments use packet count, not byte count."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:431
msgid "Close"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:432
msgid ""
"Any packet, including one with the SYNCHRONIZE flag set, may have the "
"CLOSE flag sent as well.\n"
"The connection is not closed until the peer responds with the CLOSE flag."
"\n"
"CLOSE packets may contain data as well."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:440
msgid ""
"There is no ping function at the I2CP layer (equivalent to ICMP echo) or "
"in datagrams.\n"
"This function is provided in streaming.\n"
"Pings and pongs may not be combined with a standard streaming packet;\n"
"if the ECHO option is set, then\n"
"most other flags, options, ackThrough, sequenceNum, NACKs, etc. are "
"ignored."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:448
msgid ""
"A ping packet must have the ECHO, SIGNATURE_INCLUDED, and FROM_INCLUDED "
"flags set.\n"
"The sendStreamId must be greater than zero, and the receiveStreamId is "
"ignored.\n"
"The sendStreamId may or may not correspond to an existing connection."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:454
msgid ""
"A pong packet must have the ECHO flag set.\n"
"The sendStreamId must be zero, and the receiveStreamId is the "
"sendStreamId from the ping.\n"
"The pong packet does not include any payload that was contained in the "
"ping."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:460
msgid ""
"As of release 0.9.18, pings and pongs may contain a payload.\n"
"The payload in the ping, up to a maximum of 32 bytes, is returned in the "
"pong."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:465
msgid ""
"Streaming may be configured to disable sending pongs with the "
"configuration i2p.streaming.answerPings=false."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:470
msgid "Control Block Sharing"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:471
msgid ""
"The streaming lib supports \"TCP\" Control Block sharing.\n"
"This shares three important streaming lib parameters\n"
"(window size, round trip time, round trip time variance)\n"
"across connections to the same remote peer.\n"
"This is used for \"temporal\" sharing at connection open/close time,\n"
"not \"ensemble\" sharing during a connection (See\n"
"<a href=\"http://www.ietf.org/rfc/rfc2140.txt\">RFC 2140</a>).\n"
"There is a separate share per ConnectionManager (i.e. per local "
"Destination)\n"
"so that there is no information leakage to other Destinations on the\n"
"same router.\n"
"The share data for a given peer expires after a few minutes.\n"
"The following Control Block Sharing parameters can be set per router:"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:492
msgid "Other Parameters"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:493
msgid ""
"The following parameters are hardcoded, but may be of interest for "
"analysis:"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:512
#: i2p2www/pages/site/docs/how/network-database.html:897
msgid "History"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:513
msgid ""
"The streaming library has grown organically for I2P - first mihi "
"implemented the\n"
"\"mini streaming library\" as part of I2PTunnel, which was limited to a "
"window\n"
"size of 1 message (requiring an ACK before sending the next one), and "
"then it was\n"
"refactored out into a generic streaming interface (mirroring TCP sockets)"
" and the\n"
"full streaming implementation was deployed with a sliding window protocol"
" and \n"
"optimizations to take into account the high bandwidth x delay product. "
"Individual\n"
"streams may adjust the maximum packet size and other options. The default"
"\n"
"message size is selected to fit precisely in two 1K I2NP tunnel messages,"
"\n"
"and is a reasonable tradeoff between the bandwidth costs of \n"
"retransmitting lost messages, and the latency and overhead of multiple "
"messages."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:527
#: i2p2www/pages/site/docs/how/elgamal-aes.html:344
#: i2p2www/pages/site/docs/how/garlic-routing.html:251
#: i2p2www/pages/site/docs/how/network-database.html:902
#: i2p2www/pages/site/docs/how/peer-selection.html:265
#: i2p2www/pages/site/docs/how/tunnel-routing.html:255
#: i2p2www/pages/site/docs/protocol/i2cp.html:723
#: i2p2www/pages/site/docs/protocol/i2np.html:226
#: i2p2www/pages/site/docs/transport/ntcp.html:544
#: i2p2www/pages/site/docs/transport/ssu.html:559
#: i2p2www/pages/site/docs/tunnels/implementation.html:506
msgid "Future Work"
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:528
msgid ""
"The behavior of the streaming library has a profound impact on\n"
"application-level performance, and as such, is an important\n"
"area for further analysis."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:534
msgid "Additional tuning of the streaming lib parameters may be necessary."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:537
#, python-format
msgid ""
"Another area for research is the interaction of the streaming lib with "
"the\n"
"NTCP and SSU transport layers.\n"
"See <a href=\"%(ntcpdisc)s\">the NTCP discussion page</a> for details."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:542
msgid ""
"The interaction of the routing algorithms with the streaming lib strongly"
" affects performance.\n"
"In particular, random distribution of messages to multiple tunnels in a "
"pool\n"
"leads to a high degree of out-of-order delivery which results in smaller "
"window\n"
"sizes than would otherwise be the case. The router currently routes \n"
"messages for a single from/to destination pair through a consistent set \n"
"of tunnels, until tunnel expiration or delivery failure. The router's \n"
"failure and tunnel selection algorithms should be reviewed for possible \n"
"improvements."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:552
msgid "The data in the first SYN packet may exceed the receiver's MTU."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:555
msgid "The DELAY_REQUESTED field could be used more."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:558
msgid ""
"Duplicate initial SYNCHRONIZE packets on short-lived streams may not be "
"recognized and removed."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:561
msgid "Don't send the MTU in a retransmission."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:564
msgid ""
"Data is sent along unless the outbound window is full.\n"
"(i.e. no-Nagle or TCP_NODELAY)\n"
"Probably should have a configuration option for this."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:569
msgid ""
"zzz has added debug code to the streaming library to log packets in a "
"wireshark-compatible\n"
"(pcap) format; Use this to further analyze performance.\n"
"The format may require enhancement to map more streaming lib parameters "
"to TCP fields."
msgstr ""
#: i2p2www/pages/site/docs/api/streaming.html:574
msgid ""
"There are proposals to replace the streaming lib with standard TCP\n"
"(or perhaps a null layer together with raw sockets).\n"
"This would unfortunately be incompatible with the streaming lib\n"
"but it would be good to compare the performance of the two."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:3
msgid "May 2014"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:7
msgid ""
"There are several bittorrent clients and trackers on I2P.\n"
"As I2P addressing uses a Destination instead of an IP and port, minor\n"
"changes are required to tracker and client software for operation on I2P."
"\n"
"These changes are specified below.\n"
"Note carefully the guidelines for compatibility with older I2P clients "
"and trackers."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:15
msgid ""
"This page specifies protocol details common to all clients and trackers.\n"
"Specific clients and trackers may implement other unique features or "
"protocols."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:20
msgid "We welcome additional ports of client and tracker software to I2P."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:26
msgid "Announces"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:27
msgid ""
"Clients generally include a fake port=6881 parameter in the announce, for"
" compatibility with older trackers.\n"
"Trackers may ignore the port parameter, and should not require it."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:32
#, python-format
msgid ""
"The ip parameter is the base 64 of the client's\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>,\n"
"using the I2P Base 64 alphabet [A-Z][a-z][0-9]-~.\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
"are 387+ bytes, so the Base 64 is 516+ bytes.\n"
"Clients generally append \".i2p\" to the Base 64 Destination for "
"compatibility with older trackers.\n"
"Trackers should not require an appended \".i2p\"."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:42
msgid "Other parameters are the same as in standard bittorrent."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:46
msgid ""
"While all current Destinations for clients are exactly 387 bytes, a "
"tracker should not\n"
"presume that will always be so. A reasonable maximum to assume, for now, "
"is 475 bytes.\n"
"As the tracker must decode the Base64 to deliver compact responses (see "
"below),\n"
"the tracker should probably decode and reject bad Base64 when announced."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:53
msgid ""
"The default response type is non-compact. Clients may request a compact "
"response with\n"
"the parameter compact=1. A tracker may, but is not required to, return\n"
"a compact response when requested."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:59
msgid ""
"Developers of new I2P clients\n"
"are strongly encouraged to implemenent announces over their own tunnel "
"rather than\n"
"the HTTP client proxy at port 4444. Doing so is both more efficient and "
"it allows\n"
"destination enforcement by the tracker (see below)."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:66
msgid ""
"There are no known I2P clients or trackers that currently support UDP "
"announce/responses."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:71
msgid "Non-Compact Tracker Responses"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:72
msgid ""
"The non-compact response is just as in standard bittorrent, with an I2P "
"\"ip\"."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:76
msgid ""
"Trackers generally include a fake port key, or use the port from the "
"announce, for compatibility with older clients.\n"
"Clients must ignore the port parameter, and should not require it."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:81
#, python-format
msgid ""
"The value of the ip key is the base 64 of the client's\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>, as "
"described above.\n"
"Trackers generally append \".i2p\" to the Base 64 Destination if it "
"wasn't in the announce ip, for compatibility with older clients.\n"
"Clients should not require an appended \".i2p\" in the responses."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:88
msgid "Other response keys and values are the same as in standard bittorrent."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:94
msgid "Compact Tracker Responses"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:95
#, python-format
msgid ""
"In the compact response, the value of the \"peers\" dictionary key is a "
"single byte string,\n"
"whose length is a multiple of 32 bytes.\n"
"This string contains the concatenated\n"
"<a href=\"%(commonstructures)s#type_Hash\">32-byte SHA-256 Hashes</a>\n"
"of the binary\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
"of the peers.\n"
"This hash must be computed by the tracker, unless destination enforcement"
"\n"
"(see below) is used, in which case the hash delivered in the X-I2P-"
"DestHash\n"
"or X-I2P-DestB32 HTTP headers may be converted to binary and stored.\n"
"The peers key may be absent, or the peers value may be zero-length."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:109
msgid ""
"While compact response support is optional for both clients and trackers,"
" it is highly\n"
"recommended as it reduces the nominal response size by over 90&#37;."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:116
msgid "Destination Enforcement"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:117
#, python-format
msgid ""
"Some, but not all, I2P bittorrent clients announce over their own "
"tunnels.\n"
"Trackers may choose to prevent spoofing by requiring this, and verifying "
"the\n"
"client's\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>\n"
"using HTTP headers added by the I2PTunnel HTTP Server tunnel.\n"
"The headers are X-I2P-DestHash, X-I2P-DestB64, and X-I2P-DestB32, which "
"are\n"
"different formats for the same information.\n"
"These headers cannot be spoofed by the client.\n"
"A tracker enforcing destinations need not require the ip announce "
"parameter at all."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:129
msgid ""
"As several clients use the HTTP proxy instead of their own tunnel for "
"announces,\n"
"destination enforcement will prevent usage by those clients unless or "
"until\n"
"those clients are converted to announcing over their own tunnel."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:135
msgid ""
"Unfortunately, as the network grows, so will the amount of maliciousness,"
"\n"
"so we expect that all trackers will eventually enforce destinations.\n"
"Both tracker and client developers should anticipate it."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:143
msgid "Announce Host Names"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:144
#, python-format
msgid ""
"Announce URL host names in torrent files generally follow the\n"
"<a href=\"%(naming)s\">I2P naming standards</a>.\n"
"In addition to host names from address books and \".b32.i2p\" Base 32 "
"hostnames,\n"
"the full Base 64 Destination (with [or without?] \".i2p\" appended) "
"should be supported.\n"
"Non-open trackers should recognize their own host name in any of these "
"formats."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:152
msgid ""
"To preserve anonymity,\n"
"clients should generally ignore non-I2P announce URLs in torrent files."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:159
msgid "Client Connections"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:160
msgid ""
"Client-to-client connections use the standard protocol over TCP.\n"
"There are no known I2P clients that currently support uTP communication."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:165
#, python-format
msgid ""
"I2P uses 387+ byte <a "
"href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
"for addresses, as explained above."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:170
msgid ""
"If the client has only the hash of the destination (such as from a "
"compact response or PEX), it must perform a lookup\n"
"by encoding it with Base 32, appending \".b32.i2p\", and querying the "
"Naming Service,\n"
"which will return the full Destination if available."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:176
msgid ""
"If the client has a peer's full Destination it received in a non-compact "
"response, it should use it\n"
"directly in the connection setup.\n"
"Do not convert a Destination back to a Base 32 hash for lookup, this is "
"quite inefficient."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:183
msgid "Cross-Network Prevention"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:184
msgid ""
"To preserve anonymity,\n"
"I2P bittorrent clients generally do not support non-I2P announces or peer"
" connections.\n"
"I2P HTTP outproxies often block announces.\n"
"There are no known SOCKS outproxies supporting bittorrent traffic."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:191
msgid ""
"To prevent usage by non-I2P clients via an HTTP inproxy, I2P trackers "
"often\n"
"block accesses or announces that contain an X-Forwarded-For HTTP header.\n"
"Trackers should reject standard network announces with IPv4 or IPv6 IPs, "
"and not deliver them in responses."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:200
#, python-format
msgid ""
"I2P PEX is based on ut_pex.\n"
"As there does not appear to be a formal specification of ut_pex "
"available,\n"
"it may be necessary to review the libtorrent source for assistance.\n"
"It is an extension message, identified as \"i2p_pex\" in\n"
"<a href=\"http://www.bittorrent.org/beps/bep_0010.html\">the extension "
"handshake</a>.\n"
"It contains a bencoded dictionary with up to 3 keys, \"added\", "
"\"added.f\", and \"dropped\".\n"
"The added and dropped values are each a single byte string, whose length "
"is a multiple of 32 bytes.\n"
"These byte strings are the concatenated SHA-256 Hashes of the binary\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
"of the peers.\n"
"This is the same format as the peers dictionary value in the i2p compact "
"response format specified above.\n"
"The added.f value, if present, is the same as in ut_pex."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:218
msgid ""
"DHT support is included in the i2psnark client as of version 0.9.2.\n"
"Preliminary differences from\n"
"<a href=\"http://www.bittorrent.org/beps/bep_0005.html\">BEP 5</a>\n"
"are described below, and are subject to change.\n"
"Contact the I2P developers if you wish to develop a client supporting DHT."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:226
msgid ""
"Unlike standard DHT, I2P DHT does not use a bit in the options handshake,"
" or the PORT message.\n"
"It is advertised with an extension message, identified as \"i2p_dht\" in\n"
"<a href=\"http://www.bittorrent.org/beps/bep_0010.html\">the extension "
"handshake</a>.\n"
"It contains a bencoded dictionary with two keys, \"port\" and \"rport\", "
"both integers."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:233
msgid ""
"The UDP (datagram) port listed in the compact node info is used\n"
"to receive repliable (signed) datagrams.\n"
"This is used for queries, except for announces.\n"
"We call this the \"query port\".\n"
"This is the \"port\" value from the extension message.\n"
"Queries use I2CP protocol number 17."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:242
msgid ""
"In addition to that UDP port, we use a second datagram\n"
"port equal to the query port + 1. This is used to receive\n"
"unsigned (raw) datagrams for replies, errors, and announces.\n"
"This port provides increased efficiency since replies\n"
"contain tokens sent in the query, and need not be signed.\n"
"We call this the \"response port\".\n"
"This is the \"rport\" value from the extension message.\n"
"It must be 1 + the query port.\n"
"Responses and announces use I2CP protocol number 18."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:254
msgid ""
"Compact peer info is 32 bytes (32 byte SHA256 Hash)\n"
"instead of 4 byte IP + 2 byte port. There is no peer port.\n"
"In a response, the \"values\" key is a list of strings, each containing a"
" single compact peer info."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:260
msgid ""
"Compact node info is 54 bytes (20 byte SHA1 Hash + 32 byte SHA256 Hash + "
"2 byte port)\n"
"instead of 20 byte SHA1 Hash + 4 byte IP + 2 byte port.\n"
"In a response, the \"nodes\" key is a\n"
"single byte string with concatenated compact node info."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:267
msgid ""
"Secure node ID requirement: To make various DHT attacks more difficult,\n"
"the first 4 bytes of the Node ID must match the first 4 bytes of the "
"destination Hash,\n"
"and the next two bytes of the Node ID must match the next two bytes of "
"the\n"
"destination hash exclusive-ORed with the port."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:274
msgid ""
"In a torrent file,\n"
"the trackerless torrent dictionary \"nodes\" key is TBD.\n"
"It could be a list of\n"
"32 byte binary strings (SHA256 Hashes) instead of a list of lists\n"
"containing a host string and a port integer.\n"
"Alternatives: A single byte string with concatenated hashes,\n"
"or a list of strings alone."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:286
msgid "Datagram (UDP) Trackers"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:287
msgid ""
"UDP tracker support in clients and trackers is not yet available.\n"
"Preliminary differences from\n"
"<a href=\"http://www.bittorrent.org/beps/bep_0015.html\">BEP 15</a>\n"
"are described below, and are subject to change.\n"
"Contact the I2P developers if you wish to develop a client or tracker "
"supporting datagram announces."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:295
msgid ""
"A UDP tracker listens on two ports.\n"
"The \"query port\" is the advertised port, and is used to receive "
"repliable (signed) datagrams, for the connect request only.\n"
"The \"response port\" is used to receive unsigned (raw) datagrams, and is"
" the source port for all replies.\n"
"The response port is arbitrary.\n"
"A client sends and receives on a single port only.\n"
"It receives only unsigned (raw) datagrams.\n"
"Raw datagrams provides increased efficiency for replies since they "
"contain tokens sent in the query, and need not be signed."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:305
msgid ""
"In the announce request, the 4-byte IP is replaced by a 32-byte hash, and"
" the port is still present,\n"
"although it may be ignored by the tracker.\n"
"In the announce response, each 4-byte IP and 2-byte port is replaced by a"
" 32-byte hash (compact peer info), and no port is present.\n"
"The client sends the announce request and scrape request to the source "
"port in the announce response packet.\n"
"The connect request, connect response, scrape request, scrape response, "
"and error response are the same as in BEP 15."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:313
msgid ""
"Source addresses in I2P cannot be spoofed, so it is possible to use a "
"simplified protocol\n"
"with 2 packets instead of 4, omitting the connect request and response.\n"
"In this case, the announce request would be a repliable datagram sent to "
"the tracker's query port,\n"
"and the tracker would not require a response port.\n"
"While this is more efficient, it would be more difficult to modify an "
"existing tracker to support this mode.\n"
"The URL for the 4-packet-mode tracker would use standard \"udp://\" "
"prefix. \n"
"The URL for a modified 2-packet-mode tracker would require a different "
"prefix if both modes are supported in I2P."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:326
#: i2p2www/pages/site/docs/how/intro.html:184
msgid "Additional Information"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:328
#, python-format
msgid ""
"I2P bittorrent standards are generally discussed on <a "
"href=\"http://%(zzz)s/\">%(zzz)s</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:331
#, python-format
msgid ""
"A chart of current tracker software capabilities is <a "
"href=\"http://%(zzz)s/files/trackers.html\">also available there</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:334
#, python-format
msgid ""
"The\n"
"<a href=\"http://%(forum)s/viewtopic.php?t=2068\">I2P bittorrent FAQ</a>"
msgstr ""
#: i2p2www/pages/site/docs/applications/bittorrent.html:338
#, python-format
msgid "<a href=\"http://%(zzz)s/topics/812\">DHT on I2P discussion</a>"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:2
msgid "Embedding I2P in your Application"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:3
msgid "April 2015"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:8
msgid ""
"This page is about bundling the entire I2P router binary with your "
"application.\n"
"It is not about writing an application to work with I2P (either bundled "
"or external)."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:13
msgid ""
"Lots of projects are bundling, or talking about bundling, I2P. That's "
"great if done right.\n"
"If done wrong, it could cause real harm to our network.\n"
"The I2P router is complex, and it can be a challenge to hide all the "
"complexity from your users.\n"
"This page discusses some general guidelines."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:23
msgid "Talk to us"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:24
msgid ""
"Start a dialog. We're here to help. Applications that embed I2P are the "
"most promising - and exciting -\n"
"opportunities for us to grow the network and improve anonymity for "
"everyone."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:30
msgid "Choose your router wisely"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:31
msgid ""
"If your application is in Java or Scala, it's an easy choice - use the "
"Java router.\n"
"If in C/C++, we recommend i2pd. The development of i2pcpp has stopped.\n"
"For apps in other languages, best to use SAM or BOB or SOCKS and bundle "
"the Java router as a separate process.\n"
"Some of the following only applies to the Java router."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:39
msgid "Licensing"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:40
msgid "Ensure you meet the license requirements of the software you are bundling."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:45
msgid "Verify default configuration"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:46
msgid ""
"A correct default configuration is crucial. Most users will not change "
"the defaults.\n"
"The defaults for your application may need to be different than the "
"defaults for the router you are bundling.\n"
"Override the router defaults if necessary."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:51
msgid ""
"Some important defaults to review: Max bandwidth, tunnel quantity and "
"length, max participating tunnels.\n"
"A lot of this depends on the expected bandwidth and usage patterns of "
"your app."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:55
msgid ""
"Configure enough bandwidth and tunnels to allow your users to contribute "
"to the network.\n"
"Consider disabling external I2CP, as you probably don't need it and it "
"would conflict with any other running I2P instance.\n"
"Also look at the configs for disabling killing of the JVM on exit, for "
"example."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:62
msgid "Participating Traffic Considerations"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:63
msgid ""
"It may be tempting for you to disable participating traffic.\n"
"There's several ways to do this (hidden mode, setting max tunnels to 0, "
"setting shared bandwidth below 12 KBytes/sec).\n"
"Without participating traffic, you don't have to worry about graceful "
"shutdown,\n"
"your users don't see bandwidth usage not generated by them, etc.\n"
"However, there's lots of reasons why you should allow participating "
"tunnels."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:70
msgid ""
"First of all, the router doesn't work that well if it doesn't have a "
"chance to \"integrate\" with the network,\n"
"which is helped tremendously by others building tunnels through you."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:74
msgid ""
"Secondly, over 90&#37; of the routers in the current network allow "
"participating traffic.\n"
"It's the default in the Java router.\n"
"If your application doesn't route for others and it gets really popular, "
"then it's a leech on the network,\n"
"and it upsets the balance we have now.\n"
"If it gets really big, then we become Tor, and spend our time begging for"
" people to enable relaying."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:81
msgid ""
"Thirdly, participating traffic is cover traffic that helps your users' "
"anonymity."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:84
msgid ""
"We strongly discourage you from disabling participating traffic by "
"default.\n"
"If you do this and your application gets hugely popular, it could break "
"the network."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:90
msgid "Persistence"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:91
msgid ""
"You must save the router's data (netdb, configuration, etc.) between runs"
" of the router.\n"
"I2P does not work well if you must reseed each startup, and that's a huge"
" load on our reseed servers, and not very good for anonymity either.\n"
"Even if you bundle router infos, I2P needs saved profile data for best "
"performance."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:99
msgid "Configurability"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:100
msgid ""
"Give your users a way to change the configuration of the important "
"settings.\n"
"We understand that you will probably want to hide most of I2P's "
"complexity, but it's important to show some basic settings.\n"
"In addition to the defaults above, some network settings such as UPnP, "
"IP/port may be helpful."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:108
msgid "Floodfill Considerations"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:109
msgid ""
"Above a certain bandwidth setting, and meeting other health criteria, "
"your router will become floodfill,\n"
"which may cause a large increase in connections and memory usage (at "
"least with the Java router).\n"
"Think about whether that's OK. You can disable floodfill, but then your "
"fastest users aren't contributing what they could.\n"
"It also depends on the typical uptime for your application."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:119
msgid "Reseeding"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:120
msgid ""
"Decide if you are bundling router infos or using our reseed hosts.\n"
"The Java reseed host list is in the source code, so if you keep your "
"source up to date, the host list will be also.\n"
"Be aware of possible blocking by hostile governments."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:129
msgid "Reduce Network Resource Usage"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:130
msgid ""
"Consider setting your application tunnels to delay-open, reduce-on-idle "
"and/or close-on-idle.\n"
"This is straightforward if using i2ptunnel but you'll have to implement "
"some of it yourself if using I2CP directly.\n"
"See i2psnark for code that reduces tunnel count and then closes the "
"tunnel, even in the presence of some background DHT activity."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:138
msgid "Updatability"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:139
msgid ""
"Have an auto-update feature if at all possible, or at least auto-"
"notification of a new version.\n"
"Our biggest fear is a huge number of routers out there that can't be "
"updated.\n"
"We have about 6-8 releases a year of the Java router, and it's critical "
"to the health of the network that the users keep up.\n"
"We usually have over 80&#37; of the network on the latest release within "
"6 weeks after the release, and we'd like to keep it that way.\n"
"You don't need to worry about disabling the router's built-in auto-update"
" function, as that code is in the router console,\n"
"which you presumably are not bundling."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:150
msgid "Rollout"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:151
msgid ""
"Have a gradual rollout plan. Don't overwhelm the network all at once.\n"
"We currently have approximately 25K unique users per day and 40K uniques "
"per month.\n"
"We are probably able to handle growth of 2-3X per year without too much "
"issue.\n"
"If you anticipate a faster rampup than that, OR the bandwidth "
"distribution (or uptime distribution,\n"
"or any other significant characteristic) of your userbase is "
"significantly different from our current userbase,\n"
"we really need to have a discussion.\n"
"The bigger your growth plans, the more important everthing else in this "
"checklist is."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:163
msgid "Design for and Encourage Long Uptimes"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:164
msgid ""
"Tell your users that I2P works best if it keeps running.\n"
"It may be several minutes after startup before it works well, and even "
"more after first install.\n"
"If your average uptime is less than an hour, I2P is probably the wrong "
"solution."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:172
msgid "Show Status"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:173
msgid ""
"Provide some indication to the user that the application tunnels are "
"ready. Encourage patience."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:178
msgid "Graceful Shutdown"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:179
msgid ""
"If possible, delay the shutdown until your participating tunnels expire.\n"
"Don't let your users break tunnels easily, or at least ask them to "
"confirm."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:185
msgid "Education and Donation"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:186
msgid ""
"It would be nice if you give your users links to learn more about I2P and"
" to donate."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:192
msgid "External Router Option"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:193
msgid ""
"Depending on your user base and application,\n"
"it may be helpful to provide an option or a separate package to use an "
"external router."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:200
msgid "Use of other Common Services"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:201
msgid ""
"If you plan to use or link to other common I2P services (news feeds, "
"hosts.txt subscriptions, trackers, outproxies, etc.),\n"
"make sure you aren't overloading them,\n"
"and talk to the people who are running them to make sure it's ok."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:209
msgid "Time / NTP Issues"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:210
msgid ""
"I2P includes an SNTP client. I2P requires correct time to operate.\n"
"It will compensate for a skewed system clock but this may delay startup. "
"You may disable I2P's SNTP queries,\n"
"but this isn't advised unless your application makes sure the system "
"clock is correct."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:218
msgid "Choose What and How you Bundle"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:219
msgid ""
"At a minimum you will need i2p.jar, router.jar, streaming.jar, and "
"mstreaming.jar.\n"
"You may omit the two streaming jars for a datagram-only app.\n"
"Some apps may need more, e.g. i2ptunnel.jar or addressbook.jar.\n"
"Don't forget jbigi.jar, or a subset of it for the platforms you support, "
"to make the crypto much faster.\n"
"We are currently building them for Java 6, as of 0.9.14. The source is "
"mostly compatible with Java 5 if you want to do your own compile,\n"
"but we may start using Java 6 features at any time without notice.\n"
"We plan to migrate to Java 7 in 2015.\n"
"If you're building Debian / Ubuntu packages, you should require the I2P "
"package from our PPA instead of bundling it.\n"
"You almost certainly do not need susimail, susidns, the router console, "
"and i2psnark, for example."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:230
msgid ""
"The following files should be included in the I2P installation directory,"
" specified with the \"i2p.dir.base\" property.\n"
"Don't forget certificates/reseed and certificates/ssl, required for "
"reseeding, and blocklist.txt for IP validation.\n"
"The geoip directory is optional, but recommended so the router can make "
"decisions based on location.\n"
"The hosts.txt file may be necessary, you may modify it to include any "
"hosts your application uses.\n"
"You may add a router.config file to the base directory to override "
"initial defaults."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:237
msgid ""
"License requirements may require you to include the LICENSES.txt file and"
" the licenses directory."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:243
msgid "You may also wish to bundle a hosts.txt file."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:246
msgid "Be sure to specify a Java 6 bootclasspath if compiling with Java 8."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:254
msgid "Datagram (DHT) considerations"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:255
msgid ""
"If your application is using I2P datagrams, e.g. for a DHT,\n"
"there's lots of advanced options available to reduce overhead and "
"increase reliability.\n"
"This may take some time and experimentation to get working well.\n"
"Be aware of size/reliability tradeoffs. Talk to us for help.\n"
"It is possible - and recommended - to use Datagrams and Streaming on the "
"same Destination.\n"
"Don't create separate Destinations for this.\n"
"Don't try to store your unrelated data in the existing network DHTs "
"(iMule, bote, bittorrent, and router).\n"
"Build your own. If you are hardcoding seed nodes, we recommend that you "
"have several."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:268
msgid "Comarketing"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:269
msgid ""
"Let's work together. Don't wait until it's done.\n"
"Give us your Twitter handle and start tweeting about it, we will return "
"the favor."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:275
msgid "Malware"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:276
msgid ""
"Please don't use I2P for evil.\n"
"It could cause great harm both to our network and our reputation."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:282
msgid "Join Us"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:283
msgid ""
"This may be obvious, but join the community. Run I2P 24/7. Start an "
"eepsite about your project.\n"
"Hang out in IRC #i2p-dev. Post on the forums. Spread the word.\n"
"We can help get you users, testers, translators, or even coders."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:291
msgid "Application Examples"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:292
msgid ""
"You may wish to install and play with the I2P Android app, and look at "
"its code, for an example of an application that bundles the router.\n"
"See what we expose to the user and what we hide.\n"
"Look at the state machine we use to start and stop the router.\n"
"Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak,"
" and Monero."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:300
msgid "Code Example"
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:301
msgid ""
"None of the above actually tells you how to write your code to\n"
"bundle the Java router, so following is a brief example."
msgstr ""
#: i2p2www/pages/site/docs/applications/embedding.html:331
msgid ""
"This code is for the case where your application starts the router, as in"
" our Android app.\n"
"You could also have the router start the application via the "
"clients.config and i2ptunnel.config files,\n"
"together with Jetty webapps,\n"
"as is done in our Java packages.\n"
"As always, state management is the difficult part."
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:3
msgid "February 2014"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:8
#, python-format
msgid ""
"Clients may be started directly by the router when they are listed\n"
"in the <a href=\"%(configspec)s\">clients.config</a> file.\n"
"These clients may be \"managed\" or \"unmanaged\".\n"
"This is handled by the ClientAppManager.\n"
"Additionally, managed or unmanaged clients may register with the\n"
"ClientAppManager so that other clients may retrieve a reference to them.\n"
"There is also a simple Port Mapper facility for clients to register an\n"
"internal port that other clients may look up."
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:21
msgid ""
"As of release 0.9.4, the router supports managed clients.\n"
"Managed clients are instantiated and started by the ClientAppManager.\n"
"The ClientAppManager maintains a reference to the client and receives "
"updates on the client's state.\n"
"Managed clients are preferred, as it is much easier to implement state "
"tracking\n"
"and to start and stop a client. It also is much easier to avoid static "
"references in the client code\n"
"which could lead to excessive memory usage after a client is stopped.\n"
"Managed clients may be started and stopped by the user in the router "
"console,\n"
"and are stopped at router shutdown."
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:31
msgid ""
"Managed clients implement either the net.i2p.app.ClientApp or "
"net.i2p.router.app.RouterApp interface.\n"
"Clients implementing the ClientApp interface must provide the following "
"constructor:"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:38
msgid ""
"Clients implementing the RouterApp interface must provide the following "
"constructor:"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:44
msgid "The arguments provided are specified in the clients.config file."
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:48
msgid "Unmanaged Clients"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:49
msgid ""
"If the main class specified in the clients.config file does not implement"
" a managed interface,\n"
"it will be started with main() with the arguments specified,\n"
"and stopped with main() with the arguments specified.\n"
"The router does not maintain a reference, since all interactions are via "
"the static main() method.\n"
"The console cannot provide accurate state information to the user."
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:57
msgid "Registered Clients"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:58
msgid ""
"Clients, whether managed or unmanaged, may register with the "
"ClientAppManager\n"
"so that other clients may retrieve a reference to them.\n"
"Registration is by name.\n"
"Known registered clients are:"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:68
msgid "Port Mapper"
msgstr ""
#: i2p2www/pages/site/docs/applications/managed-clients.html:69
msgid ""
"The router also provides a simple mechanism for clients to find an "
"internal socket service,\n"
"such as the HTTP proxy. This is provided by the Port Mapper.\n"
"Registration is by name.\n"
"Clients that register generally provide an internal emulated socket on "
"that port."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:2
msgid "Supported Applications"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:5
#: i2p2www/pages/site/docs/applications/supported.html:183
msgid "Blogging, Forums, and Wikis"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:7
#: i2p2www/pages/site/docs/applications/supported.html:229
msgid "Decentralized File Storage"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:10
#: i2p2www/pages/site/docs/applications/supported.html:241
msgid "Development Tools"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:13
#: i2p2www/pages/site/docs/applications/supported.html:243
msgid "Version control"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:17
#: i2p2www/pages/site/docs/applications/supported.html:262
msgid "Domain Naming"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:19
#: i2p2www/pages/site/docs/applications/supported.html:280
msgid "Email"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:22
#: i2p2www/pages/site/docs/applications/supported.html:325
msgid "File Sharing"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:25
#: i2p2www/pages/site/docs/applications/supported.html:327
msgid "BitTorrent clients"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:27
#: i2p2www/pages/site/docs/applications/supported.html:369
msgid "BitTorrent trackers and indexers"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:36
#: i2p2www/pages/site/docs/applications/supported.html:436
msgid "Network Administration"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:39
#: i2p2www/pages/site/docs/applications/supported.html:438
msgid "General-purpose socket utilities"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:46
#: i2p2www/pages/site/docs/applications/supported.html:479
msgid "Real-time Chat"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:49
#: i2p2www/pages/site/docs/applications/supported.html:481
msgid "Instant messaging clients"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:51
#: i2p2www/pages/site/docs/applications/supported.html:491
msgid "IRC clients"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:53
#: i2p2www/pages/site/docs/applications/supported.html:542
msgid "IRC servers"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:58
#: i2p2www/pages/site/docs/applications/supported.html:558
msgid "Web Browsing"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:61
#: i2p2www/pages/site/docs/applications/supported.html:560
msgid "Anonymous websites"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:63
#: i2p2www/pages/site/docs/applications/supported.html:609
msgid "Proxy software"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:65
#: i2p2www/pages/site/docs/applications/supported.html:634
msgid "Inproxies"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:67
#: i2p2www/pages/site/docs/applications/supported.html:674
msgid "Outproxies"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:72
#: i2p2www/pages/site/docs/applications/supported.html:688
msgid "Website Hosting"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:75
#: i2p2www/pages/site/docs/applications/supported.html:703
msgid "Web servers"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:82
#, python-format
msgid ""
"This is intended to be a comprehensive listing of applications used with\n"
"I2P. If you know of something that's missing please submit a ticket on\n"
"<a href=\"%(trac)s\">Trac</a>, and be sure to select the\n"
"“www” component in the submission form."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:89
msgid ""
"\n"
"Supported applications are tagged with one or more of the following:"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:94
#: i2p2www/pages/site/docs/applications/supported.html:276
#: i2p2www/pages/site/docs/applications/supported.html:308
#: i2p2www/pages/site/docs/applications/supported.html:333
#: i2p2www/pages/site/docs/applications/supported.html:700
msgid "bundled"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:97
msgid ""
"<em>Bundled application</em> — I2P ships with a few officially\n"
"supported applications that let new users take immediate advantage of\n"
"some of I2P's more useful capabilities."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:104
#: i2p2www/pages/site/docs/applications/supported.html:192
#: i2p2www/pages/site/docs/applications/supported.html:205
#: i2p2www/pages/site/docs/applications/supported.html:217
#: i2p2www/pages/site/docs/applications/supported.html:225
#: i2p2www/pages/site/docs/applications/supported.html:238
#: i2p2www/pages/site/docs/applications/supported.html:289
#: i2p2www/pages/site/docs/applications/supported.html:401
#: i2p2www/pages/site/docs/applications/supported.html:423
#: i2p2www/pages/site/docs/applications/supported.html:432
#: i2p2www/pages/site/docs/applications/supported.html:520
msgid "plugin"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:107
#, python-format
msgid ""
"<em>Third-party plugin</em> — I2P's plugin system provides convenient\n"
"deployment of I2P-enabled applications and allows tighter integration\n"
"with the router. Plugins are [reviewed by the community](<a href=\n"
"\"http://%(plugins)s\">http://%(plugins)s</a>) to identify security and\n"
"anonymity issues."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:118
#: i2p2www/pages/site/docs/applications/supported.html:217
#: i2p2www/pages/site/docs/applications/supported.html:225
#: i2p2www/pages/site/docs/applications/supported.html:238
#: i2p2www/pages/site/docs/applications/supported.html:249
#: i2p2www/pages/site/docs/applications/supported.html:258
#: i2p2www/pages/site/docs/applications/supported.html:321
#: i2p2www/pages/site/docs/applications/supported.html:339
#: i2p2www/pages/site/docs/applications/supported.html:350
#: i2p2www/pages/site/docs/applications/supported.html:365
#: i2p2www/pages/site/docs/applications/supported.html:411
#: i2p2www/pages/site/docs/applications/supported.html:423
#: i2p2www/pages/site/docs/applications/supported.html:432
#: i2p2www/pages/site/docs/applications/supported.html:447
#: i2p2www/pages/site/docs/applications/supported.html:453
#: i2p2www/pages/site/docs/applications/supported.html:459
#: i2p2www/pages/site/docs/applications/supported.html:469
#: i2p2www/pages/site/docs/applications/supported.html:475
#: i2p2www/pages/site/docs/applications/supported.html:487
#: i2p2www/pages/site/docs/applications/supported.html:520
#: i2p2www/pages/site/docs/applications/supported.html:526
#: i2p2www/pages/site/docs/applications/supported.html:532
#: i2p2www/pages/site/docs/applications/supported.html:538
#: i2p2www/pages/site/docs/applications/supported.html:615
#: i2p2www/pages/site/docs/applications/supported.html:624
#: i2p2www/pages/site/docs/applications/supported.html:630
#: i2p2www/pages/site/docs/applications/supported.html:700
#: i2p2www/pages/site/docs/applications/supported.html:715
#: i2p2www/pages/site/docs/applications/supported.html:721
#: i2p2www/pages/site/docs/applications/supported.html:727
#: i2p2www/pages/site/docs/applications/supported.html:733
msgid "standalone"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:118
#: i2p2www/pages/site/docs/applications/supported.html:192
#: i2p2www/pages/site/docs/applications/supported.html:199
#: i2p2www/pages/site/docs/applications/supported.html:205
#: i2p2www/pages/site/docs/applications/supported.html:211
#: i2p2www/pages/site/docs/applications/supported.html:359
#: i2p2www/pages/site/docs/applications/supported.html:383
#: i2p2www/pages/site/docs/applications/supported.html:392
#: i2p2www/pages/site/docs/applications/supported.html:548
#: i2p2www/pages/site/docs/applications/supported.html:554
msgid "standalone/mod"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:121
msgid ""
"<em>Third-party standalone application</em> — Many standard network\n"
"applications only require careful setup and configuration to communicate\n"
"anonymously over I2P. These are tagged with <em>standalone</em>. Some\n"
"applications, tagged with <em>standalone/mod</em>, require patching to\n"
"function properly over I2P or to prevent inadvertent disclosure of\n"
"identifying information such as the user's hostname or external IP\n"
"address."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:132
#: i2p2www/pages/site/docs/applications/supported.html:299
#: i2p2www/pages/site/docs/applications/supported.html:568
#: i2p2www/pages/site/docs/applications/supported.html:578
#: i2p2www/pages/site/docs/applications/supported.html:587
#: i2p2www/pages/site/docs/applications/supported.html:593
#: i2p2www/pages/site/docs/applications/supported.html:599
#: i2p2www/pages/site/docs/applications/supported.html:605
#: i2p2www/pages/site/docs/applications/supported.html:646
#: i2p2www/pages/site/docs/applications/supported.html:654
#: i2p2www/pages/site/docs/applications/supported.html:663
#: i2p2www/pages/site/docs/applications/supported.html:670
#: i2p2www/pages/site/docs/applications/supported.html:684
msgid "service"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:135
msgid ""
"<em>Third-party essential network service</em> — Services which on\n"
"the I2P network are analogous to those provided on the public Internet\n"
"by hosting providers, ISPs, and Google: eepsite indexes and jump\n"
"services, search engines, email, DNS-style name services, hosting,\n"
"proxies, etc. These services focus on boosting the usefulness of the\n"
"network as a whole, and making network content more discoverable."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:145
#: i2p2www/pages/site/docs/applications/supported.html:217
#: i2p2www/pages/site/docs/applications/supported.html:365
msgid "unmaintained"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:148
msgid ""
"<em>Unmaintained</em> — This is used to tag plugins, applications,\n"
"and services which appear to be unmaintained and may be removed from\n"
"this listing in the future."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:156
#, python-format
msgid ""
"Warning: Using an application, plugin, or service with I2P\n"
"doesn't automatically protect your anonymity. I2P is merely a set of "
"tools\n"
"which can help you mitigate certain <a "
"href=\"%(threatmodel)s\">identified\n"
"threats to anonymity</a>. We do not and cannot make any guarantees about "
"the\n"
"safety of the applications, plugins, and services listed below. Most\n"
"applications and plugins must be properly configured, and some will need "
"to\n"
"be patched — and even then your anonymity might not be assured. "
"Similarly,\n"
"services could put your anonymity at risk, either by design or through\n"
"carelessness on their part or your own."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:168
msgid ""
"If you have doubts about the suitability of an application,\n"
"plugin, or service for use with I2P, you are urged to inquire about "
"privacy\n"
"issues with its maintainers, to search its mailing lists and bug tracker "
"if\n"
"one exists, and consult trusted, knowledgeable members of the I2P\n"
"community."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:176
msgid ""
"Take responsibility for your own anonymity and safety — always\n"
"seek expert advice, educate yourself, practice good judgment, be mindful "
"of\n"
"disclosing personally identifying information, and don't take\n"
"shortcuts."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:198
msgid "Lightweight forum software."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:204
msgid "Another lightweight blogging platform."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:210
msgid "Most popular open source forum software."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:216
msgid "Distributed forums software, originally developed by jrandom."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:221
#, python-format
msgid ""
"A Java-based MediaWiki clone. No external database needed.\n"
"Plugin available <a href=\"http://%(plugins)s/plugins/jamwiki\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:233
#, python-format
msgid ""
"Port of the <a href=\"http://tahoe-lafs.org/\"><strong>Tahoe-"
"LAFS</strong></a>\n"
"distributed file system to the I2P network. Controller plugin <a href=\n"
"\"http://%(stats)s/i2p/plugins/\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:248
msgid "Most popular distributed version control system."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:254
#, python-format
msgid ""
"Another distributed version control system. Currently\n"
"<a href=\"%(monotone)s\">used in I2P development</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:266
#, python-format
msgid ""
"Provides management of addressbooks, which are part of a simple,\n"
"user-controlled <a href=\"%(naming)s\">I2P naming system</a> somewhat\n"
"analogous to the Internet's Domain Name System (DNS). Addressbooks map\n"
"Base64 destinations to short, usually human-readable “domain” names "
"ending\n"
"with a .i2p suffix which the I2P router's HTTP client can resolve back to"
"\n"
"Base64 addresses. (<em>Note:</em> While Base64 destinations are globally\n"
"unique, addressbook “domain” names only resolve to unique destinations\n"
"locally.)"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:285
msgid ""
"Serverless peer-to-peer email application using a distributed hash table\n"
"(DHT) for secure mail storage."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:294
msgid ""
"Provides email service within the I2P network via @mail.i2p addresses,\n"
"and email gateway service between the I2P network and the public Internet"
"\n"
"via @i2pmail.org addresses. One of the oldest continuous services on I2P."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:304
msgid ""
"Simple web browser-based email interface. Configured to use Postman's\n"
"email service by default."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:313
#, python-format
msgid ""
"Can be configured to use Postman's email service. See\n"
"<a href=\"%(reviews)s\">this comparison of MUAs</a>,\n"
"and configuration settings for\n"
"<a href=\"%(smtp)s\">SMTP</a> and <a href=\"%(pop3)s\">POP3</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:332
msgid "I2P's integrated BitTorrent client."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:338
msgid "Modified version of I2PSnark."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:344
msgid ""
"\n"
"A fork of rufus that uses the Basic Open Bridge (BOB) and has many\n"
"improvements, including using the latest wxwidgets and python. It also\n"
"supports use of seedless if installed for trackerless torrents and\n"
"magnet-link like fetching of torrents within I2P.\n"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:355
msgid ""
"Clean, full-featured cross-platform BitTorrent client with official\n"
"ports for several GUI toolkits."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:364
msgid "Has a plugin providing I2P support."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:371
#, python-format
msgid ""
"For a detailed feature comparison of I2P-enabled trackers/indexers, see\n"
"<a href=\"http://%(zzz)s/files/trackers.html\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:379
msgid ""
"The code that powered one of the first major tracker/indexer sites on the"
"\n"
"Internet. Patched for I2P."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:388
#, python-format
msgid ""
"Lightweight tracker/indexer. I2P mod available in the i2p.opentracker\n"
"branch of the <a href=\"%(newdevs)s\">I2P Monotone repository</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:397
#, python-format
msgid ""
"<a href=\"http://%(zzz)s/\">zzz's</a> Java-based open tracker. More info\n"
"<a href=\"http://%(zzz)s/topics/598?page=1#p2085\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:410
msgid "I2P port of the aMule ED2K client."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:419
#, python-format
msgid ""
"Port of the <a href=\"http://www.phex.org/mambo/\">Phex</a> Gnutella "
"client. Website\n"
"for plugin version <a href=\"http://%(stats)s/i2p/plugins/\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:428
#, python-format
msgid ""
"Cache for Gnutella peers on I2P. Website for plugin version\n"
"<a href=\"http://%(stats)s/i2p/plugins/\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:443
msgid ""
"Unix standard tool for socket relaying. Several clones, ports, and forks\n"
"have appeared over the years."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:452
msgid "Like netcat but more powerful."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:458
msgid ""
"Proxy providing simple, transparent SOCKS-ification of network "
"applications."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:468
msgid ""
"Most popular implementation of the Secure Shell (SSH) protocol and "
"related tools."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:474
msgid "Open source Secure Shell (SSH) client for Windows."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:486
msgid "IM client with multiple incarnations."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:493
msgid ""
"Many IRC clients leak identifying information to servers or other\n"
"clients, so I2P's IRC and SOCKS IRC client tunnels filter certain inbound"
"\n"
"and outbound messages to scrub data such as LAN IP addresses, external IP"
"\n"
"addresses, local hostnames, and the name and version of the IRC client. "
"Two\n"
"message types in particular, DCC and CTCP, can't be sufficiently "
"anonymized\n"
"without changes to the protocols or to IRC client/server code, so they "
"are\n"
"completely blocked, except for CTCP ACTION (the message emitted by the\n"
"<code>/me</code> command) which isn't inherently dangerous."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:504
msgid ""
"I2P's IRC filtering may not cover every possible leak — users should also"
"\n"
"check if their client is sending their real name or local username. "
"Packet\n"
"sniffers such as <a href=\"http://www.wireshark.org/\">Wireshark</a> are\n"
"useful here. Eliminating remaining leaks may be as simple as changing the"
"\n"
"client's default configuration. If that doesn't help, inform the I2P\n"
"developers; they may be able to solve it via additional filtering."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:516
#, python-format
msgid ""
"Small Java-based IRC client. Plugin available <a href=\n"
"\"http://%(stats)s/i2p/plugins/\">here</a>."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:525
msgid "Cross-platform graphical IRC client."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:531
msgid "Unixy terminal-based IRC client."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:537
msgid "Another Unixy terminal-based IRC client."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:547
msgid "IRC server developed from scratch."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:553
msgid "Most popular IRC server."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:565
msgid ""
"Any website hosted anonymously on I2P, reachable through the I2P router's"
" HTTP proxy."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:573
msgid ""
"Distributed anonymous websites hosted\n"
"using Tahoe-LAFS-I2P, currently only reachable with Tahoe-LAFS-I2P\n"
"clients or through the Tahoe-LAFS-I2P HTTP proxy."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:583
#, python-format
msgid ""
"Website for <a href=\"http://%(sponge)s/\">sponge's</a> jump service.\n"
"Source code available."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:592
msgid "Another jump service."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:598
msgid "Dynamically updated eepsite index."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:604
#, python-format
msgid "Website for <a href=\"http://%(zzz)s/\">zzz's</a> jump service."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:614
msgid "SOCKS-enabled caching web proxy with basic filtering capabilities."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:620
msgid ""
"Privacy-focused non-caching web proxy with advanced filtering\n"
"capabilities. Excels at removing ads and other junk."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:629
msgid "Venerable caching web proxy."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:636
msgid "Gateways allowing users on the public Internet to access eepsites."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:643
#, python-format
msgid "<a href=\"http://%(tino)s/\">tino's</a> inproxy on the public Internet."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:651
#: i2p2www/pages/site/docs/applications/supported.html:660
#: i2p2www/pages/site/docs/applications/supported.html:667
msgid "Another inproxy on the public Internet."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:676
msgid ""
"Gateways allowing I2P users to access content hosted on the public "
"Internet."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:683
msgid "Publicly advertised outproxy running Squid, located in Europe."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:693
msgid ""
"Lightweight web server and Java servlet container. I2P is tightly\n"
"integrated with a bundled copy of Jetty which by default is configured to"
"\n"
"host the <a href=\"http://127.0.0.1:7658/\">user's eepsite</a>. The "
"bundled\n"
"Jetty also serves the I2P router console and web applications bundled "
"with\n"
"I2P."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:705
msgid ""
"In addition to Jetty, any web server should function over I2P without\n"
"modification so long as it's HTTP-compliant. Some web servers known to\n"
"currently serve content on the I2P network are:"
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:714
msgid "Most popular web server on the public WWW."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:720
msgid "Web server and Java servlet container. More features than Jetty."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:726
msgid "Fast lightweight web server."
msgstr ""
#: i2p2www/pages/site/docs/applications/supported.html:732
msgid "High-performance lightweight web server."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:2
msgid "Naming discussion"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:4
#, python-format
msgid ""
"NOTE: The following is a discussion of the reasons behind the I2P naming "
"system,\n"
"common arguments and possible alternatives.\n"
"See <a href=\"%(naming)s\">the naming page</a> for current documentation."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:10
msgid "Discarded alternatives"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:12
msgid ""
"Naming within I2P has been an oft-debated topic since the very beginning "
"with\n"
"advocates across the spectrum of possibilities. However, given I2P's "
"inherent\n"
"demand for secure communication and decentralized operation, the "
"traditional\n"
"DNS-style naming system is clearly out, as are \"majority rules\" voting "
"systems."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:19
msgid ""
"I2P does not promote the use of DNS-like services though, as the damage "
"done\n"
"by hijacking a site can be tremendous - and insecure destinations have no"
"\n"
"value. DNSsec itself still falls back on registrars and certificate "
"authorities,\n"
"while with I2P, requests sent to a destination cannot be intercepted or "
"the reply\n"
"spoofed, as they are encrypted to the destination's public keys, and a "
"destination\n"
"itself is just a pair of public keys and a certificate. DNS-style "
"systems on the\n"
"other hand allow any of the name servers on the lookup path to mount "
"simple denial\n"
"of service and spoofing attacks. Adding on a certificate authenticating "
"the\n"
"responses as signed by some centralized certificate authority would "
"address many of\n"
"the hostile nameserver issues but would leave open replay attacks as well"
" as \n"
"hostile certificate authority attacks."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:33
msgid ""
"Voting style naming is dangerous as well, especially given the "
"effectiveness of\n"
"Sybil attacks in anonymous systems - the attacker can simply create an "
"arbitrarily\n"
"high number of peers and \"vote\" with each to take over a given name. "
"Proof-of-work\n"
"methods can be used to make identity non-free, but as the network grows "
"the load\n"
"required to contact everyone to conduct online voting is implausible, or "
"if the\n"
"full network is not queried, different sets of answers may be reachable."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:42
msgid ""
"As with the Internet however, I2P is keeping the design and operation of "
"a \n"
"naming system out of the (IP-like) communication layer. The bundled "
"naming library\n"
"includes a simple service provider interface which <a "
"href=\"#alternatives\">alternate naming systems</a> can\n"
"plug into, allowing end users to drive what sort of naming tradeoffs they"
" prefer."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:50
msgid ""
"See also <a href=\"https://zooko.com/distnames.html\">Names: "
"Decentralized, Secure, Human-Meaningful: Choose Two</a>."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:55
msgid "(adapted from a post in the old Syndie, November 26, 2005)"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:58
msgid ""
"Q:\n"
"What to do if some hosts \n"
"do not agree on one address and if some addresses are working, others are"
" not? \n"
"Who is the right source of a name?"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:64
msgid ""
"A:\n"
"You don't. This is actually a critical difference between names on I2P "
"and how \n"
"DNS works - names in I2P are human readable, secure, but <b>not globally"
" \n"
"unique</b>. This is by design, and an inherent part of our need for "
"security."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:70
msgid ""
"If I could somehow convince you to change the destination associated with"
" some \n"
"name, I'd successfully \"take over\" the site, and under no circumstances"
" is that \n"
"acceptable. Instead, what we do is make names <b>locally unique</b>: "
"they are \n"
"what <i>you</i> use to call a site, just as how you can call things "
"whatever \n"
"you want when you add them to your browser's bookmarks, or your IM "
"client's \n"
"buddy list. Who you call \"Boss\" may be who someone else calls "
"\"Sally\"."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:78
msgid "Names will not, ever, be securely human readable and globally unique."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:83
msgid ""
"The following from zzz is a review of several common\n"
"complaints about I2P's naming system."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:89
msgid ""
"<b>Inefficiency:</b>\n"
"The whole hosts.txt is downloaded (if it has changed, since eepget uses "
"the etag and last-modified headers).\n"
"It's about 400K right now for almost 800 hosts."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:94
msgid ""
"True, but this isn't a lot of traffic in the context of i2p, which is "
"itself wildly inefficient\n"
"(floodfill databases, huge encryption overhead and padding, garlic "
"routing, etc.).\n"
"If you downloaded a hosts.txt file from someone every 12 hours it "
"averages out to about 10 bytes/sec."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:99
msgid ""
"As is usually the case in i2p, there is a fundamental tradeoff here "
"between anonymity and efficiency.\n"
"Some would say that using the etag and last-modified headers is hazardous"
" because it exposes when you\n"
"last requested the data.\n"
"Others have suggested asking for specific keys only (similar to what jump"
" services do, but\n"
"in a more automated fashion), possibly at a further cost in anonymity."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:106
#, python-format
msgid ""
"Possible improvements would be a replacement or supplement to addressbook"
" (see <a href=\"http://%(i2host)s/\">%(i2host)sp</a>),\n"
"or something simple like subscribing to http://example.i2p/cgi-"
"bin/recenthosts.cgi rather than http://example.i2p/hosts.txt.\n"
"If a hypothetical recenthosts.cgi distributed all hosts from the last 24 "
"hours, for example,\n"
"that could be both more efficient and more anonymous than the current "
"hosts.txt with last-modified and etag."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:112
#, python-format
msgid ""
"A sample implementation is on stats.i2p at\n"
"<a href=\"%(url)s\">%(url)s</a>.\n"
"This script returns an Etag with a timestamp.\n"
"When a request comes in with the If-None-Match etag,\n"
"the script ONLY returns new hosts since that timestamp, or 304 Not "
"Modified if there are none.\n"
"In this way, the script efficiently returns only the hosts the subscriber"
"\n"
"does not know about, in an addressbook-compatible manner."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:121
msgid ""
"So the inefficiency is not a big issue and there are several ways to "
"improve things without\n"
"radical change."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:127
msgid ""
"<b>Not Scalable:</b>\n"
"The 400K hosts.txt (with linear search) isn't that big at the moment and\n"
"we can probably grow by 10x or 100x before it's a problem."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:132
msgid ""
"As far as network traffic see above.\n"
"But unless you're going to do a slow real-time query over the network for"
"\n"
"a key, you need to have the whole set of keys stored locally, at a cost "
"of about 500 bytes per key."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:139
msgid ""
"<b>Requires configuration and \"trust\":</b>\n"
"Out-of-the-box addressbook is only subscribed to "
"http://www.i2p2.i2p/hosts.txt, which is rarely updated,\n"
"leading to poor new-user experience."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:144
msgid ""
"This is very much intentional. jrandom wants a user to \"trust\" a "
"hosts.txt\n"
"provider, and as he likes to say, \"trust is not a boolean\".\n"
"The configuration step attempts to force users to think about issues of "
"trust in an anonymous network."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:149
msgid ""
"As another example, the \"Eepsite Unknown\" error page in the HTTP Proxy\n"
"lists some jump services, but doesn't \"recommend\" any one in "
"particular,\n"
"and it's up to the user to pick one (or not).\n"
"jrandom would say we trust the listed providers enough to list them but "
"not enough to\n"
"automatically go fetch the key from them."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:156
msgid ""
"How successful this is, I'm not sure.\n"
"But there must be some sort of hierarchy of trust for the naming system.\n"
"To treat everyone equally may increase the risk of hijacking."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:163
msgid "<b>It isn't DNS</b>"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:166
msgid ""
"Unfortunately real-time lookups over i2p would significantly slow down "
"web browsing."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:169
msgid ""
"Also, DNS is based on lookups with limited caching and time-to-live, "
"while i2p\n"
"keys are permanent."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:173
msgid "Sure, we could make it work, but why? It's a bad fit."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:178
msgid ""
"<b>Not reliable:</b>\n"
"It depends on specific servers for addressbook subscriptions."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:182
msgid ""
"Yes it depends on a few servers that you have configured.\n"
"Within i2p, servers and services come and go.\n"
"Any other centralized system (for example DNS root servers) would\n"
"have the same problem. A completely decentralized system (everybody is "
"authoritative)\n"
"is possible by implementing an \"everybody is a root DNS server\" "
"solution, or by\n"
"something even simpler, like a script that adds everybody in your "
"hosts.txt to your addressbook."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:190
msgid ""
"People advocating all-authoritative solutions generally haven't thought "
"through\n"
"the issues of conflicts and hijacking, however."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:196
msgid ""
"<b>Awkward, not real-time:</b>\n"
"It's a patchwork of hosts.txt providers, key-add web form providers, jump"
" service providers,\n"
"eepsite status reporters.\n"
"Jump servers and subscriptions are a pain, it should just work like DNS."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:202
msgid "See the reliability and trust sections."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:207
msgid ""
"So, in summary, the current system is not horribly broken, inefficient, "
"or un-scalable,\n"
"and proposals to \"just use DNS\" aren't well thought-through."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:212
msgid "Alternatives"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:213
msgid ""
"The I2P source contains several pluggable naming systems and supports "
"configuration options\n"
"to enable experimentation with naming systems."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:218
msgid ""
"<b>Meta</b> - calls two or more other naming systems in order.\n"
"By default, calls PetName then HostsTxt."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:222
msgid ""
"<b>PetName</b> - Looks up in a petnames.txt file.\n"
"The format for this file is NOT the same as hosts.txt."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:226
msgid "<b>HostsTxt</b> - Looks up in the following files, in order:"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:234
msgid ""
"<b>AddressDB</b> - Each host is listed in a separate file in a addressDb/"
" directory."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:237
msgid ""
"<b>Eepget</b> - does an HTTP lookup request from an external\n"
"server - must be stacked after the HostsTxt lookup with Meta.\n"
"This could augment or replace the jump system.\n"
"Includes in-memory caching."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:243
msgid ""
"<b>Exec</b> - calls an external program for lookup, allows\n"
"additional experimentation in lookup schemes, independent of java.\n"
"Can be used after HostsTxt or as the sole naming system.\n"
"Includes in-memory caching."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:249
msgid "<b>Dummy</b> - used as a fallback for Base64 names, otherwise fails."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:253
msgid ""
"The current naming system can be changed with the advanced config option "
"'i2p.naming.impl'\n"
"(restart required).\n"
"See core/java/src/net/i2p/client/naming for details."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:258
msgid ""
"Any new system should be stacked with HostsTxt, or should\n"
"implement local storage and/or the addressbook subscription functions, "
"since addressbook\n"
"only knows about the hosts.txt files and format."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:264
msgid "Certificates"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:265
msgid ""
"I2P destinations contain a certificate, however at the moment that "
"certificate\n"
"is always null.\n"
"With a null certificate, base64 destinations are always 516 bytes ending "
"in \"AAAA\",\n"
"and this is checked in the addressbook merge mechanism, and possibly "
"other places.\n"
"Also, there is no method available to generate a certificate or add it to"
" a\n"
"destination. So these will have to be updated to implement certificates."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:273
#, python-format
msgid ""
"One possible use of certificates is for <a "
"href=\"%(todo)s#hashcash\">proof of work</a>."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:276
msgid ""
"Another is for \"subdomains\" (in quotes because there is really no such "
"thing,\n"
"i2p uses a flat naming system) to be signed by the 2nd level domain's "
"keys."
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:280
msgid ""
"With any certificate implementation must come the method for verifying "
"the\n"
"certificates.\n"
"Presumably this would happen in the addressbook merge code.\n"
"Is there a method for multiple types of certificates, or multiple "
"certificates?"
msgstr ""
#: i2p2www/pages/site/docs/discussions/naming.html:286
msgid ""
"Adding on a certificate authenticating the\n"
"responses as signed by some centralized certificate authority would "
"address many of\n"
"the hostile nameserver issues but would leave open replay attacks as well"
" as \n"
"hostile certificate authority attacks."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:2
msgid "ElGamal/AES + SessionTag Encryption"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:7
msgid "ElGamal/AES+SessionTags is used for end-to-end encryption."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:11
msgid ""
"As an unreliable, unordered, message based system, I2P uses a simple "
"combination \n"
"of asymmetric and symmetric encryption algorithms to provide data "
"confidentiality \n"
"and integrity to garlic messages. As a whole, the combination is referred"
" \n"
"to as ElGamal/AES+SessionTags, but that is an excessively verbose way to "
"describe \n"
"the use of 2048bit ElGamal, AES256, SHA256, and 32 byte nonces."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:19
#: i2p2www/pages/site/docs/how/tech-intro.html:508
msgid ""
"The first time a router wants to encrypt a garlic message to another "
"router, \n"
"they encrypt the keying material for an AES256 session key with ElGamal "
"and \n"
"append the AES256/CBC encrypted payload after that encrypted ElGamal "
"block. \n"
"In addition to the encrypted payload, the AES encrypted section contains "
"the \n"
"payload length, the SHA256 hash of the unencrypted payload, as well as a "
"number \n"
"of \"session tags\" - random 32 byte nonces. The next time the sender "
"wants \n"
"to encrypt a garlic message to another router, rather than ElGamal "
"encrypt \n"
"a new session key they simply pick one of the previously delivered "
"session \n"
"tags and AES encrypt the payload like before, using the session key used "
"with \n"
"that session tag, prepended with the session tag itself. When a router "
"receives \n"
"a garlic encrypted message, they check the first 32 bytes to see if it "
"matches \n"
"an available session tag - if it does, they simply AES decrypt the "
"message, \n"
"but if it does not, they ElGamal decrypt the first block."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:35
#: i2p2www/pages/site/docs/how/tech-intro.html:524
msgid ""
"Each session tag can be used only once so as to prevent internal "
"adversaries \n"
"from unnecessarily correlating different messages as being between the "
"same \n"
"routers. The sender of an ElGamal/AES+SessionTag encrypted message "
"chooses \n"
"when and how many tags to deliver, prestocking the recipient with enough "
"tags \n"
"to cover a volley of messages. Garlic messages may detect the successful "
"tag \n"
"delivery by bundling a small additional message as a clove (a \"delivery "
"status \n"
"message\") - when the garlic message arrives at the intended recipient "
"and \n"
"is decrypted successfully, this small delivery status message is one of "
"the \n"
"cloves exposed and has instructions for the recipient to send the clove "
"back \n"
"to the original sender (through an inbound tunnel, of course). When the "
"original \n"
"sender receives this delivery status message, they know that the session "
"tags \n"
"bundled in the garlic message were successfully delivered."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:50
msgid ""
"Session tags themselves have a short lifetime, after which they are \n"
"discarded if not used. In addition, the quantity stored for each key is "
"limited, \n"
"as are the number of keys themselves - if too many arrive, either new or "
"old \n"
"messages may be dropped. The sender keeps track whether messages using "
"session \n"
"tags are getting through, and if there isn't sufficient communication it "
"may \n"
"drop the ones previously assumed to be properly delivered, reverting back"
" \n"
"to the full expensive ElGamal encryption.\n"
"A session will continue to exist until all its tags are exhausted or "
"expire."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:61
msgid ""
"Sessions are unidirectional. Tags are delivered from Alice to Bob,\n"
"and Alice then uses the tags, one by one, in subsequent messages to Bob."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:66
msgid ""
"Sessions may be established between Destinations, between Routers, or\n"
"between a Router and a Destination.\n"
"Each Router and Destination maintains its own Session Key Manager to\n"
"keep track of Session Keys and Session Tags.\n"
"Separate Session Key Managers prevents correlation of multiple "
"Destinations\n"
"to each other or a Router by adversaries."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:77
msgid "Message Reception"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:78
msgid ""
"Each message received has one of two\n"
"the two possible conditions:</p>"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:84
msgid ""
"It is part of an existing session and contains a Session Tag and an AES "
"encrypted block"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:85
msgid "It is for a new session and contains both ElGamal and AES encrypted blocks"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:88
msgid ""
"When a router receives a message, it will first assume it is from\n"
"an existing session and attempt to look up the Session Tag and decrypt "
"the following data using AES.\n"
"If that fails, it will assume it is for a new session and attempt to\n"
"decrypt it using ElGamal."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:97
msgid "New Session Message Specification"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:98
msgid ""
"A New Session ElGamal Message contains two parts, an encrypted ElGamal "
"block\n"
"and an encrypted AES block."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:103
msgid "The encrypted message contains:"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:127
msgid "ElGamal Block"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:128
msgid "The encrypted ElGamal Block is always 514 bytes long."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:132
msgid "The unencrypted ElGamal data is 222 bytes long, containing:"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:164
#, python-format
msgid ""
"The 32-byte\n"
"<a href=\"%(commonstructures)s#type_SessionKey\">Session Key</a>\n"
"is the identifier for the session.\n"
"The 32-byte Pre-IV will be used to generate the IV for the AES block that"
" follows;\n"
"the IV is the first 16 bytes of the SHA-256 Hash of the Pre-IV."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:172
#, python-format
msgid ""
"The 222 byte payload is encrypted\n"
"<a href=\"%(cryptography)s#elgamal\">using ElGamal</a>\n"
"and the encrypted block is 514 bytes long.\n"
"</p>"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:179
msgid "AES Block"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:180
msgid "The unencrypted data in the AES block contains the following:"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:254
msgid "Minimum length: 48 bytes"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:257
#, python-format
msgid ""
"The data is then <a href=\"%(cryptography)s\">AES Encrypted</a>,\n"
"using the session key and IV (calculated from the pre-IV) from the "
"ElGamal section.\n"
"The encrypted AES Block length is variable but is always a multiple of 16"
" bytes.\n"
"</p>"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:266
#, python-format
msgid ""
"Actual max payload length, and max block length, is less than 64 KB; see "
"the <a href=\"%(i2np)s\">I2NP Overview</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:269
msgid "New Session Key is currently unused and is never present."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:274
msgid "Existing Session Message Specification"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:275
msgid ""
"The session tags delivered successfully are remembered for a \n"
"brief period (15 minutes currently) until they are used or discarded.\n"
"A tag is used by packaging one in an Existing Session Message that\n"
"contains only an AES encrypted block, and is not preceded by an\n"
"ElGamal block."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:283
msgid ""
"The existing session message is\n"
"as follows:"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:318
msgid ""
"The session tag also serves as\n"
"the pre-IV. The IV is the first 16 bytes of the SHA-256 Hash of the "
"sessionTag."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:323
msgid ""
"To decode a message from an existing session, a router looks up the "
"Session Tag to find an\n"
"associated Session Key. If the Session Tag is found, the AES block is "
"decrypted using the associated Session Key.\n"
"If the tag is not found, the message is assumed to be a <a "
"href=\"#new\">New Session Message</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:331
msgid "Session Tag Configuration Options"
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:332
#, python-format
msgid ""
"As of release 0.9.2, the client may configure the default number of "
"Session Tags to send\n"
"and the low tag threshold for the current session.\n"
"For brief streaming connections or datagrams, these options may be used "
"to significantly reduce bandwidth.\n"
"See the <a href=\"%(i2cp)s#options\">I2CP options specification</a> for "
"details.\n"
"The session settings may also be overridden on a per-message basis.\n"
"See the <a href=\"%(i2cpspec)s#msg_SendMessageExpires\">I2CP Send Message"
" Expires specification</a> for details."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:345
msgid ""
"There are many possible areas to tune the Session Key Manager's "
"algorithms;\n"
"some may interact with the streaming library behavior, or have "
"significant\n"
"impact on overall performance."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:352
msgid ""
"The number of tags delivered could depend on message size, keeping in "
"mind\n"
"the eventual padding to 1KB at the tunnel message layer."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:357
msgid ""
"Clients could send an estimate of session lifetime to the router, as an "
"advisory\n"
"on the number of tags required."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:362
msgid ""
"Delivery of too few tags causes the router to fall back to an expensive "
"ElGamal encryption."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:366
msgid ""
"The router may assume delivery of Session Tags, or await acknowledgement "
"before using them;\n"
"there are tradeoffs for each strategy."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:371
msgid ""
"For very brief messages, almost the full 222 bytes of the pre-IV and "
"padding fields in the ElGamal block\n"
"could be used for the entire message, instead of establishing a session."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:376
msgid ""
"Evaluate padding strategy; currently we pad to a minimum of 128 bytes.\n"
"Would be better to add a few tags to small messages than pad."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:381
msgid ""
"Perhaps things could be more efficient if the Session Tag system was "
"bidirectional,\n"
"so tags delivered in the 'forward' path could be used in the 'reverse' "
"path,\n"
"thus avoiding ElGamal in the initial response.\n"
"The router currently plays some tricks like this when sending\n"
"tunnel test messages to itself."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:389
#, python-format
msgid ""
"Change from Session Tags to\n"
"<a href=\"%(futureperf)s#prng\">a synchronized PRNG</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/elgamal-aes.html:394
#, python-format
msgid ""
"Several of these ideas may require a new I2NP message type, or\n"
"set a flag in the\n"
"<a "
"href=\"%(tunnelmessage)s#struct_TunnelMessageDeliveryInstructions\">Delivery"
" Instructions</a>,\n"
"or set a magic number in the first few bytes of the Session Key field\n"
"and accept a small risk of the random Session Key matching the magic "
"number."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:2
msgid "Garlic Routing"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:3
msgid "March 2014"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:6
msgid "Garlic Routing and \"Garlic\" Terminology"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:7
msgid ""
"The terms \"garlic routing\" and \"garlic encryption\" are often used "
"rather loosely when referring to I2P's technology.\n"
"Here, we explain the history of the terms, the various meanings, and\n"
"the usage of \"garlic\" methods in I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:13
msgid ""
"\"Garlic routing\" was first coined by\n"
"<a href=\"http://www.cs.princeton.edu/~mfreed/\">Michael J. Freedman</a>\n"
"in Roger Dingledine's Free Haven \n"
"<a href=\"http://www.freehaven.net/papers.html\">Master's thesis</a> "
"Section 8.1.1 (June 2000), as derived from \n"
"<a href=\"http://www.onion-router.net/\">Onion Routing</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:21
msgid ""
"\"Garlic\" may have been used originally by I2P developers because I2P "
"implements a form of\n"
"bundling as Freedman describes, or simply to emphasize general "
"differences from Tor.\n"
"The specific reasoning may be lost to history.\n"
"Generally, when referring to I2P, the term \"garlic\" may mean one of "
"three things:"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:28
#: i2p2www/pages/site/docs/how/garlic-routing.html:39
msgid "Layered Encryption"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:29
msgid "Bundling multiple messages together"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:30
#: i2p2www/pages/site/docs/how/garlic-routing.html:96
msgid "ElGamal/AES Encryption"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:33
msgid ""
"Unfortunately, I2P's usage of \"garlic\" terminology over the past seven "
"years has not always been precise; therefore the reader is\n"
"cautioned when encountering the term.\n"
"Hopefully, the explanation below will make things clear."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:40
msgid ""
"Onion routing is a technique for building paths, or tunnels, through a "
"series of peers,\n"
"and then using that tunnel.\n"
"Messages are repeatedly encrypted by the originator, and then decrypted "
"by each hop.\n"
"During the building phase, only the routing instructions for the next hop"
" are exposed to each peer.\n"
"During the operating phase, messages are passed through the tunnel, and "
"the\n"
"message and its routing instructions are only exposed to the endpoint of "
"the tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:49
#, python-format
msgid ""
"This is similar to the way Mixmaster\n"
"(see <a href=\"%(comparisons)s\">network comparisons</a>) sends messages "
"- taking a message, encrypting it\n"
"to the recipient's public key, taking that encrypted message and "
"encrypting\n"
"it (along with instructions specifying the next hop), and then taking "
"that\n"
"resulting encrypted message and so on, until it has one layer of "
"encryption\n"
"per hop along the path."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:58
msgid ""
"In this sense, \"garlic routing\" as a general concept is identical to "
"\"onion routing\".\n"
"As implemented in I2P, of course, there are several differences from the "
"implementation in Tor; see below.\n"
"Even so, there are substantial similarities such that I2P benefits from a"
"\n"
"<a href=\"http://www.onion-router.net/Publications.html\">large amount of"
" academic research on onion routing</a>,\n"
"<a href=\"http://freehaven.net/anonbib/topic.html\">Tor, and similar "
"mixnets</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:67
msgid "Bundling Multiple Messages"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:68
msgid ""
"Michael Freedman defined \"garlic routing\" as an extension to onion "
"routing,\n"
"in which multiple messages are bundled together.\n"
"He called each message a \"bulb\".\n"
"All the messages, each with its own delivery instructions, are exposed at"
" the\n"
"endpoint.\n"
"This allows the efficient bundling of an onion routing \"reply block\" "
"with the original message."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:77
msgid ""
"This concept is implemented in I2P, as described below.\n"
"Our term for garlic \"bulbs\" is \"cloves\".\n"
"Any number of messages can be\n"
"contained, instead of just a single message.\n"
"This is a significant distinction from the onion routing implemented in "
"Tor.\n"
"However, it is only one of many major architectural differences between "
"I2P and Tor;\n"
"perhaps it is not, by itself, enough to justify a change in terminology."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:87
msgid ""
"Another difference\n"
"from the method described by Freedman\n"
"is that the path is unidirectional - there is no \"turning point\" as "
"seen in onion routing\n"
"or mixmaster reply blocks, which greatly simplifies the algorithm and "
"allows for more flexible\n"
"and reliable delivery."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:97
#, python-format
msgid ""
"In some cases, \"garlic encryption\" may simply mean\n"
"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> encryption\n"
"(without multiple layers)."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:105
msgid "\"Garlic\" Methods in I2P"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:106
msgid ""
"Now that we've defined various \"garlic\" terms, we can say that\n"
"I2P uses garlic routing, bundling and encryption in three places:"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:111
msgid "For building and routing through tunnels (layered encryption)"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:112
msgid ""
"For determining the success or failure of end to end message delivery "
"(bundling)"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:113
msgid ""
"For publishing some network database entries (dampening the probability "
"of a successful traffic analysis attack) (ElGamal/AES)"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:116
msgid ""
"There are also significant ways that this technique can be used to "
"improve the performance of the network, \n"
"exploiting transport latency/throughput tradeoffs, and branching data "
"through redundant paths to increase reliability."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:122
msgid "Tunnel Building and Routing"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:123
msgid ""
"In I2P, tunnels are unidirectional. Each party builds two tunnels,\n"
"one for outbound and one for inbound traffic.\n"
"Therefore, four tunnels are required for a single round-trip message and "
"reply."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:129
#, python-format
msgid ""
"Tunnels are built, and then used, with layered encryption.\n"
"This is described on the\n"
"<a href=\"%(tunnelimpl)s\">tunnel implementation page</a>.\n"
"Tunnel building details are defined on\n"
"<a href=\"%(tunnelcreation)s\">this page</a>.\n"
"We use\n"
"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> for the encryption."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:141
#, python-format
msgid ""
"Tunnels are a general-purpose mechanism to transport all\n"
"<a href=\"%(i2np)s\">I2NP messages</a>, and\n"
"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Messages</a> are not used to "
"build tunnels.\n"
"We do not bundle multiple\n"
"<a href=\"%(i2np)s\">I2NP messages</a> into a single\n"
"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a> for unwrapping at "
"the outbound tunnel endpoint;\n"
"the tunnel encryption is sufficient."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:152
msgid "End-to-End Message Bundling"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:153
#, python-format
msgid ""
"At the layer above tunnels, I2P delivers end-to-end messages between\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>.\n"
"Just as within a single tunnel, we use\n"
"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> for the encryption."
"\n"
"Each client message as delivered to the router through the\n"
"<a href=\"%(i2cp)s\">I2CP interface</a> becomes a single\n"
"<a href=\"%(i2npspec)s#struct_GarlicClove\">Garlic Clove</a>\n"
"with its own\n"
"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
"Instructions</a>,\n"
"inside a\n"
"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a>.\n"
"Delivery Instructions may specify a Destination, Router, or Tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:171
msgid ""
"Generally, a Garlic Message will contain only one clove.\n"
"However, the router will periodically bundle two additional\n"
"cloves in the Garlic Message:"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:176
msgid "Garlic Message Cloves"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:179
#, python-format
msgid ""
"A\n"
"<a href=\"%(i2npspec)s#msg_DeliveryStatus\">Delivery Status Message</a>,\n"
"with\n"
"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
"Instructions</a>\n"
"specifying that it be sent back to the originating router as an "
"acknowledgment.\n"
"This is similar to the \"reply block\" or \"reply onion\"\n"
"described in the references.\n"
"It is used for determining the success or failure of end to end message "
"delivery.\n"
"The originating router may, upon failure to receive the Delivery Status "
"Message\n"
"within the expected time period, modify the routing to the far-end "
"Destination,\n"
"or take other actions."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:192
#, python-format
msgid ""
"A\n"
"<a href=\"%(i2npspec)s#msg_DatabaseStore\">Database Store Message</a>,\n"
"containing a\n"
"<a href=\"%(commonstructures)s#struct_LeaseSet\">LeaseSet</a>\n"
"for the originating Destination, with\n"
"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
"Instructions</a>\n"
"specifying the far-end destination's router.\n"
"By periodically bundling a LeaseSet, the router ensures that the far-end "
"will be able\n"
"to maintain communications.\n"
"Otherwise the far-end would have to query a floodfill router for the "
"network database entry,\n"
"and all LeaseSets would have to be published to the network database, as "
"explained on the\n"
"<a href=\"%(netdb)s\">network database page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:210
#, python-format
msgid ""
"By default, the Delivery Status and Database Store Messages\n"
"are bundled when the local LeaseSet changes, when additional\n"
"<a href=\"%(commonstructures)s#type_SessionTag\">Session Tags</a>\n"
"are delivered, or if the messages have not been bundled in the previous "
"minute.\n"
"As of release 0.9.2, the client may configure the default number of "
"Session Tags to send\n"
"and the low tag threshold for the current session.\n"
"See the <a href=\"%(i2cp)s#options\">I2CP options specification</a> for "
"details.\n"
"The session settings may also be overridden on a per-message basis.\n"
"See the <a href=\"%(i2cpspec)s#msg_SendMessageExpires\">I2CP Send Message"
" Expires specification</a> for details."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:224
msgid ""
"Obviously, the additional messages are currently bundled for specific "
"purposes,\n"
"and not part of a general-purpose routing scheme."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:229
msgid ""
"As of release 0.9.12, the Delivery Status Message is wrapped in another "
"Garlic Message\n"
"by the originator so that the contents are encrypted and not visible to "
"routers on the return path."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:235
msgid "Storage to the Floodfill Network Database"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:236
#, python-format
msgid ""
"As explained on the\n"
"<a href=\"%(netdb)s#delivery\">network database page</a>,\n"
"local\n"
"<a href=\"%(commonstructures)s#struct_LeaseSet\">LeaseSets</a>\n"
"are sent to floodfill routers in a\n"
"<a href=\"%(i2npspec)s#msg_DatabaseStore\">Database Store Message</a>\n"
"wrapped in a\n"
"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a>\n"
"so it is not visible to the tunnel's outbound gateway."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:252
#, python-format
msgid ""
"The Garlic Message mechanism is very flexible and provides a structure "
"for\n"
"implementing many types of mixnet delivery methods.\n"
"Together with the unused delay option in the\n"
"<a "
"href=\"%(tunnelmessage)s#struct_TunnelMessageDeliveryInstructions\">tunnel"
" message Delivery Instructions</a>,\n"
"a wide spectrum of batching, delay, mixing, and routing strategies are "
"possible."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:260
msgid ""
"In particular, there is potential for much more flexibility at the "
"outbound tunnel endpoint.\n"
"Messages could possibly be routed from there to one of several tunnels\n"
"(thus minimizing point-to-point connections), or multicast to several "
"tunnels\n"
"for redundancy, or streaming audio and video."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:267
msgid ""
"Such experiments may conflict with the need to ensure security and "
"anonymity, such\n"
"as limiting certain routing paths, restricting the types of I2NP messages"
" that may\n"
"be forwarded along various paths, and enforcing certain message "
"expiration times."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:273
#, python-format
msgid ""
"As a part of\n"
"<a href=\"%(elgamalaes)s\">ElGamal/AES encryption</a>,\n"
"a garlic message contains a sender\n"
"specified amount of padding data, allowing the sender to take active "
"countermeasures \n"
"against traffic analysis.\n"
"This is not currently used, beyond the requirement to pad to a multiple "
"of 16 bytes."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:282
#, python-format
msgid ""
"Encryption of additional messages to and from the\n"
"<a href=\"%(netdb)s#delivery\">floodfill routers</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:290
#: i2p2www/pages/site/docs/how/peer-selection.html:296
msgid "References"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:292
msgid ""
"The term garlic routing was first coined in Roger Dingledine's Free Haven"
" \n"
"<a href=\"http://www.freehaven.net/papers.html\">Master's thesis</a> "
"(June 2000),\n"
"see Section 8.1.1 authored by\n"
"<a href=\"http://www.cs.princeton.edu/~mfreed/\">Michael J. Freedman</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:299
msgid "Onion router publications"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:301
msgid "Onion Routing on Wikipedia"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:303
msgid "Garlic Routing on Wikipedia"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:305
#, python-format
msgid ""
"<a href=\"%(meeting58)s\">I2P Meeting 58</a> (2003) discussing the "
"implementation of garlic routing"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:311
msgid "Free Haven publications"
msgstr ""
#: i2p2www/pages/site/docs/how/garlic-routing.html:313
msgid ""
"Onion routing was first described in <a href=\"http://www.onion-"
"router.net/Publications/IH-1996.pdf\">Hiding Routing Information</a>\n"
"by David M. Goldschlag, Michael G. Reed, and Paul F. Syverson in 1996."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:2
msgid "A Gentle Introduction to How I2P Works"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:4
msgid ""
"I2P is a project to build, deploy, and maintain a network supporting "
"secure and anonymous\n"
"communication. People using I2P are in control of the tradeoffs between "
"anonymity, reliability,\n"
"bandwidth usage, and latency. There is no central point in the network on"
" which pressure can be\n"
"exerted to compromise the integrity, security, or anonymity of the "
"system. The network supports\n"
"dynamic reconfiguration in response to various attacks, and has been "
"designed to make use of\n"
"additional resources as they become available. Of course, all aspects of "
"the network are open and\n"
"freely available."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:14
msgid ""
"Unlike many other anonymizing networks, I2P doesn't try to provide "
"anonymity by hiding the\n"
"originator of some communication and not the recipient, or the other way "
"around. I2P is designed to\n"
"allow peers using I2P to communicate with each other anonymously &mdash; "
"both sender and recipient\n"
"are unidentifiable to each other as well as to third parties. For "
"example, today there are both\n"
"in-I2P web sites (allowing anonymous publishing / hosting) as well as "
"HTTP proxies to the normal web\n"
"(allowing anonymous web browsing). Having the ability to run servers "
"within I2P is essential, as it\n"
"is quite likely that any outbound proxies to the normal Internet will be "
"monitored, disabled, or\n"
"even taken over to attempt more malicious attacks."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:25
#, python-format
msgid ""
"The network itself is message oriented - it is essentially a secure and "
"anonymous IP layer, where\n"
"messages are addressed to cryptographic keys (Destinations) and can be "
"significantly larger than IP\n"
"packets. Some example uses of the network include \"eepsites\" "
"(webservers hosting normal web\n"
"applications within I2P), a BitTorrent client (\"I2PSnark\"), or a "
"distributed data store. With the\n"
"help of the <a href=\"%(i2ptunnel)s\">I2PTunnel</a> application, we are "
"able to stream traditional\n"
"TCP/IP applications over I2P, such as SSH, IRC, a squid proxy, and even "
"streaming audio. Most people\n"
"will not use I2P directly, or even need to know they're using it. Instead"
" their view will be of one\n"
"of the I2P enabled applications, or perhaps as a little controller app to"
" turn on and off various\n"
"proxies to enable the anonymizing functionality."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:37
#, python-format
msgid ""
"An essential part of designing, developing, and testing an anonymizing "
"network is to define the <a\n"
"href=\"%(threatmodel)s\">threat model</a>, since there is no such thing "
"as \"true\" anonymity, just\n"
"increasingly expensive costs to identify someone. Briefly, I2P's intent "
"is to allow people to\n"
"communicate in arbitrarily hostile environments by providing good "
"anonymity, mixed in with\n"
"sufficient cover traffic provided by the activity of people who require "
"less anonymity. This way,\n"
"some users can avoid detection by a very powerful adversary, while others"
" will try to evade a weaker\n"
"entity, <i>all on the same network</i>, where each one's messages are "
"essentially indistinguishable\n"
"from the others."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:48
msgid "Why?"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:49
#, python-format
msgid ""
"There are a multitude of reasons why we need a system to support "
"anonymous communication, and\n"
"everyone has their own personal rationale. There are many <a "
"href=\"%(comparisons)s\">other\n"
"efforts</a> working on finding ways to provide varying degrees of "
"anonymity to people through the\n"
"Internet, but we could not find any that met our needs or threat model."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:56
msgid "How?"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:58
#, python-format
msgid ""
"The network at a glance is made up of a set of nodes (\"routers\") with a"
" number of unidirectional\n"
"inbound and outbound virtual paths (\"tunnels\", as outlined on the <a "
"href=\"%(tunnelrouting)s\">tunnel routing</a> page). Each router is "
"identified by a cryptographic RouterIdentity which is\n"
"typically long lived. These routers communicate with each other through "
"existing transport\n"
"mechanisms (TCP, UDP, etc), passing various messages. Client applications"
" have their own\n"
"cryptographic identifier (\"Destination\") which enables it to send and "
"receive messages. These\n"
"clients can connect to any router and authorize the temporary allocation "
"(\"lease\") of some tunnels\n"
"that will be used for sending and receiving messages through the network."
" I2P has its own internal\n"
"<a href=\"%(netdb)s\">network database</a> (using a modification of the "
"Kademlia algorithm) for\n"
"distributing routing and contact information securely."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:71
msgid "Network topology example"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:73
msgid ""
"In the above, Alice, Bob, Charlie, and Dave are all running routers with "
"a single Destination on\n"
"their local router. They each have a pair of 2-hop inbound tunnels per "
"destination (labeled 1, 2, 3,\n"
"4, 5 and 6), and a small subset of each of those router's outbound tunnel"
" pool is shown with 2-hop\n"
"outbound tunnels. For simplicity, Charlie's inbound tunnels and Dave's "
"outbound tunnels are not\n"
"shown, nor are the rest of each router's outbound tunnel pool (typically "
"stocked with a few tunnels\n"
"at a time). When Alice and Bob talk to each other, Alice sends a message "
"out one of her (pink)\n"
"outbound tunnels targeting one of Bob's (green) inbound tunnels (tunnel 3"
" or 4). She knows to send\n"
"to those tunnels on the correct router by querying the network database, "
"which is constantly updated\n"
"as new leases are authorized and old ones expire."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:85
#, python-format
msgid ""
"If Bob wants to reply to Alice, he simply goes through the same process -"
" send a message out one of\n"
"his outbound tunnels targeting one of Alice's inbound tunnels (tunnel 1 "
"or 2). To make things\n"
"easier, most messages sent between Alice and Bob are <a "
"href=\"%(garlicrouting)s\">garlic</a>\n"
"wrapped, bundling the sender's own current lease information so that the "
"recipient can reply\n"
"immediately without having to look in the network database for the "
"current data."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:93
#, python-format
msgid ""
"To deal with a wide range of attacks, I2P is fully distributed with no "
"centralized resources - and\n"
"hence there are no directory servers keeping statistics regarding the "
"performance and reliability of\n"
"routers within the network. As such, each router must keep and maintain "
"profiles of various routers\n"
"and is responsible for selecting appropriate peers to meet the anonymity,"
" performance, and\n"
"reliability needs of the users, as described in the <a "
"href=\"%(peerselection)s\">peer selection</a>\n"
"page."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:102
#, python-format
msgid ""
"The network itself makes use of a significant number of <a "
"href=\"%(cryptography)s\">cryptographic\n"
"techniques and algorithms</a> - a full laundry list includes 2048bit "
"ElGamal encryption, 256bit AES\n"
"in CBC mode with PKCS#5 padding, 1024bit DSA signatures, SHA256 hashes, "
"2048bit Diffie-Hellman\n"
"negotiated connections with station to station authentication, and <a "
"href=\"%(elgamalaes)s\">ElGamal / AES+SessionTag</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:110
msgid ""
"Content sent over I2P is encrypted through three layers garlic encryption"
" (used to verify the\n"
"delivery of the message to the recipient), tunnel encryption (all "
"messages passing through a tunnel\n"
"is encrypted by the tunnel gateway to the tunnel endpoint), and inter "
"router transport layer\n"
"encryption (e.g. the TCP transport uses AES256 with ephemeral keys)."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:117
msgid ""
"End-to-end (I2CP) encryption (client application to server application) "
"was disabled in I2P release\n"
"0.6; end-to-end (garlic) encryption (I2P client router to I2P server "
"router) from Alice's router \"a\"\n"
"to Bob's router \"h\" remains. Notice the different use of terms! All "
"data from a to h is end-to-end\n"
"encrypted, but the I2CP connection between the I2P router and the "
"applications is not end-to-end\n"
"encrypted! A and h are the routers of Alice and Bob, while Alice and Bob "
"in following chart are the\n"
"applications running atop of I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:126
msgid "End to end layered encryption"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:128
#, python-format
msgid ""
"The specific use of these algorithms are outlined <a "
"href=\"%(cryptography)s\">elsewhere</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:132
msgid ""
"The two main mechanisms for allowing people who need strong anonymity to "
"use the network are\n"
"explicitly delayed garlic routed messages and more comprehensive tunnels "
"to include support for\n"
"pooling and mixing messages. These are currently planned for release 3.0,"
" but garlic routed messages\n"
"with no delays and FIFO tunnels are currently in place. Additionally, the"
" 2.0 release will allow\n"
"people to set up and operate behind restricted routes (perhaps with "
"trusted peers), as well as the\n"
"deployment of more flexible and anonymous transports."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:141
#, python-format
msgid ""
"Some questions have been raised with regards to the scalability of I2P, "
"and reasonably so. There\n"
"will certainly be more analysis over time, but peer lookup and "
"integration should be bounded by\n"
"<code>O(log(N))</code> due to the <a href=\"%(netdb)s\">network "
"database</a>'s algorithm, while end\n"
"to end messages should be <code>O(1)</code> (scale free), since messages "
"go out K hops through the\n"
"outbound tunnel and another K hops through the inbound tunnel, with K no "
"longer than 3. The size of\n"
"the network (N) bears no impact."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:150
msgid "When?"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:151
#, python-format
msgid ""
"I2P initially began in Feb 2003 as a proposed modification to <a\n"
"href=\"http://freenetproject.org\">Freenet</a> to allow it to use "
"alternate transports, such as <a\n"
"href=\"%(jms)s\">JMS</a>, then grew into its own as an\n"
"'anonCommFramework' in April 2003, turning into I2P in July, with code "
"being written in earnest\n"
"starting in August '03. I2P is currently under development, following the"
" <a href=\"%(roadmap)s\">roadmap</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:161
msgid "Who?"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:162
#, python-format
msgid ""
"We have a small <a href=\"%(team)s\">team</a> spread around several "
"continents, working to advance\n"
"different aspects of the project. We are very open to other developers "
"who want to get involved and\n"
"anyone else who would like to contribute in other ways, such as "
"critiques, peer review, testing,\n"
"writing I2P enabled applications, or documentation. The entire system is "
"open source - the router\n"
"and most of the SDK are outright public domain with some BSD and Cryptix "
"licensed code, while some\n"
"applications like I2PTunnel and I2PSnark are GPL. Almost everything is "
"written in Java (1.5+),\n"
"though some third party applications are being written in Python and "
"other languages. The code works\n"
"on <a href=\"http://java.com/en/\">Sun Java SE</a> and other Java Virtual"
" Machines."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:173
msgid "Where?"
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:174
#, python-format
msgid ""
"Anyone interested should join us on the IRC channel #i2p-dev (hosted "
"concurrently on irc.freenode.net,\n"
"irc.postman.i2p, irc.echelon.i2p, irc.dg.i2p and irc.oftc.net). There are"
" currently no\n"
"scheduled development meetings, however <a href=\"%(meetings)s\">archives"
" are available</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:180
#, python-format
msgid "The current source is available in <a href=\"%(monotone)s\">monotone</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/intro.html:185
#, python-format
msgid "See <a href=\"%(docs)s\">the Index to Technical Documentation</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:2
msgid "The Network Database"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:3
msgid "February 2016"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:8
msgid ""
"I2P's netDb is a specialized distributed database, containing \n"
"just two types of data - router contact information (<b>RouterInfos</b>) "
"and destination contact\n"
"information (<b>LeaseSets</b>). Each piece of data is signed by the "
"appropriate party and verified\n"
"by anyone who uses or stores it. In addition, the data has liveliness "
"information\n"
"within it, allowing irrelevant entries to be dropped, newer entries to "
"replace\n"
"older ones, and protection against certain classes of attack."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:17
msgid ""
"The netDb is distributed with a simple technique called \"floodfill\",\n"
"where a subset of all routers, called \"floodfill routers\", maintains "
"the distributed database."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:25
msgid ""
"When an I2P router wants to contact another router, they need to know "
"some \n"
"key pieces of data - all of which are bundled up and signed by the router"
" into\n"
"a structure called the \"RouterInfo\", which is distributed with the "
"SHA256 of the router's identity\n"
"as the key. The structure itself contains:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:32
msgid ""
"The router's identity (a 2048bit ElGamal encryption key, a signing key, "
"and a certificate)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:33
msgid ""
"The contact addresses at which it can be reached (e.g. TCP: example.org "
"port 4108)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:34
msgid "When this was published"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:35
msgid "A set of arbitrary text options"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:36
msgid "The signature of the above, generated by the identity's signing key"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:39
msgid "Expected Options"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:41
msgid ""
"The following text options, while not strictly required, are expected\n"
"to be present:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:47
msgid ""
"Capabilities flags - used to indicate floodfill participation, "
"approximate bandwidth, and perceived reachability"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:49
#: i2p2www/pages/site/docs/how/network-database.html:287
msgid "Floodfill"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:50
msgid "Hidden"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:51
#, python-format
msgid "Under %(amount)s shared bandwidth"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:52
#: i2p2www/pages/site/docs/how/network-database.html:53
#: i2p2www/pages/site/docs/how/network-database.html:54
#: i2p2www/pages/site/docs/how/network-database.html:55
#: i2p2www/pages/site/docs/how/network-database.html:56
#, python-format
msgid "%(amount)s shared bandwidth"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:52
msgid "default"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:57
msgid "Reachable"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:58
msgid "Unreachable"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:59
#, python-format
msgid "Over %(amount)s shared bandwidth"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:66
msgid "The core library version, always the same as the router version"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:70
msgid ""
"Basic network compatibility - A router will refuse to communicate with a "
"peer having a different netId"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:73
msgid "Used to determine compatibility with newer features and messages"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:76
msgid ""
"Always sent as 90m, for compatibility with an older scheme where routers "
"published their actual uptime,\n"
"and only sent tunnel requests to peers whose uptime was more than 60m"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:82
msgid ""
"These values are used by other routers for basic decisions.\n"
"Should we connect to this router? Should we attempt to route a tunnel "
"through this router?\n"
"The bandwidth capability flag, in particular, is used only to determine "
"whether\n"
"the router meets a minimum threshold for routing tunnels.\n"
"Above the minimum threshold, the advertised bandwidth is not used or "
"trusted anywhere\n"
"in the router, except for display in the user interface and for debugging"
" and network analysis."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:91
msgid "Additional Options"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:93
#, python-format
msgid ""
"Additional text options include\n"
"a small number of statistics about the router's health, which are "
"aggregated by\n"
"sites such as <a href=\"http://%(stats)s/\">%(stats)s</a>\n"
"for network performance analysis and debugging.\n"
"These statistics were chosen to provide data crucial to the developers,\n"
"such as tunnel build success rates, while balancing the need for such "
"data\n"
"with the side-effects that could result from revealing this data.\n"
"Current statistics are limited to:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:104
msgid "Exploratory tunnel build success, reject, and timeout rates"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:105
msgid "1 hour average number of participating tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:108
msgid ""
"Floodfill routers publish additional data on the number of entries in "
"their network database."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:112
msgid ""
"The data published can be seen in the router's user interface,\n"
"but is not used or trusted within the router.\n"
"As the network has matured, we have gradually removed most of the "
"published\n"
"statistics to improve anonymity, and we plan to remove more in future "
"releases."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:119
msgid "Family Options"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:121
msgid ""
"As of release 0.9.24, routers may declare that they are part of a "
"\"family\", operated by the same entity.\n"
"Multiple routers in the same family will not be used in a single tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:126
msgid "The family options are:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:132
msgid "The family name"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:147
msgid "RouterInfo Expiration"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:148
msgid ""
"RouterInfos have no set expiration time.\n"
"Each router is free to maintain its own local policy to trade off the "
"frequency of RouterInfo lookups\n"
"with memory or disk usage.\n"
"In the current implementation, there are the following general policies:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:155
msgid ""
"There is no expiration during the first hour of uptime, as the persistent"
" stored data may be old."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:158
msgid "There is no expiration if there are 25 or less RouterInfos."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:161
msgid ""
"As the number of local RouterInfos grows, the expiration time shrinks, in"
" an attempt to maintain\n"
"a reasonable number RouterInfos. The expiration time with less than 120 "
"routers is 72 hours,\n"
"while expiration time with 300 routers is around 30 hours."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:166
#, python-format
msgid ""
"RouterInfos containing <a href=\"%(ssu)s\">SSU</a> introducers expire in "
"about an hour, as\n"
"the introducer list expires in about that time."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:170
msgid ""
"Floodfills use a short expiration time (1 hour) for all local "
"RouterInfos, as valid RouterInfos will\n"
"be frequently republished to them."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:176
msgid "RouterInfo Persistent Storage"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:178
msgid ""
"RouterInfos are periodically written to disk so that they are available "
"after a restart."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:186
msgid "RouterInfo specification"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:189
msgid "RouterInfo Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:194
msgid ""
"The second piece of data distributed in the netDb is a \"LeaseSet\" - "
"documenting\n"
"a group of <b>tunnel entry points (leases)</b> for a particular client "
"destination.\n"
"Each of these leases specify the following information:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:200
msgid "The tunnel gateway router (by specifying its identity)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:201
msgid "The tunnel ID on that router to send messages with (a 4 byte number)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:202
msgid "When that tunnel will expire."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:204
msgid ""
"The LeaseSet itself is stored in the netDb under\n"
"the key derived from the SHA256 of the destination."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:209
msgid "In addition to these leases, the LeaseSet includes:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:213
msgid ""
"The destination itself (a 2048bit ElGamal encryption key, a signing key "
"and a certificate)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:214
msgid ""
"Additional encryption public key: used for end-to-end encryption of "
"garlic messages"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:215
msgid ""
"Additional signing public key: intended for LeaseSet revocation, but is "
"currently unused."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:216
msgid ""
"Signature of all the LeaseSet data, to make sure the Destination "
"published the LeaseSet."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:220
msgid "Lease specification"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:222
msgid "LeaseSet specification"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:225
msgid "Lease Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:227
msgid "LeaseSet Javadoc"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:231
msgid "Unpublished LeaseSets"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:232
msgid ""
"A LeaseSet for a destination used only for outgoing connections is "
"<i>unpublished</i>.\n"
"It is never sent for publication to a floodfill router.\n"
"\"Client\" tunnels, such as those for web browsing and IRC clients, are "
"unpublished.\n"
"Servers will still be able to send messages back to those unpublished "
"destinations,\n"
"because of <a href=\"#leaseset_storage_peers\">I2NP storage messages</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:242
msgid "Revoked LeaseSets"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:243
msgid ""
"A LeaseSet may be <i>revoked</i> by publishing a new LeaseSet with zero "
"leases.\n"
"Revocations must be signed by the additional signing key in the LeaseSet."
"\n"
"Revocations are not fully implemented, and it is unclear if they have any"
" practical use.\n"
"This is the only planned use for that signing key, so it is currently "
"unused."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:250
msgid "Encrypted LeaseSets"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:251
msgid ""
"In an <i>encrypted</i> LeaseSet, all Leases are encrypted with a separate"
" key.\n"
"The leases may only be decoded, and thus the destination may only be "
"contacted,\n"
"by those with the key.\n"
"There is no flag or other direct indication that the LeaseSet is "
"encrypted.\n"
"Encrypted LeaseSets are not widely used, and it is a topic for future "
"work to\n"
"research whether the user interface and implementation of encrypted "
"LeaseSets could be improved."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:260
msgid "LeaseSet Expiration"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:261
msgid ""
"All Leases (tunnels) are valid for 10 minutes; therefore, a LeaseSet "
"expires\n"
"10 minutes after the earliest creation time of all its Leases."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:266
msgid "LeaseSet Persistent Storage"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:267
msgid ""
"There is no persistent storage of LeaseSet data since they expire so "
"quickly."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:272
msgid "Bootstrapping"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:273
msgid ""
"The netDb is decentralized, however you do need at\n"
"least one reference to a peer so that the integration process\n"
"ties you in. This is accomplished by \"reseeding\" your router with the "
"RouterInfo\n"
"of an active peer - specifically, by retrieving their "
"<code>routerInfo-$hash.dat</code>\n"
"file and storing it in your <code>netDb/</code> directory. Anyone can "
"provide\n"
"you with those files - you can even provide them to others by exposing "
"your own\n"
"netDb directory. To simplify the process,\n"
"volunteers publish their netDb directories (or a subset) on the regular "
"(non-i2p) network,\n"
"and the URLs of these directories are hardcoded in I2P.\n"
"When the router starts up for the first time, it automatically fetches "
"from\n"
"one of these URLs, selected at random."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:288
msgid ""
"The floodfill netDb is a simple distributed storage mechanism.\n"
"The storage algorithm is simple: send the data to the closest peer that "
"has advertised itself\n"
"as a floodfill router. Then wait 10 seconds, pick another floodfill "
"router and ask them \n"
"for the entry to be sent, verifying its proper insertion / distribution. "
"If the \n"
"verification peer doesn't reply, or they don't have the entry, the sender"
" \n"
"repeats the process. When the peer in the floodfill netDb receives a "
"netDb \n"
"store from a peer not in the floodfill netDb, they send it to a subset of"
" the floodfill netDb-peers.\n"
"The peers selected are the ones closest (according to the <a "
"href=\"#kademlia_closeness\">XOR-metric</a>) to a specific key."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:299
msgid ""
"Determining who is part of the floodfill netDb is trivial - it is exposed"
" in each \n"
"router's published routerInfo as a capability."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:304
msgid ""
"Floodfills have no central authority and do not form a \"consensus\" -\n"
"they only implement a simple DHT overlay."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:311
msgid "Floodfill Router Opt-in"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:313
msgid ""
"Unlike Tor, where the directory servers are hardcoded and trusted,\n"
"and operated by known entities,\n"
"the members of the I2P floodfill peer set need not be trusted, and\n"
"change over time."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:320
msgid ""
"To increase reliability of the netDb, and minimize the impact\n"
"of netDb traffic on a router, floodfill is automatically enabled\n"
"only on routers that are configured with high bandwidth limits.\n"
"Routers with high bandwidth limits (which must be manually configured,\n"
"as the default is much lower) are presumed to be on lower-latency\n"
"connections, and are more likely to be available 24/7.\n"
"The current minimum share bandwidth for a floodfill router is 128 "
"KBytes/sec."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:330
msgid ""
"In addition, a router must pass several additional tests for health\n"
"(outbound message queue time, job lag, etc.) before floodfill operation "
"is\n"
"automatically enabled."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:336
msgid ""
"With the current rules for automatic opt-in, approximately 6&#37; of\n"
"the routers in the network are floodfill routers."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:341
msgid ""
"While some peers are manually configured to be floodfill,\n"
"others are simply high-bandwidth routers who automatically volunteer\n"
"when the number of floodfill peers drops below a threshold.\n"
"This prevents any long-term network damage from losing most or all\n"
"floodfills to an attack.\n"
"In turn, these peers will un-floodfill themselves when there are\n"
"too many floodfills outstanding."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:351
msgid "Floodfill Router Roles"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:352
msgid ""
"A floodfill router's only services that are in addition to those of non-"
"floodfill routers\n"
"are in accepting netDb stores and responding to netDb queries.\n"
"Since they are generally high-bandwidth, they are more likely to "
"participate in a high number of tunnels\n"
"(i.e. be a \"relay\" for others), but this is not directly related to "
"their distributed database services."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:360
msgid "Kademlia Closeness Metric"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:361
msgid ""
"The netDb uses a simple Kademlia-style XOR metric to determine closeness."
"\n"
"The SHA256 hash of the key being looked up or stored is XOR-ed with\n"
"the hash of the router in question to determine closeness.\n"
"A modification to this algorithm is done to increase the costs of <a href"
"=\"#sybil-partial\">Sybil attacks</a>.\n"
"Instead of the SHA256 hash of the key being looked up of stored, the "
"SHA256 hash is taken\n"
"of the 32-byte binary search key appended with the UTC date represented "
"as an 8-byte ASCII string yyyyMMdd, i.e. SHA256(key + yyyyMMdd).\n"
"This is called the \"routing key\", and it changes every day at midnight "
"UTC.\n"
"Only the search key is modified in this way, not the floodfill router "
"hashes.\n"
"The daily transformation of the DHT is sometimes called \"keyspace "
"rotation\",\n"
"although it isn't strictly a rotation."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:374
msgid ""
"Routing keys are never sent on-the-wire in any I2NP message, they are "
"only used locally for\n"
"determination of distance."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:381
msgid "Storage, Verification, and Lookup Mechanics"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:383
msgid "RouterInfo Storage to Peers"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:384
#, python-format
msgid ""
"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessages containing the local "
"RouterInfo are exchanged with peers\n"
"as a part of the initialization of a <a href=\"%(ntcp)s\">NTCP</a>\n"
"or <a href=\"%(ssu)s\">SSU</a> transport connection."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:391
msgid "LeaseSet Storage to Peers"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:392
#, python-format
msgid ""
"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessages containing the local "
"LeaseSet are periodically exchanged with peers\n"
"by bundling them in a garlic message along with normal traffic from the "
"related Destination.\n"
"This allows an initial response, and later responses, to be sent to an "
"appropriate Lease,\n"
"without requiring any LeaseSet lookups, or requiring the communicating "
"Destinations to have published LeaseSets at all."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:400
msgid ""
"The DatabaseStoreMessage should be sent to the floodfill that is closest\n"
"to the current routing key for the RouterInfo or LeaseSet being stored.\n"
"Currently, the closest floodfill is found by a search in the local "
"database.\n"
"Even if that floodfill is not actually closest, it will flood it "
"\"closer\" by\n"
"sending it to multiple other floodfills.\n"
"This provides a high degree of fault-tolerance."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:409
msgid ""
"In traditional Kademlia, a peer would do a \"find-closest\" search before"
" inserting\n"
"an item in the DHT to the closest target. As the verify operation will "
"tend to\n"
"discover closer floodfills if they are present, a router will quickly "
"improve\n"
"its knowledge of the DHT \"neighborhood\" for the RouterInfo and "
"LeaseSets it regularly publishes.\n"
"While I2NP does not define a \"find-closest\" message, if it becomes "
"necessary,\n"
"a router may simply do an iterative search for a key with the least "
"significant bit flipped\n"
"(i.e. key ^ 0x01) until no closer peers are received in the "
"DatabaseSearchReplyMessages.\n"
"This ensures that the true closest peer will be found even if a more-"
"distant peer had\n"
"the netdb item."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:422
msgid "RouterInfo Storage to Floodfills"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:423
#, python-format
msgid ""
"A router publishes its own RouterInfo by directly connecting to a "
"floodfill router\n"
"and sending it a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
"with a nonzero Reply Token. The message is not end-to-end garlic "
"encrypted,\n"
"as this is a direct connection, so there are no intervening routers\n"
"(and no need to hide this data anyway).\n"
"The floodfill router replies with a\n"
"<a href=\"%(i2np)s\">I2NP</a> DeliveryStatusMessage,\n"
"with the Message ID set to the value of the Reply Token."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:437
msgid "LeaseSet Storage to Floodfills"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:438
msgid ""
"Storage of LeaseSets is much more sensitive than for RouterInfos, as a "
"router\n"
"must take care that the LeaseSet cannot be associated with the router."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:443
#, python-format
msgid ""
"A router publishes a local LeaseSet by\n"
"sending a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
"with a nonzero Reply Token over an outbound client tunnel for that "
"Destination.\n"
"The message is end-to-end garlic encrypted using the Destination's "
"Session Key Manager,\n"
"to hide the message from the tunnel's outbound endpoint.\n"
"The floodfill router replies with a\n"
"<a href=\"%(i2np)s\">I2NP</a> DeliveryStatusMessage,\n"
"with the Message ID set to the value of the Reply Token.\n"
"This message is sent back to one of the client's inbound tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:456
msgid "Flooding"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:457
#, python-format
msgid ""
"After a floodfill router receives a DatabaseStoreMessage containing a\n"
"valid RouterInfo or LeaseSet which is newer than that previously stored "
"in its\n"
"local NetDb, it \"floods\" it.\n"
"To flood a NetDb entry, it looks up several (currently %(floodsize)s) "
"floodfill routers closest to the routing key\n"
"of the NetDb entry. (The routing key is the SHA256 Hash of the "
"RouterIdentity or Destination with the date (yyyyMMdd) appended.)\n"
"By flooding to those closest to the key, not closest to itself, the "
"floodfill ensures that the storage\n"
"gets to the right place, even if the storing router did not have good "
"knowledge of the\n"
"DHT \"neighborhood\" for the routing key."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:468
#, python-format
msgid ""
"The floodfill then directly connects to each of those peers\n"
"and sends it a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
"with a zero Reply Token. The message is not end-to-end garlic encrypted,\n"
"as this is a direct connection, so there are no intervening routers\n"
"(and no need to hide this data anyway).\n"
"The other routers do not reply or re-flood, as the Reply Token is zero."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:478
msgid "RouterInfo and LeaseSet Lookup"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:479
#, python-format
msgid ""
"The <a href=\"%(i2np)s\">I2NP</a> DatabaseLookupMessage is used to "
"request a netdb entry from a floodfill router.\n"
"Lookups are sent out one of the router's outbound exploratory tunnels.\n"
"The replies are specified to return via one of the router's inbound "
"exploratory tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:485
msgid ""
"Lookups are generally sent to the two \"good\" (the connection doesn't "
"fail) floodfill routers closest to the requested key, in parallel."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:489
#, python-format
msgid ""
"If the key is found locally by the floodfill router, it responds with a\n"
"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage.\n"
"If the key is not found locally by the floodfill router, it responds with"
" a\n"
"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage\n"
"containing a list of other floodfill routers close to the key."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:497
msgid ""
"LeaseSet lookups are garlic encrypted end-to-end as of release 0.9.5.\n"
"RouterInfo lookups are not encrypted and thus are vulnerable to snooping "
"by the outbound endpoint\n"
"(OBEP) of the client tunnel. This is due to the expense of the ElGamal "
"encryption.\n"
"RouterInfo lookup encryption may be enabled in a future release."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:504
msgid ""
"As of release 0.9.7, replies to a LeaseSet lookup (a DatabaseStoreMessage"
" or a DatabaseSearchReplyMessage)\n"
"will be encrypted by including the session key and tag in the lookup.\n"
"This hides the reply from the inbound gateway (IBGW) of the reply tunnel."
"\n"
"Responses to RouterInfo lookups will be encrypted if we enable the lookup"
" encryption."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:511
#, python-format
msgid ""
"(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Sections "
"2.2-2.3 for terms below in italics)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:515
msgid ""
"Due to the relatively small size of the network and the flooding "
"redundancy of 8x,\n"
"lookups are usually O(1) rather than O(log n) --\n"
"a router is highly likely to know a floodfill router close enough to the "
"key to get the answer on the first try.\n"
"In releases prior to 0.8.9, routers used a lookup redundancy of two\n"
"(that is, two lookups were performed in parallel to different peers), and"
"\n"
"neither <i>recursive</i> nor <i>iterative</i> routing for lookups was "
"implemented.\n"
"Queries were sent through <i>multiple routes simultaneously</i>\n"
"to <i>reduce the chance of query failure</i>."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:526
msgid ""
"As of release 0.8.9, <i>iterative lookups</i> are implemented with no "
"lookup redundancy.\n"
"This is a more efficient and reliable lookup that will work much better\n"
"when not all floodfill peers are known, and it removes a serious\n"
"limitation to network growth. As the network grows and each router knows "
"only a small\n"
"subset of the floodfill peers, lookups will become O(log n).\n"
"Even if the peer does not return references closer to the key, the lookup"
" continues with\n"
"the next-closest peer, for added robustness, and to prevent a malicious "
"floodfill from\n"
"black-holing a part of the key space. Lookups continue until a total "
"lookup timeout is reached,\n"
"or the maximum number of peers is queried."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:538
msgid ""
"<i>Node IDs</i> are <i>verifiable</i> in that we use the router hash "
"directly as both the node ID and the Kademlia key.\n"
"Incorrect responses that are not closer to the search key are generally "
"ignored.\n"
"Given the current size of the network, a router has\n"
"<i>detailed knowledge of the neighborhood of the destination ID space</i>."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:547
msgid "RouterInfo Storage Verification"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:548
#, python-format
msgid ""
"Note: RouterInfo verification is disabled as of release 0.9.7.1 to "
"prevent\n"
"the attack described in the paper\n"
"<a href=\"%(egger2013)s\">Practical Attacks Against the I2P Network</a>.\n"
"It is not clear if verification can be redesigned to be done safely."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:555
msgid ""
"To verify a storage was successful, a router simply waits about 10 "
"seconds,\n"
"then sends a lookup to another floodfill router close to the key\n"
"(but not the one the store was sent to).\n"
"Lookups sent out one of the router's outbound exploratory tunnels.\n"
"Lookups are end-to-end garlic encrypted to prevent snooping by the "
"outbound endpoint(OBEP)."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:563
msgid "LeaseSet Storage Verification"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:564
msgid ""
"To verify a storage was successful, a router simply waits about 10 "
"seconds,\n"
"then sends a lookup to another floodfill router close to the key\n"
"(but not the one the store was sent to).\n"
"Lookups sent out one of the outbound client tunnels for the destination "
"of the LeaseSet being verified.\n"
"To prevent snooping by the OBEP of the outbound tunnel,\n"
"lookups are end-to-end garlic encrypted.\n"
"The replies are specified to return via one of the client's inbound "
"tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:574
msgid ""
"As of release 0.9.7, replies for both RouterInfo and LeaseSet lookups (a "
"DatabaseStoreMessage or a DatabaseSearchReplyMessage)\n"
"will be encrypted,\n"
"to hide the reply from the inbound gateway (IBGW) of the reply tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:582
msgid "Exploration"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:583
#, python-format
msgid ""
"<i>Exploration</i> is a special form of netdb lookup, where a router "
"attempts to learn about\n"
"new routers.\n"
"It does this by sending a floodfill router a <a "
"href=\"%(i2np)s\">I2NP</a> DatabaseLookupMessage, looking for a random "
"key.\n"
"As this lookup will fail, the floodfill would normally respond with a\n"
"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage containing "
"hashes of floodfill routers close to the key.\n"
"This would not be helpful, as the requesting router probably already "
"knows those floodfills,\n"
"and it would be impractical to add ALL floodfill routers to the \"don't "
"include\" field of the lookup.\n"
"For an exploration query, the requesting router adds a router hash of all"
" zeros to the\n"
"\"don't include\" field of the DatabaseLookupMessage.\n"
"The floodfill will then respond only with non-floodfill routers close to "
"the requested key."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:597
msgid "Notes on Lookup Responses"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:598
msgid ""
"The response to a lookup request is either a Database Store Message (on "
"success) or a\n"
"Database Search Reply Message (on failure). The DSRM contains a 'from' "
"router hash field\n"
"to indicate the source of the reply; the DSM does not.\n"
"The DSRM 'from' field is unauthenticated and may be spoofed or invalid.\n"
"There are no other response tags. Therefore, when making multiple "
"requests in parallel, it is\n"
"difficult to monitor the performance of the various floodfill routers."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:608
msgid "MultiHoming"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:610
msgid ""
"Destinations may be hosted on multiple routers simultaneously, by using "
"the same\n"
"private and public keys (traditionally stored in eepPriv.dat files).\n"
"As both instances will periodically publish their signed LeaseSets to the"
" floodfill peers,\n"
"the most recently published LeaseSet will be returned to a peer "
"requesting a database lookup.\n"
"As LeaseSets have (at most) a 10 minute lifetime, should a particular "
"instance go down,\n"
"the outage will be 10 minutes at most, and generally much less than that."
"\n"
"The multihoming function has been verified and is in use by several "
"services on the network."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:620
msgid "Threat Analysis"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:621
#, python-format
msgid ""
"Also discussed on <a href=\"%(threatmodel)s#floodfill\">the threat model "
"page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:625
msgid ""
"A hostile user may attempt to harm the network by\n"
"creating one or more floodfill routers and crafting them to offer\n"
"bad, slow, or no responses.\n"
"Some scenarios are discussed below."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:632
msgid "General Mitigation Through Growth"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:633
#, python-format
msgid ""
"There are currently around %(ffcount)s floodfill routers in the network.\n"
"Most of the following attacks will become more difficult, or have less "
"impact,\n"
"as the network size and number of floodfill routers increase."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:640
msgid "General Mitigation Through Redundancy"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:641
#, python-format
msgid ""
"Via flooding, all netdb entries are stored on the %(floodsize)s floodfill"
" routers closest to the key."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:646
msgid "Forgeries"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:647
msgid ""
"All netdb entries are signed by their creators, so no router may forge a\n"
"RouterInfo or LeaseSet."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:652
msgid "Slow or Unresponsive"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:653
#, python-format
msgid ""
"Each router maintains an expanded set of statistics in the\n"
"<a href=\"%(peerselection)s\">peer profile</a> for each floodfill router,"
"\n"
"covering various quality metrics for that peer.\n"
"The set includes:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:660
msgid "Average response time"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:661
msgid "Percentage of queries answered with the data requested"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:662
msgid "Percentage of stores that were successfully verified"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:663
msgid "Last successful store"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:664
msgid "Last successful lookup"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:665
msgid "Last response"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:668
msgid ""
"Each time a router needs to make a determination on which floodfill "
"router is closest to a key,\n"
"it uses these metrics to determine which floodfill routers are \"good\".\n"
"The methods, and thresholds, used to determine \"goodness\" are "
"relatively new, and\n"
"are subject to further analysis and improvement.\n"
"While a completely unresponsive router will quickly be identified and "
"avoided,\n"
"routers that are only sometimes malicious may be much harder to deal with."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:678
msgid "Sybil Attack (Full Keyspace)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:679
#, python-format
msgid ""
"An attacker may mount a <a href=\"%(url)s\">Sybil attack</a>\n"
"by creating a large number of floodfill routers spread throughout the "
"keyspace."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:684
#, python-format
msgid ""
"(In a related example, a researcher recently created a\n"
"<a href=\"%(url)s\">large number of Tor relays</a>.)\n"
"If successful, this could be an effective DOS attack on the entire "
"network."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:690
msgid ""
"If the floodfills are not sufficiently misbehaving to be marked as "
"\"bad\" using the peer profile\n"
"metrics described above, this is a difficult scenario to handle.\n"
"Tor's response can be much more nimble in the relay case, as the "
"suspicious relays\n"
"can be manually removed from the consensus.\n"
"Some possible responses for the I2P network are listed below, however "
"none of them is completely satisfactory:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:698
msgid ""
"Compile a list of bad router hashes or IPs, and announce the list through"
" various means\n"
"(console news, website, forum, etc.); users would have to manually "
"download the list and\n"
"add it to their local \"blacklist\"."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:703
msgid ""
"Ask everyone in the network to enable floodfill manually (fight Sybil "
"with more Sybil)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:704
msgid "Release a new software version that includes the hardcoded \"bad\" list"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:705
msgid ""
"Release a new software version that improves the peer profile metrics and"
" thresholds,\n"
"in an attempt to automatically identify the \"bad\" peers."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:709
msgid ""
"Add software that disqualifies floodfills if too many of them are in a "
"single IP block"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:710
msgid ""
"Implement an automatic subscription-based blacklist controlled by a "
"single individual or group.\n"
"This would essentially implement a portion of the Tor \"consensus\" "
"model.\n"
"Unfortunately it would also give a single individual or group the power "
"to\n"
"block participation of any particular router or IP in the network,\n"
"or even to completely shutdown or destroy the entire network."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:719
msgid "This attack becomes more difficult as the network size grows."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:725
msgid "Sybil Attack (Partial Keyspace)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:726
#, python-format
msgid ""
"An attacker may mount a <a href=\"%(url)s\">Sybil attack</a>\n"
"by creating a small number (8-15) of floodfill routers clustered closely "
"in the keyspace,\n"
"and distribute the RouterInfos for these routers widely.\n"
"Then, all lookups and stores for a key in that keyspace would be directed"
"\n"
"to one of the attacker's routers.\n"
"If successful, this could be an effective DOS attack on a particular "
"eepsite, for example."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:735
msgid ""
"As the keyspace is indexed by the cryptographic (SHA256) Hash of the key,"
"\n"
"an attacker must use a brute-force method to repeatedly generate router "
"hashes\n"
"until he has enough that are sufficiently close to the key.\n"
"The amount of computational power required for this, which is dependent "
"on network\n"
"size, is unknown."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:743
msgid ""
"As a partial defense against this attack,\n"
"the algorithm used to determine Kademlia \"closeness\" varies over time.\n"
"Rather than using the Hash of the key (i.e. H(k)) to determine closeness,"
"\n"
"we use the Hash of the key appended with the current date string, i.e. "
"H(k + YYYYMMDD).\n"
"A function called the \"routing key generator\" does this, which "
"transforms the original key into a \"routing key\".\n"
"In other words, the entire netdb keyspace \"rotates\" every day at UTC "
"midnight.\n"
"Any partial-keyspace attack would have to be regenerated every day, for\n"
"after the rotation, the attacking routers would no longer be close\n"
"to the target key, or to each other."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:755
msgid ""
"This attack becomes more difficult as the network size grows.\n"
"However, recent research demonstrates that the keyspace rotation is not "
"particularly effective.\n"
"An attacker can precompute numerous router hashes in advance,\n"
"and only a few routers are sufficient to \"eclipse\" a portion\n"
"of the keyspace within a half hour after rotation."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:763
msgid ""
"One consequence of daily keyspace rotation is that the distributed "
"network database\n"
"may become unreliable for a few minutes after the rotation --\n"
"lookups will fail because the new \"closest\" router has not received a "
"store yet.\n"
"The extent of the issue, and methods for mitigation\n"
"(for example netdb \"handoffs\" at midnight)\n"
"are a topic for further study."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:773
msgid "Bootstrap Attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:774
msgid ""
"An attacker could attempt to boot new routers into an isolated\n"
"or majority-controlled network by taking over a reseed website,\n"
"or tricking the developers into adding his reseed website\n"
"to the hardcoded list in the router."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:781
msgid "Several defenses are possible, and most of these are planned:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:785
msgid ""
"Disallow fallback from HTTPS to HTTP for reseeding.\n"
"A MITM attacker could simply block HTTPS, then respond to the HTTP."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:789
msgid "Bundling reseed data in the installer"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:792
msgid "Defenses that are implemented:"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:796
msgid ""
"Changing the reseed task to fetch a subset of RouterInfos from\n"
"each of several reseed sites rather than using only a single site"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:800
msgid ""
"Creating an out-of-network reseed monitoring service that\n"
"periodically polls reseed websites and verifies that the\n"
"data are not stale or inconsistent with other views of the network"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:805
msgid ""
"As of release 0.9.14, reseed data is bundled into a signed zip file and\n"
"the signature is verified when downloaded."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:813
msgid "Query Capture"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:814
#, python-format
msgid ""
"See also <a href=\"#lookup\">lookup</a>\n"
"(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Sections "
"2.2-2.3 for terms below in italics)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:819
msgid ""
"Similar to a bootstrap attack, an attacker using a floodfill router could"
" attempt to \"steer\"\n"
"peers to a subset of routers controlled by him by returning their "
"references."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:824
msgid ""
"This is unlikely to work via exploration, because exploration is a low-"
"frequency task.\n"
"Routers acquire a majority of their peer references through normal tunnel"
" building activity.\n"
"Exploration results are generally limited to a few router hashes,\n"
"and each exploration query is directed to a random floodfill router."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:831
#, python-format
msgid ""
"As of release 0.8.9, <i>iterative lookups</i> are implemented.\n"
"For floodfill router references returned in a\n"
"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage\n"
"response to a lookup,\n"
"these references are followed if they are closer (or the next closest) to"
" the lookup key.\n"
"The requesting router does not trust that the references are\n"
"closer to the key (i.e. they are <i>verifiably correct</i>.\n"
"The lookup also does not stop when no closer key is found, but continues "
"by querying the\n"
"next-closet node, until the timeout or maximum number of queries is "
"reached.\n"
"This prevents a malicious floodfill from black-holing a part of the key "
"space.\n"
"Also, the daily keyspace rotation requires an attacker to regenerate a "
"router info\n"
"within the desired key space region.\n"
"This design ensures that the query capture attack described in\n"
"<a href=\"%(pdf)s\">Hashing it out in Public</a>\n"
"is much more difficult."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:850
msgid "DHT-Based Relay Selection"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:851
#, python-format
msgid "(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Section 3)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:855
#, python-format
msgid ""
"This doesn't have much to do with floodfill, but see\n"
"the <a href=\"%(peerselection)s\">peer selection page</a>\n"
"for a discussion of the vulnerabilities of peer selection for tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:861
msgid "Information Leaks"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:862
#, python-format
msgid ""
"(Reference: <a href=\"%(pdf)s\">In Search of an Anonymous and Secure "
"Lookup</a> Section 3)"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:866
#, python-format
msgid ""
"This paper addresses weaknesses in the \"Finger Table\" DHT lookups used "
"by Torsk and NISAN.\n"
"At first glance, these do not appear to apply to I2P. First, the use of "
"DHT by Torsk and NISAN\n"
"is significantly different from that in I2P. Second, I2P's network "
"database lookups are only\n"
"loosely correlated to the <a href=\"%(peerselection)s\">peer "
"selection</a> and\n"
"<a href=\"%(tunnelrouting)s\">tunnel building</a> processes; only "
"previously-known peers\n"
"are used for tunnels.\n"
"Also, peer selection is unrelated to any notion of DHT key-closeness."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:877
msgid ""
"Some of this may actually be more interesting when the I2P network gets "
"much larger.\n"
"Right now, each router knows a large proportion of the network, so "
"looking up a particular\n"
"Router Info in the network database is not strongly indicative of a "
"future intent to use\n"
"that router in a tunnel. Perhaps when the network is 100 times larger, "
"the lookup may be\n"
"more correlative. Of course, a larger network makes a Sybil attack that "
"much harder."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:885
#, python-format
msgid ""
"However, the general issue of DHT information leakage in I2P needs "
"further investigation.\n"
"The floodfill routers are in a position to observe queries and gather "
"information.\n"
"Certainly, at a level of <i>f</i> = 0.2 (20&#37; malicious nodes, as "
"specifed in the paper)\n"
"we expect that many of the Sybil threats we describe\n"
"(<a href=\"%(threatmodel)s#sybil\">here</a>,\n"
"<a href=\"#sybil\">here</a> and\n"
"<a href=\"#sybil-partial\">here</a>)\n"
"become problematic for several reasons."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:899
msgid "Moved to the netdb discussion page"
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:903
msgid "End-to-end encryption of additional netDb lookups and responses."
msgstr ""
#: i2p2www/pages/site/docs/how/network-database.html:907
msgid "Better methods for tracking lookup responses."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:2
msgid "Peer Profiling and Selection"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:3
msgid "July 2010"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:8
msgid "Peer Profiling"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:10
#, python-format
msgid ""
"<b>Peer profiling</b> is the process of collecting data based on the "
"<b>observed</b> performance\n"
"of other routers or peers, and classifying those peers into groups.\n"
"Profiling does <b>not</b> use any claimed performance data published by "
"the peer itself\n"
"in the <a href=\"%(netdb)s\">network database</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:17
msgid "Profiles are used for two purposes:"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:19
msgid "Selecting peers to relay our traffic through, which is discussed below"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:20
#, python-format
msgid ""
"Choosing peers from the set of floodfill routers to use for network "
"database storage and queries,\n"
"which is discussed on the <a href=\"%(netdb)s\">network database</a> page"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:27
#: i2p2www/pages/site/docs/how/peer-selection.html:187
#: i2p2www/pages/site/docs/tunnels/implementation.html:289
msgid "Peer Selection"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:28
msgid ""
"<b>Peer selection</b> is the process of choosing which routers\n"
"on the network we want to relay our messages to go through (which peers "
"will we \n"
"ask to join our tunnels). To accomplish this, we keep track of how each\n"
"peer performs (the peer's \"profile\") and use that data to estimate how"
" \n"
"fast they are, how often they will be able to accept our requests, and \n"
"whether they seem to be overloaded or otherwise unable to perform what\n"
"they agree to reliably."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:38
#, python-format
msgid ""
"Unlike some other anonymous networks, in I2P,\n"
"claimed bandwidth is untrusted and is <b>only</b> used to avoid those "
"peers\n"
"advertising very low bandwidth insufficient for routing tunnels.\n"
"All peer selection is done through profiling.\n"
"This prevents simple attacks based on peers claiming high bandwidth\n"
"in order to capture large numbers of tunnels.\n"
"It also makes\n"
"<a href=\"%(threatmodel)s#timing\">timing attacks</a>\n"
"more difficult."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:50
msgid ""
"Peer selection is done quite frequently, as a router may maintain a large"
" number\n"
"of client and exploratory tunnels, and a tunnel lifetime is only 10 "
"minutes."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:56
msgid "Further Information"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:57
#, python-format
msgid ""
"For more information see the paper\n"
"<a href=\"%(pdf)s\">Peer Profiling and Selection in the I2P Anonymous "
"Network</a>\n"
"presented at <a href=\"%(url)s\">PET-CON 2009.1</a>.\n"
"See <a href=\"#notes\">below</a> for notes on minor changes since the "
"paper was published."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:65
msgid "Profiles"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:66
#, python-format
msgid ""
"Each peer has a set of data points collected about them, including "
"statistics \n"
"about how long it takes for them to reply to a network database query, "
"how \n"
"often their tunnels fail, and how many new peers they are able to "
"introduce \n"
"us to, as well as simple data points such as when we last heard from them"
" or\n"
"when the last communication error occurred. The specific data points "
"gathered\n"
"can be found in the <a href=\"%(url)s\">code</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:75
msgid ""
"Profiles are fairly small, a few KB. To control memory usage, the profile"
" expiration time\n"
"lessens as the number of profiles grows.\n"
"Profiles are kept in memory until router shutdown, when they are written "
"to disk.\n"
"At startup, the profiles are read so the router need not reinitialize all"
" profiles,\n"
"thus allowing a router to quickly re-integrate into the network after "
"startup."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:85
msgid "Peer Summaries"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:86
msgid ""
"While the profiles themselves can be considered a summary of a peer's \n"
"performance, to allow for effective peer selection we break each summary "
"down \n"
"into four simple values, representing the peer's speed, its capacity, how"
" well \n"
"integrated into the network it is, and whether it is failing."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:93
msgid "Speed"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:94
msgid ""
"The speed calculation\n"
"simply goes through the profile and estimates how much data we can\n"
"send or receive on a single tunnel through the peer in a minute. For "
"this estimate it just looks at\n"
"performance in the previous minute."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:101
msgid "Capacity"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:102
msgid ""
"The capacity calculation\n"
"simply goes through the profile and estimates how many tunnels the peer\n"
"would agree to participate in over a given time period. For this "
"estimate it looks at \n"
"how many tunnel build requests\n"
"the peer has accepted, rejected, and dropped, and how many\n"
"of the agreed-to tunnels later failed.\n"
"While the calculation is time-weighted so that recent activity counts "
"more than later activity,\n"
"statistics up to 48 hours old may be included."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:113
msgid ""
"Recognizing and avoiding unreliable and unreachable\n"
"peers is critically important.\n"
"Unfortunately, as the tunnel building and testing require the "
"participation of several peers,\n"
"it is difficult to positively identify the cause of a dropped build "
"request or test failure.\n"
"The router assigns a probability of failure to each of the\n"
"peers, and uses that probability in the capacity calculation.\n"
"Drops and test failures are weighted much higher than rejections."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:123
msgid "Peer organization"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:124
msgid ""
"As mentioned above, we drill through each peer's profile to come up with "
"a \n"
"few key calculations, and based upon those, we organize each peer into "
"three\n"
"groups - fast, high capacity, and standard."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:130
msgid "The groupings are not mutually exclusive, nor are they unrelated:"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:134
msgid ""
"A peer is considered \"high capacity\" if its capacity calculation meets "
"or \n"
"exceeds the median of all peers."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:138
msgid ""
"A peer is considered \"fast\" if they are already \"high capacity\" and "
"their \n"
"speed calculation meets or exceeds the median of all peers."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:142
msgid "A peer is considered \"standard\" if it is not \"high capacity\""
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:145
#, python-format
msgid ""
"These groupings are implemented in the router's\n"
"<a href=\"%(url)s\">ProfileOrganizer</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:150
msgid "Group size limits"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:151
msgid "The size of the groups may be limited."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:156
msgid ""
"The fast group is limited to 30 peers.\n"
"If there would be more, only the ones with the highest speed rating are "
"placed in the group."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:160
msgid ""
"The high capacity group is limited to 75 peers (including the fast group)"
"\n"
"If there would be more, only the ones with the highest capacity rating "
"are placed in the group."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:164
msgid ""
"The standard group has no fixed limit, but is somewhat smaller than the "
"number of RouterInfos\n"
"stored in the local network database.\n"
"On an active router in today's network, there may be about 1000 "
"RouterInfos and 500 peer profiles\n"
"(including those in the fast and high capacity groups)"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:172
msgid "Recalculation and Stability"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:173
msgid ""
"Summaries are recalculated, and peers are resorted into groups, every 45 "
"seconds."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:177
msgid ""
"The groups tend to be fairly stable, that is, there is not much \"churn\""
" in the rankings\n"
"at each recalculation.\n"
"Peers in the fast and high capacity groups get more tunnels build through"
" them, which increases their speed and capacity ratings,\n"
"which reinforces their presence in the group."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:188
msgid "The router selects peers from the above groups to build tunnels through."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:193
msgid "Peer Selection for Client Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:194
msgid ""
"Client tunnels are used for application traffic, such as for HTTP proxies"
" and web servers."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:198
msgid ""
"To reduce the susceptibility to <a href=\"http://blog.torproject.org/blog"
"/one-cell-enough\">some attacks</a>,\n"
"and increase performance,\n"
"peers for building client tunnels are chosen randomly from the smallest "
"group, which is the \"fast\" group.\n"
"There is no bias toward selecting peers that were previously participants"
" in a tunnel for the same client."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:206
msgid "Peer Selection for Exploratory Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:207
msgid ""
"Exploratory tunnels are used for router administrative purposes, such as "
"network database traffic\n"
"and testing client tunnels.\n"
"Exploratory tunnels are also used to contact previously unconnected "
"routers, which is why\n"
"they are called \"exploratory\".\n"
"These tunnels are usually low-bandwidth."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:215
msgid ""
"Peers for building exploratory tunnels are generally chosen randomly from"
" the standard group.\n"
"If the success rate of these build attempts is low compared to the client"
" tunnel build success rate,\n"
"the router will select a weighted average of peers randomly from the high"
" capacity group instead.\n"
"This helps maintain a satisfactory build success rate even when network "
"performance is poor.\n"
"There is no bias toward selecting peers that were previously participants"
" in an exploratory tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:223
msgid ""
"As the standard group includes a very large subset of all peers the "
"router knows about,\n"
"exploratory tunnels are essentially built through a random selection of "
"all peers,\n"
"until the build success rate becomes too low."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:231
msgid "Restrictions"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:232
msgid ""
"To prevent some simple attacks, and for performance, there are the "
"following restrictions:"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:236
msgid "Two peers from the same /16 IP space may not be in the same tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:239
msgid ""
"A peer may participate in a maximum of 33&#37; of all tunnels created by "
"the router."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:242
msgid "Peers with extremely low bandwidth are not used."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:245
msgid "Peers for which a recent connection attempt failed are not used."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:252
msgid "Peer Ordering in Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:253
#, python-format
msgid ""
"Peers are ordered within tunnels to\n"
"to deal with the <a href=\"%(pdf)s\">predecessor attack</a>\n"
"<a href=\"%(pdf2008)s\">(2008 update)</a>.\n"
"More information is on the <a href=\"%(tunnelimpl)s#ordering\">tunnel "
"page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:268
msgid "Continue to analyze an tune speed and capacity calculations as necessary"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:271
msgid ""
"Implement a more aggressive ejection strategy if necessary to control "
"memory usage as the network grows"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:274
msgid "Evaluate group size limits"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:277
msgid "Use GeoIP data to include or exclude certain peers, if configured"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:283
#, python-format
msgid ""
"For those reading the paper\n"
"<a href=\"%(pdf)s\">Peer Profiling and Selection in the I2P Anonymous "
"Network</a>,\n"
"please keep in mind the following minor changes in I2P since the paper's "
"publication:"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:289
msgid "The Integration calculation is still not used"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:290
msgid "In the paper, \"groups\" are called \"tiers\""
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:291
msgid "The \"Failing\" tier is no longer used"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:292
msgid "The \"Not Failing\" tier is now named \"Standard\""
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:301
msgid "One Cell Enough"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:303
msgid "Tor Entry Guards"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:305
msgid "Murdoch 2007 Paper"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:307
msgid "Tune-up for Tor"
msgstr ""
#: i2p2www/pages/site/docs/how/peer-selection.html:309
msgid "Low-resource Routing Attacks Against Tor"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:2
msgid "I2P: A scalable framework for anonymous communication"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:5
#: i2p2www/pages/site/docs/how/tech-intro.html:20
#: i2p2www/pages/site/docs/transport/ssu.html:330
msgid "Introduction"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:7
msgid "I2P Operation"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:12
#: i2p2www/pages/site/docs/how/tech-intro.html:397
msgid "Transport protocols"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:13
#: i2p2www/pages/site/docs/how/tech-intro.html:454
msgid "Cryptography"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:21
msgid ""
"I2P is a scalable, self organizing, resilient packet switched anonymous \n"
"network layer, upon which any number of different anonymity or security "
"conscious \n"
"applications can operate. Each of these applications may make their own "
"anonymity, \n"
"latency, and throughput tradeoffs without worrying about the proper "
"implementation \n"
"of a free route mixnet, allowing them to blend their activity with the "
"larger \n"
"anonymity set of users already running on top of I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:30
msgid ""
"Applications available already provide the full range of typical Internet"
" activities -\n"
"<b>anonymous</b> web browsing, web hosting, chat, file sharing, e-mail,\n"
"blogging and content syndication, newsgroups, as well as several other "
"applications under development."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:36
msgid "Web browsing: using any existing browser that supports using a proxy."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:37
msgid "Chat: IRC, Jabber, <a href=\"#app.i2pmessenger\">I2P-Messenger</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:38
msgid ""
"File sharing: <a href=\"#app.i2psnark\">I2PSnark</a>, <a "
"href=\"#app.robert\">Robert</a>, <a href=\"#app.imule\">iMule</a>, \n"
"<a href=\"#app.i2phex\">I2Phex</a>, <a href=\"#app.pybit\">PyBit</a>, <a "
"href=\"#app.i2pbt\">I2P-bt</a>\n"
"and others."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:43
msgid ""
"E-mail: <a href=\"#app.i2pmail\">susimail</a> and <a href=\"#app.i2pbote"
"\">I2P-Bote</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:44
msgid ""
"Blog: using e.g. the pebble plugin or the distributed blogging software "
"<a href=\"#app.syndie\">Syndie</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:45
msgid ""
"Distributed Data Store: Save your data redundantly in the Tahoe-LAFS "
"cloud over I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:46
msgid "Newsgroups: using any newsgroup reader that supports using a proxy."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:49
msgid ""
"Unlike web sites hosted within content distribution networks like <a "
"href=\"#similar.freenet\">Freenet</a> \n"
"or <a href=\"http://www.ovmj.org/GNUnet/\">GNUnet</a>, the services "
"hosted on \n"
"I2P are fully interactive - there are traditional web-style search "
"engines, \n"
"bulletin boards, blogs you can comment on, database driven sites, and "
"bridges \n"
"to query static systems like Freenet without needing to install it "
"locally."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:57
msgid ""
"With all of these anonymity enabled applications, I2P takes on the role \n"
"of the message oriented middleware - applications say that they want to "
"send \n"
"some data to a cryptographic identifier (a \"destination\") and I2P takes"
" care \n"
"of making sure it gets there securely and anonymously. I2P also bundles a"
" \n"
"simple <a href=\"#app.streaming\">streaming</a> library to allow I2P's "
"anonymous \n"
"best-effort messages to transfer as reliable, in-order streams, "
"transparently \n"
"offering a TCP based congestion control algorithm tuned for the high "
"bandwidth \n"
"delay product of the network. While there have been several simple SOCKS "
"proxies \n"
"available to tie existing applications into the network, their value has "
"been \n"
"limited as nearly every application routinely exposes what, in an "
"anonymous \n"
"context, is sensitive information. The only safe way to go is to fully "
"audit \n"
"an application to ensure proper operation and to assist in that we "
"provide \n"
"a series of APIs in various languages which can be used to make the most "
"out \n"
"of the network."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:74
#, python-format
msgid ""
"I2P is not a research project - academic, commercial, or governmental, "
"but \n"
"is instead an engineering effort aimed at doing whatever is necessary to "
"provide \n"
"a sufficient level of anonymity to those who need it. It has been in "
"active \n"
"development since early 2003 with one full time developer and a dedicated"
" \n"
"group of part time contributors from all over the world. All of the work "
"done \n"
"on I2P is open source and freely available on the <a "
"href=\"%(site)s\">website</a>, \n"
"with the majority of the code released outright into the public domain, "
"though \n"
"making use of a few cryptographic routines under BSD-style licenses. The "
"people \n"
"working on I2P do not control what people release client applications "
"under, \n"
"and there are several GPL'ed applications available (<a "
"href=\"#app.i2ptunnel\">I2PTunnel</a>, \n"
"<a href=\"#app.i2pmail\">susimail</a>, <a "
"href=\"#app.i2psnark\">I2PSnark</a>, <a href=\"#app.i2pbote\">I2P-"
"Bote</a>, \n"
"<a href=\"#app.i2phex\">I2Phex</a> and others.).\n"
"<a href=\"%(halloffame)s\">Funding</a> for I2P comes entirely from "
"donations,\n"
"and does not receive any tax breaks in any jurisdiction at this time,\n"
"as many of the developers are themselves anonymous."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:92
msgid "Operation"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:94
msgid ""
"To understand I2P's operation, it is essential to understand a few key "
"concepts. \n"
"First, I2P makes a strict separation between the software participating "
"in \n"
"the network (a \"router\") and the anonymous endpoints (\"destinations\")"
" associated \n"
"with individual applications. The fact that someone is running I2P is not"
" \n"
"usually a secret. What is hidden is information on what the user is "
"doing, \n"
"if anything at all, as well as what router a particular destination is "
"connected \n"
"to. End users will typically have several local destinations on their "
"router \n"
"- for instance, one proxying in to IRC servers, another supporting the "
"user's \n"
"anonymous webserver (\"eepsite\"), another for an I2Phex instance, "
"another for \n"
"torrents, etc."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:107
msgid ""
"Another critical concept to understand is the \"tunnel\".\n"
"A tunnel is a directed path through an explicitly selected list of "
"routers.\n"
"Layered encryption is used, so each of the routers can only decrypt a "
"single layer.\n"
"The decrypted information contains the IP of the next router, along with\n"
"the encrypted information to be forwarded.\n"
"Each tunnel has a starting point (the first router, also known as "
"\"gateway\")\n"
"and an end point. Messages can be sent only in one way. To send messages "
"back,\n"
"another tunnel is required."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:118
#: i2p2www/pages/site/docs/tunnels/implementation.html:105
msgid "Inbound and outbound tunnel schematic"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:120
msgid "Figure 1: Two types of tunnels exist: inbound and outbound."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:123
msgid ""
"Two types of tunnels exist:\n"
"<b>\"outbound\" tunnels</b> send messages away from the tunnel creator,\n"
"while <b>\"inbound\" tunnels</b> bring messages to the tunnel creator.\n"
"Combining these two tunnels allows users to send messages to each other.\n"
"The sender (\"Alice\" in the above image) sets up an outbound tunnel,\n"
"while the receiver (\"Bob\" in the above image) creates an inbound "
"tunnel.\n"
"The gateway of an inbound tunnel can receive messages from any other user"
"\n"
"and will send them on until the endpoint (\"Bob\").\n"
"The endpoint of the outbound tunnel will need to send the message\n"
"on to the gateway of the inbound tunnel.\n"
"To do this, the sender (\"Alice\") adds instructions to her encrypted "
"message.\n"
"Once the endpoint of the outbound tunnel decrypts the message,\n"
"it will have instructions to forward the message to the correct\n"
"inbound gateway (the gateway to \"Bob\")."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:140
msgid ""
"A third critical concept to understand is I2P's <b>\"network "
"database\"</b> (or \"netDb\") \n"
"- a pair of algorithms used to share network metadata. The two types of "
"metadata \n"
"carried are <b>\"routerInfo\"</b> and <b>\"leaseSets\"</b> - the "
"routerInfo gives routers the \n"
"data necessary for contacting a particular router (their public keys, "
"transport \n"
"addresses, etc), while the leaseSet gives routers the information "
"necessary \n"
"for contacting a particular destination. A leaseSet contains a number of "
"\"leases\".\n"
"Each of this leases specifies a tunnel gateway, which allows reaching a "
"specific destination.\n"
"The full information contained in a lease:"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:151
msgid "Inbound gateway for a tunnel that allows reaching a specific destination."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:152
msgid "Time when a tunnel expires."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:153
msgid ""
"Pair of public keys to be able to encrypt messages (to send through the "
"tunnel and reach the destination)."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:155
msgid ""
"Routers themselves send their routerInfo to the netDb directly, while "
"leaseSets are sent through outbound tunnels\n"
"(leaseSets need to be sent anonymously, to avoid correlating a router "
"with his leaseSets)."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:160
msgid ""
"We can combine the above concepts to build successful connections in the "
"network."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:164
msgid ""
"To build up her own inbound and outbound tunnels, Alice does a lookup in "
"the netDb to collect routerInfo.\n"
"This way, she gathers lists of peers she can use as hops in her tunnels.\n"
"She can then send a build message to the first hop, requesting the "
"construction of a tunnel and asking\n"
"that router to send the construction message onward, until the tunnel has"
" been constructed."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:171
msgid "Request information on other routers"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:173
msgid "Build tunnel using router information"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:175
msgid "Figure 2: Router information is used to build tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:178
msgid ""
"When Alice wants to send a message to Bob, she first does a lookup in the"
" \n"
"netDb to find Bob's leaseSet, giving her his current inbound tunnel "
"gateways. \n"
"She then picks one of her outbound tunnels and sends the message down it "
"with \n"
"instructions for the outbound tunnel's endpoint to forward the message on"
" \n"
"to one of Bob's inbound tunnel gateways. When the outbound tunnel "
"endpoint \n"
"receives those instructions, it forwards the message as requested, and "
"when \n"
"Bob's inbound tunnel gateway receives it, it is forwarded down the tunnel"
" \n"
"to Bob's router. If Alice wants Bob to be able to reply to the message, "
"she \n"
"needs to transmit her own destination explicitly as part of the message "
"itself.\n"
"This can be done by introducing a higher-level layer, which is done in "
"the\n"
"<a href=\"#app.streaming\">streaming</a> library.\n"
"Alice may also cut down on the response time by bundling her most \n"
"recent LeaseSet with the message so that Bob doesn't need to do a netDb "
"lookup \n"
"for it when he wants to reply, but this is optional."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:195
msgid "Connect tunnels using LeaseSets"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:195
msgid "Connect tunnels using leaseSets"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:197
msgid "Figure 3: LeaseSets are used to connect outbound and inbound tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:200
msgid ""
"While the tunnels themselves have layered encryption to prevent "
"unauthorized \n"
"disclosure to peers inside the network (as the transport layer itself "
"does \n"
"to prevent unauthorized disclosure to peers outside the network), it is "
"necessary \n"
"to add an additional end to end layer of encryption to hide the message "
"from \n"
"the outbound tunnel endpoint and the inbound tunnel gateway. This \"<a "
"href=\"#op.garlic\">garlic \n"
"encryption</a>\" lets Alice's router wrap up multiple messages into a "
"single \n"
"\"garlic message\", encrypted to a particular public key so that "
"intermediary \n"
"peers cannot determine either how many messages are within the garlic, "
"what \n"
"those messages say, or where those individual cloves are destined. For "
"typical \n"
"end to end communication between Alice and Bob, the garlic will be "
"encrypted \n"
"to the public key published in Bob's leaseSet, allowing the message to be"
" \n"
"encrypted without giving out the public key to Bob's own router."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:215
msgid ""
"Another important fact to keep in mind is that I2P is entirely message "
"based \n"
"and that some messages may be lost along the way. Applications using I2P "
"can \n"
"use the message oriented interfaces and take care of their own congestion"
" \n"
"control and reliability needs, but most would be best served by reusing "
"the \n"
"provided <a href=\"#app.streaming\">streaming</a> library to view I2P as "
"a streams \n"
"based network."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:225
msgid ""
"Both inbound and outbound tunnels work along similar principles.\n"
"The tunnel gateway accumulates a number of tunnel messages, eventually "
"preprocessing \n"
"them into something for tunnel delivery. Next, the gateway encrypts that "
"preprocessed \n"
"data and forwards it to the first hop. That peer and subsequent tunnel "
"participants \n"
"add on a layer of encryption after verifying that it isn't a duplicate "
"before \n"
"forward it on to the next peer. Eventually, the message arrives at the "
"endpoint \n"
"where the messages are split out again and forwarded on as requested. The"
" \n"
"difference arises in what the tunnel's creator does - for inbound "
"tunnels, \n"
"the creator is the endpoint and they simply decrypt all of the layers "
"added, \n"
"while for outbound tunnels, the creator is the gateway and they pre-"
"decrypt \n"
"all of the layers so that after all of the layers of per-hop encryption "
"are \n"
"added, the message arrives in the clear at the tunnel endpoint."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:240
msgid ""
"The choice of specific peers to pass on messages as well as their "
"particular \n"
"ordering is important to understanding both I2P's anonymity and "
"performance \n"
"characteristics. While the network database (below) has its own criteria "
"for \n"
"picking what peers to query and store entries on, tunnel creators may use"
" any peers \n"
"in the network in any order (and even any number of times) in a single "
"tunnel. \n"
"If perfect latency and capacity data were globally known, selection and "
"ordering \n"
"would be driven by the particular needs of the client in tandem with "
"their \n"
"threat model. Unfortunately, latency and capacity data is not trivial to "
"gather \n"
"anonymously, and depending upon untrusted peers to provide this "
"information \n"
"has its own serious anonymity implications."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:253
msgid ""
"From an anonymity perspective, the simplest technique would be to pick "
"peers \n"
"randomly from the entire network, order them randomly and use those peers"
" \n"
"in that order for all eternity. From a performance perspective, the "
"simplest \n"
"technique would be to pick the fastest peers with the necessary spare "
"capacity, \n"
"spreading the load across different peers to handle transparent failover,"
" \n"
"and to rebuild the tunnel whenever capacity information changes. While "
"the \n"
"former is both brittle and inefficient, the later requires inaccessible "
"information \n"
"and offers insufficient anonymity. I2P is instead working on offering a "
"range \n"
"of peer selection strategies, coupled with anonymity aware measurement "
"code \n"
"to organize the peers by their profiles."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:266
msgid ""
"As a base, I2P is constantly profiling the peers with which it interacts"
" \n"
"with by measuring their indirect behavior - for instance, when a peer "
"responds \n"
"to a netDb lookup in 1.3 seconds, that round trip latency is recorded in "
"the \n"
"profiles for all of the routers involved in the two tunnels (inbound and "
"outbound) \n"
"through which the request and response passed, as well as the queried "
"peer's \n"
"profile. Direct measurement, such as transport layer latency or "
"congestion, \n"
"is not used as part of the profile, as it can be manipulated and "
"associated \n"
"with the measuring router, exposing them to trivial attacks. While "
"gathering \n"
"these profiles, a series of calculations are run on each to summarize its"
" \n"
"performance - its latency, capacity to handle lots of activity, whether "
"they \n"
"are currently overloaded, and how well integrated into the network they "
"seem \n"
"to be. These calculations are then compared for active peers to organize "
"the \n"
"routers into four tiers - fast and high capacity, high capacity, not "
"failing, \n"
"and failing. The thresholds for those tiers are determined dynamically, "
"and \n"
"while they currently use fairly simple algorithms, alternatives exist."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:284
msgid ""
"Using this profile data, the simplest reasonable peer selection strategy"
" \n"
"is to pick peers randomly from the top tier (fast and high capacity), and"
" \n"
"this is currently deployed for client tunnels. Exploratory tunnels (used "
"for \n"
"netDb and tunnel management) pick peers randomly from the \"not failing\""
" tier \n"
"(which includes routers in 'better' tiers as well), allowing the peer to "
"sample \n"
"routers more widely, in effect optimizing the peer selection through "
"randomized \n"
"hill climbing. These strategies alone do however leak information "
"regarding \n"
"the peers in the router's top tier through predecessor and netDb "
"harvesting \n"
"attacks. In turn, several alternatives exist which, while not balancing "
"the \n"
"load as evenly, will address the attacks mounted by particular classes of"
" \n"
"adversaries."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:298
msgid ""
"By picking a random key and ordering the peers according to their XOR "
"distance \n"
"from it, the information leaked is reduced in predecessor and harvesting "
"attacks \n"
"according to the peers' failure rate and the tier's churn. Another simple"
" \n"
"strategy for dealing with netDb harvesting attacks is to simply fix the "
"inbound \n"
"tunnel gateway(s) yet randomize the peers further on in the tunnels. To "
"deal \n"
"with predecessor attacks for adversaries which the client contacts, the "
"outbound \n"
"tunnel endpoints would also remain fixed. The selection of which peer to "
"fix \n"
"on the most exposed point would of course need to have a limit to the "
"duration, \n"
"as all peers fail eventually, so it could either be reactively adjusted "
"or \n"
"proactively avoided to mimic a measured mean time between failures of "
"other \n"
"routers. These two strategies can in turn be combined, using a fixed "
"exposed \n"
"peer and an XOR based ordering within the tunnels themselves. A more "
"rigid \n"
"strategy would fix the exact peers and ordering of a potential tunnel, "
"only \n"
"using individual peers if all of them agree to participate in the same "
"way \n"
"each time. This varies from the XOR based ordering in that the "
"predecessor \n"
"and successor of each peer is always the same, while the XOR only makes "
"sure \n"
"their order doesn't change."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:318
#, python-format
msgid ""
"As mentioned before, I2P currently (release 0.8) includes the tiered \n"
"random strategy above, with XOR-based ordering. A \n"
"more detailed discussion of the mechanics involved in tunnel operation, "
"management, \n"
"and peer selection can be found in the <a href=\"%(tunnelimpl)s\">tunnel "
"spec</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:326
#, python-format
msgid ""
"As mentioned earlier, I2P's netDb works to share the network's metadata.\n"
"This is detailed in <a href=\"%(netdb)s\">the network database</a> page,\n"
"but a basic explanation is available below."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:332
msgid ""
"A percentage of I2P users are appointed as 'floodfill peers'.\n"
"Currently, I2P installations that have a lot of bandwidth and are fast "
"enough,\n"
"will appoint themselves as floodfill as soon as the number of existing "
"floodfill routers\n"
"drops too low."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:339
#, python-format
msgid ""
"Other I2P routers will store their data and lookup data by sending simple"
" 'store' and 'lookup' queries to the floodfills.\n"
"If a floodfill router receives a 'store' query, it will spread the "
"information to other floodfill routers\n"
"using the <a href=\"http://en.wikipedia.org/wiki/Kademlia\">Kademlia "
"algorithm</a>.\n"
"The 'lookup' queries currently function differently, to avoid an "
"important\n"
"<a href=\"%(netdb)s#lookup\">security issue</a>.\n"
"When a lookup is done, the floodfill router will not forward the lookup "
"to other peers,\n"
"but will always answer by itself (if it has the requested data)."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:349
msgid "Two types of information are stored in the network database."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:353
msgid ""
"A <b>RouterInfo</b> stores information on a specific I2P router and how "
"to contact it"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:354
msgid ""
"A <b>LeaseSet</b> stores information on a specific destination (e.g. I2P "
"website, e-mail server...)"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:356
msgid ""
"All of this information is signed by the publishing party and verified by"
" any I2P router using or storing the information.\n"
"In addition, the data contains timing information, to avoid storage of "
"old entries and possible attacks.\n"
"This is also why I2P bundles the necessary code for maintaining the "
"correct time, occasionally querying some SNTP servers \n"
"(the <a href=\"http://www.pool.ntp.org/\">pool.ntp.org</a> round robin by"
" default)\n"
"and detecting skew between routers at the transport layer."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:364
msgid "Some additional remarks are also important."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:369
msgid "Unpublished and encrypted leasesets:"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:370
msgid ""
"One could only want specific people to be able to reach a destination.\n"
"This is possible by not publishing the destination in the netDb. You will"
" however have to transmit the destination by other means.\n"
"An alternative are the 'encrypted leaseSets'. These leaseSets can only be"
" decoded by people with access to the decryption key."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:377
msgid "Bootstrapping:"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:378
msgid ""
"Bootstrapping the netDb is quite simple. Once a router manages to receive"
" a single routerInfo of a reachable peer,\n"
"it can query that router for references to other routers in the network.\n"
"Currently, a number of users post their routerInfo files to a website to "
"make this information available.\n"
"I2P automatically connects to one of these websites to gather routerInfo "
"files and bootstrap."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:386
msgid "Lookup scalability:"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:387
msgid ""
"Lookups in the I2P network are not forwarded to other netDb routers.\n"
"Currently, this is not a major problem, since the network is not very "
"large.\n"
"However, as the network grows, not all routerInfo and leaseSet files will"
" be present\n"
"on each netDb router. This will cause a deterioration of the percentage "
"of successful lookups.\n"
"Because of this, refinements to the netDb will be done in the next "
"releases."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:398
msgid ""
"Communication between routers needs to provide confidentiality and "
"integrity \n"
"against external adversaries while authenticating that the router "
"contacted \n"
"is the one who should receive a given message. The particulars of how "
"routers \n"
"communicate with other routers aren't critical - three separate protocols"
" \n"
"have been used at different points to provide those bare necessities."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:406
#, python-format
msgid ""
"I2P started with a TCP-based protocol which \n"
"has since been disabled. Then, to accommodate the need for high degree "
"communication \n"
"(as a number of routers will end up speaking with many others), I2P moved"
" \n"
"from a TCP based transport to a <a href=\"%(ssu)s\">UDP-based one</a> - "
"\"Secure \n"
"Semireliable UDP\", or \"SSU\"."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:414
#, python-format
msgid "As described in the <a href=\"%(ssu)s\">SSU spec</a>:"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:418
msgid ""
"The goal of this protocol is to provide secure, authenticated, \n"
"semireliable and unordered message delivery, exposing only a minimal "
"amount \n"
"of data easily discernible to third parties. It should support high "
"degree \n"
"communication as well as TCP-friendly congestion control and may include"
" \n"
"PMTU detection. It should be capable of efficiently moving bulk data at "
"rates \n"
"sufficient for home users. In addition, it should support techniques for "
"addressing \n"
"network obstacles, like most NATs or firewalls."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:428
#, python-format
msgid ""
"Following the introduction of SSU, after issues with congestion collapse"
" \n"
"appeared, a new NIO-based TCP transport called <a "
"href=\"%(ntcp)s\">NTCP</a> \n"
"was implemented. It is enabled by default for outbound connections only. "
"Those \n"
"who configure their NAT/firewall to allow inbound connections and specify"
" \n"
"the external host and port (dyndns/etc is ok) on /config.jsp can receive "
"inbound \n"
"connections. As NTCP is NIO based, so it doesn't suffer from the 1 thread"
" \n"
"per connection issues of the old TCP transport."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:438
msgid ""
"I2P supports multiple transports simultaneously. A particular transport \n"
"for an outbound connection is selected with \"bids\". Each transport bids"
" for \n"
"the connection and the relative value of these bids assigns the priority."
" \n"
"Transports may reply with different bids, depending on whether there is "
"already \n"
"an established connection to the peer."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:446
#, python-format
msgid ""
"The current implementation ranks NTCP as the highest-priority transport \n"
"for outbound connections in most situations. SSU is enabled for both "
"outbound \n"
"and inbound connections. Your firewall and your I2P router must be "
"configured \n"
"to allow inbound NTCP connections. For further information see the <a "
"href=\"%(ntcp)s\">NTCP \n"
"page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:455
msgid ""
"A bare minimum set of cryptographic primitives are combined together to \n"
"provide I2P's layered defenses against a variety of adversaries. At the "
"lowest \n"
"level, inter router communication is protected by the transport layer "
"security \n"
"- SSU encrypts each packet with AES256/CBC with both an explicit IV and "
"MAC \n"
"(HMAC-MD5-128) after agreeing upon an ephemeral session key through a "
"2048bit \n"
"Diffie-Hellman exchange, station-to-station authentication with the other"
" \n"
"router's DSA key, plus each network message has their own hash for local "
"integrity \n"
"checking. <a href=\"#op.tunnels\">Tunnel</a> messages passed over the "
"transports \n"
"have their own layered AES256/CBC encryption with an explicit IV and "
"verified \n"
"at the tunnel endpoint with an additional SHA256 hash. Various other "
"messages \n"
"are passed along inside \"garlic messages\", which are encrypted with "
"ElGamal/AES+SessionTags \n"
"(explained below)."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:470
msgid "Garlic messages"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:471
msgid ""
"Garlic messages are an extension of \"onion\" layered encryption, "
"allowing \n"
"the contents of a single message to contain multiple \"cloves\" - fully "
"formed \n"
"messages alongside their own instructions for delivery. Messages are "
"wrapped \n"
"into a garlic message whenever the message would otherwise be passing in "
"cleartext \n"
"through a peer who should not have access to the information - for "
"instance, \n"
"when a router wants to ask another router to participate in a tunnel, "
"they \n"
"wrap the request inside a garlic, encrypt that garlic to the receiving "
"router's \n"
"2048bit ElGamal public key, and forward it through a tunnel. Another "
"example \n"
"is when a client wants to send a message to a destination - the sender's "
"router \n"
"will wrap up that data message (alongside some other messages) into a "
"garlic, \n"
"encrypt that garlic to the 2048bit ElGamal public key published in the "
"recipient's \n"
"leaseSet, and forward it through the appropriate tunnels."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:486
msgid ""
"The \"instructions\" attached to each clove inside the encryption layer "
"includes \n"
"the ability to request that the clove be forwarded locally, to a remote "
"router, \n"
"or to a remote tunnel on a remote router. There are fields in those "
"instructions \n"
"allowing a peer to request that the delivery be delayed until a certain "
"time \n"
"or condition has been met, though they won't be honored until the <a "
"href=\"#future.variablelatency\">nontrivial \n"
"delays</a> are deployed. It is possible to explicitly route garlic "
"messages \n"
"any number of hops without building tunnels, or even to reroute tunnel "
"messages \n"
"by wrapping them in garlic messages and forwarding them a number of hops "
"prior \n"
"to delivering them to the next hop in the tunnel, but those techniques "
"are \n"
"not currently used in the existing implementation."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:499
msgid "Session tags"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:500
msgid ""
"As an unreliable, unordered, message based system, I2P uses a simple "
"combination \n"
"of asymmetric and symmetric encryption algorithms to provide data "
"confidentiality \n"
"and integrity to garlic messages. As a whole, the combination is referred"
" \n"
"to as ElGamal/AES+SessionTags, but that is an excessively verbose way to "
"describe \n"
"the simple use of 2048bit ElGamal, AES256, SHA256 and 32 byte nonces."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:539
msgid ""
"Session tags themselves have a very short lifetime, after which they are"
" \n"
"discarded if not used. In addition, the quantity stored for each key is "
"limited, \n"
"as are the number of keys themselves - if too many arrive, either new or "
"old \n"
"messages may be dropped. The sender keeps track whether messages using "
"session \n"
"tags are getting through, and if there isn't sufficient communication it "
"may \n"
"drop the ones previously assumed to be properly delivered, reverting back"
" \n"
"to the full expensive ElGamal encryption."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:549
msgid ""
"One alternative is to transmit only a single session tag, and from that,"
" \n"
"seed a deterministic PRNG for determining what tags to use or expect. By "
"keeping \n"
"this PRNG roughly synchronized between the sender and recipient (the "
"recipient \n"
"precomputes a window of the next e.g. 50 tags), the overhead of "
"periodically \n"
"bundling a large number of tags is removed, allowing more options in the "
"space/time \n"
"tradeoff, and perhaps reducing the number of ElGamal encryptions "
"necessary. \n"
"However, it would depend upon the strength of the PRNG to provide the "
"necessary \n"
"cover against internal adversaries, though perhaps by limiting the amount"
" \n"
"of times each PRNG is used, any weaknesses can be minimized. At the "
"moment, \n"
"there are no immediate plans to move towards these synchronized PRNGs."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:562
msgid "Future"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:563
msgid ""
"While I2P is currently functional and sufficient for many scenarios, "
"there \n"
"are several areas which require further improvement to meet the needs of "
"those \n"
"facing more powerful adversaries as well as substantial user experience "
"optimization."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:569
msgid "Restricted route operation"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:570
msgid ""
"I2P is an overlay network designed to be run on top of a functional "
"packet \n"
"switched network, exploiting the end to end principle to offer anonymity "
"and \n"
"security. While the Internet no longer fully embraces the end to end "
"principle\n"
"(due to the usage of NAT), \n"
"I2P does require a substantial portion of the network to be reachable - "
"there \n"
"may be a number of peers along the edges running using restricted routes,"
" \n"
"but I2P does not include an appropriate routing algorithm for the "
"degenerate \n"
"case where most peers are unreachable. It would, however work on top of a"
" \n"
"network employing such an algorithm."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:582
msgid ""
"Restricted route operation, where there are limits to what peers are "
"reachable \n"
"directly, has several different functional and anonymity implications, "
"dependent \n"
"upon how the restricted routes are handled. At the most basic level, "
"restricted \n"
"routes exist when a peer is behind a NAT or firewall which does not allow"
" \n"
"inbound connections. This was largely addressed in I2P 0.6.0.6 by "
"integrating \n"
"distributed hole punching into the transport layer, allowing people "
"behind \n"
"most NATs and firewalls to receive unsolicited connections without any "
"configuration. \n"
"However, this does not limit the exposure of the peer's IP address to "
"routers \n"
"inside the network, as they can simply get introduced to the peer through"
" \n"
"the published introducer."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:595
msgid ""
"Beyond the functional handling of restricted routes, there are two levels"
" \n"
"of restricted operation that can be used to limit the exposure of one's "
"IP \n"
"address - using router-specific tunnels for communication, and offering "
"'client \n"
"routers'. For the former, routers can either build a new pool of tunnels "
"or \n"
"reuse their exploratory pool, publishing the inbound gateways to some of "
"them \n"
"as part of their routerInfo in place of their transport addresses. When a"
" \n"
"peer wants to get in touch with them, they see those tunnel gateways in "
"the \n"
"netDb and simply send the relevant message to them through one of the "
"published \n"
"tunnels. If the peer behind the restricted route wants to reply, it may "
"do \n"
"so either directly (if they are willing to expose their IP to the peer) "
"or \n"
"indirectly through their outbound tunnels. When the routers that the peer"
" \n"
"has direct connections to want to reach it (to forward tunnel messages, "
"for \n"
"instance), they simply prioritize their direct connection over the "
"published \n"
"tunnel gateway. The concept of 'client routers' simply extends the "
"restricted \n"
"route by not publishing any router addresses. Such a router would not "
"even \n"
"need to publish their routerInfo in the netDb, merely providing their "
"self \n"
"signed routerInfo to the peers that it contacts (necessary to pass the "
"router's \n"
"public keys). Both levels of restricted route operation are planned for "
"I2P \n"
"2.0."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:617
msgid ""
"There are tradeoffs for those behind restricted routes, as they would "
"likely \n"
"participate in other people's tunnels less frequently, and the routers "
"which \n"
"they are connected to would be able to infer traffic patterns that would "
"not \n"
"otherwise be exposed. On the other hand, if the cost of that exposure is "
"less \n"
"than the cost of an IP being made available, it may be worthwhile. This, "
"of \n"
"course, assumes that the peers that the router behind a restricted route "
"contacts \n"
"are not hostile - either the network is large enough that the probability"
" \n"
"of using a hostile peer to get connected is small enough, or trusted (and"
" \n"
"perhaps temporary) peers are used instead."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:629
msgid "Variable latency"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:630
msgid ""
"Even though the bulk of I2P's initial efforts have been on low latency "
"communication, \n"
"it was designed with variable latency services in mind from the "
"beginning. \n"
"At the most basic level, applications running on top of I2P can offer the"
" \n"
"anonymity of medium and high latency communication while still blending "
"their \n"
"traffic patterns in with low latency traffic. Internally though, I2P can "
"offer \n"
"its own medium and high latency communication through the garlic "
"encryption \n"
"- specifying that the message should be sent after a certain delay, at a "
"certain \n"
"time, after a certain number of messages have passed, or another mix "
"strategy. \n"
"With the layered encryption, only the router that the clove exposed the "
"delay \n"
"request would know that the message requires high latency, allowing the "
"traffic \n"
"to blend in further with the low latency traffic. Once the transmission "
"precondition \n"
"is met, the router holding on to the clove (which itself would likely be "
"a \n"
"garlic message) simply forwards it as requested - to a router, to a "
"tunnel, \n"
"or, most likely, to a remote client destination."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:647
msgid ""
"There are a substantial number of ways to exploit this capacity for high"
" \n"
"latency comm in I2P, but for the moment, doing so has been scheduled for "
"the \n"
"I2P 3.0 release. In the meantime, those requiring the anonymity that high"
" \n"
"latency comm can offer should look towards the application layer to "
"provide \n"
"it."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:655
msgid "Open questions"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:657
msgid "How to get rid of the timing constraint?"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:658
msgid "Can we deal with the sessionTags more efficiently?"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:659
msgid ""
"What, if any, batching/mixing strategies should be made available on the "
"tunnels?"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:660
msgid ""
"What other tunnel peer selection and ordering strategies should be "
"available?"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:663
msgid "Similar systems"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:665
msgid ""
"I2P's architecture builds on the concepts of message oriented middleware,"
" \n"
"the topology of DHTs, the anonymity and cryptography of free route "
"mixnets, \n"
"and the adaptability of packet switched networking. The value comes not "
"from \n"
"novel concepts of algorithms though, but from careful engineering "
"combining \n"
"the research results of existing systems and papers. While there are a "
"few \n"
"similar efforts worth reviewing, both for technical and functional "
"comparisons, \n"
"two in particular are pulled out here - Tor and Freenet."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:675
#, python-format
msgid "See also the <a href=\"%(comparisons)s\">Network Comparisons Page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:680
#: i2p2www/pages/site/docs/how/tech-intro.html:745
msgid "website"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:682
msgid ""
"At first glance, Tor and I2P have many functional and anonymity related \n"
"similarities. While I2P's development began before we were aware of the "
"early \n"
"stage efforts on Tor, many of the lessons of the original onion routing "
"and \n"
"ZKS efforts were integrated into I2P's design. Rather than building an "
"essentially \n"
"trusted, centralized system with directory servers, I2P has a self "
"organizing \n"
"network database with each peer taking on the responsibility of profiling"
" \n"
"other routers to determine how best to exploit available resources. "
"Another \n"
"key difference is that while both I2P and Tor use layered and ordered "
"paths \n"
"(tunnels and circuits/streams), I2P is fundamentally a packet switched "
"network, \n"
"while Tor is fundamentally a circuit switched one, allowing I2P to "
"transparently \n"
"route around congestion or other network failures, operate redundant "
"pathways, \n"
"and load balance the data across available resources. While Tor offers "
"the \n"
"useful outproxy functionality by offering integrated outproxy discovery "
"and \n"
"selection, I2P leaves such application layer decisions up to applications"
" \n"
"running on top of I2P - in fact, I2P has even externalized the TCP-like "
"streaming \n"
"library itself to the application layer, allowing developers to "
"experiment \n"
"with different strategies, exploiting their domain specific knowledge to "
"offer \n"
"better performance."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:703
msgid ""
"From an anonymity perspective, there is much similarity when the core "
"networks \n"
"are compared. However, there are a few key differences. When dealing with"
" \n"
"an internal adversary or most external adversaries, I2P's simplex tunnels"
" \n"
"expose half as much traffic data than would be exposed with Tor's duplex "
"circuits \n"
"by simply looking at the flows themselves - an HTTP request and response "
"would \n"
"follow the same path in Tor, while in I2P the packets making up the "
"request \n"
"would go out through one or more outbound tunnels and the packets making "
"up \n"
"the response would come back through one or more different inbound "
"tunnels. \n"
"While I2P's peer selection and ordering strategies should sufficiently "
"address \n"
"predecessor attacks, should a switch to bidirectional tunnels be "
"necessary,\n"
"we could simply build an inbound and outbound tunnel along the same "
"routers."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:717
msgid ""
"Another anonymity issue comes up in Tor's use of telescopic tunnel "
"creation, \n"
"as simple packet counting and timing measurements as the cells in a "
"circuit \n"
"pass through an adversary's node exposes statistical information "
"regarding \n"
"where the adversary is within the circuit. I2P's unidirectional tunnel "
"creation \n"
"with a single message so that this data is not exposed. Protecting the "
"position \n"
"in a tunnel is important, as an adversary would otherwise be able to "
"mount \n"
"a series of powerful predecessor, intersection, and traffic confirmation "
"attacks."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:727
msgid ""
"Tor's support for a second tier of \"onion proxies\" does offer a non-"
"trivial \n"
"degree of anonymity while requiring a low cost of entry, while I2P will "
"not \n"
"offer this topology until <a href=\"#future.restricted\">2.0</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:733
msgid ""
"On the whole, Tor and I2P complement each other in their focus - Tor "
"works \n"
"towards offering high speed anonymous Internet outproxying, while I2P "
"works \n"
"towards offering a decentralized resilient network in itself. In theory, "
"both \n"
"can be used to achieve both purposes, but given limited development "
"resources, \n"
"they both have their strengths and weaknesses. The I2P developers have "
"considered \n"
"the steps necessary to modify Tor to take advantage of I2P's design, but "
"concerns \n"
"of Tor's viability under resource scarcity suggest that I2P's packet "
"switching \n"
"architecture will be able to exploit scarce resources more effectively."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:747
msgid ""
"Freenet played a large part in the initial stages of I2P's design - "
"giving \n"
"proof to the viability of a vibrant pseudonymous community completely "
"contained \n"
"within the network, demonstrating that the dangers inherent in outproxies"
" \n"
"could be avoided. The first seed of I2P began as a replacement "
"communication \n"
"layer for Freenet, attempting to factor out the complexities of a "
"scalable, \n"
"anonymous and secure point to point communication from the complexities "
"of \n"
"a censorship resistant distributed data store. Over time however, some of"
" \n"
"the anonymity and scalability issues inherent in Freenet's algorithms "
"made \n"
"it clear that I2P's focus should stay strictly on providing a generic "
"anonymous \n"
"communication layer, rather than as a component of Freenet. Over the "
"years, \n"
"the Freenet developers have come to see the weaknesses in the older "
"design, \n"
"prompting them to suggest that they will require a \"premix\" layer to "
"offer \n"
"substantial anonymity. In other words, Freenet needs to run on top of a "
"mixnet \n"
"such as I2P or Tor, with \"client nodes\" requesting and publishing data "
"through \n"
"the mixnet to the \"server nodes\" which then fetch and store the data "
"according \n"
"to Freenet's heuristic distributed data storage algorithms."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:766
msgid ""
"Freenet's functionality is very complementary to I2P's, as Freenet "
"natively \n"
"provides many of the tools for operating medium and high latency systems,"
" \n"
"while I2P natively provides the low latency mix network suitable for "
"offering \n"
"adequate anonymity. The logic of separating the mixnet from the "
"censorship-\n"
"resistant distributed data store still seems self-evident from an "
"engineering, \n"
"anonymity, security, and resource allocation perspective, so hopefully "
"the \n"
"Freenet team will pursue efforts in that direction, if not simply reusing"
" \n"
"(or helping to improve, as necessary) existing mixnets like I2P or Tor."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:777
msgid ""
"It is worth mentioning that there has recently been discussion and work \n"
"by the Freenet developers on a \"globally scalable darknet\" using "
"restricted \n"
"routes between peers of various trust. While insufficient information has"
" \n"
"been made publicly available regarding how such a system would operate "
"for \n"
"a full review, from what has been said the anonymity and scalability "
"claims \n"
"seem highly dubious. In particular, the appropriateness for use in "
"hostile \n"
"regimes against state level adversaries has been tremendously overstated,"
" \n"
"and any analysis on the implications of resource scarcity upon the "
"scalability \n"
"of the network has seemingly been avoided. Further questions regarding "
"susceptibility \n"
"to traffic analysis, trust and other topics do exist, but a more in-depth"
" \n"
"review of this \"globally scalable darknet\" will have to wait until the "
"Freenet \n"
"team makes more information available."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:793
msgid ""
"I2P itself doesn't really do much - it simply sends messages to remote "
"destinations \n"
"and receives messages targeting local destinations - most of the "
"interesting \n"
"work goes on at the layers above it. By itself, I2P could be seen as an "
"anonymous \n"
"and secure IP layer, and the bundled <a href=\"#app.streaming\">streaming"
" library</a> \n"
"as an implementation of an anonymous and secure TCP layer on top of it. "
"Beyond \n"
"that, <a href=\"#app.i2ptunnel\">I2PTunnel</a> exposes a generic TCP "
"proxying \n"
"system for either getting into or out of the I2P network, plus a variety "
"of \n"
"network applications provide further functionality for end users."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:804
msgid "Streaming library"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:805
msgid ""
"The I2P streaming library can be viewed as a generic streaming interface "
"(mirroring TCP sockets),\n"
"and the implementation supports a <a "
"href=\"http://en.wikipedia.org/wiki/Sliding_Window_Protocol\">sliding "
"window protocol</a>\n"
"with several optimizations, to take into account the high delay over I2P."
"\n"
"Individual streams may adjust the maximum packet size and \n"
"other options, though the default of 4KB compressed seems a reasonable "
"tradeoff \n"
"between the bandwidth costs of retransmitting lost messages and the "
"latency \n"
"of multiple messages."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:815
msgid ""
"In addition, in consideration of the relatively high cost of subsequent \n"
"messages, the streaming library's protocol for scheduling and delivering "
"messages \n"
"has been optimized to allow individual messages passed to contain as much"
" \n"
"information as is available. For instance, a small HTTP transaction "
"proxied \n"
"through the streaming library can be completed in a single round trip - "
"the \n"
"first message bundles a SYN, FIN and the small payload (an HTTP request "
"typically \n"
"fits) and the reply bundles the SYN, FIN, ACK and the small payload (many"
" \n"
"HTTP responses fit). While an additional ACK must be transmitted to tell "
"the \n"
"HTTP server that the SYN/FIN/ACK has been received, the local HTTP proxy "
"can \n"
"deliver the full response to the browser immediately."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:828
msgid ""
"On the whole, however, the streaming library bears much resemblance to an"
" \n"
"abstraction of TCP, with its sliding windows, congestion control "
"algorithms \n"
"(both slow start and congestion avoidance), and general packet behavior "
"(ACK, \n"
"SYN, FIN, RST, etc)."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:835
msgid "Naming library and addressbook"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:836
#, python-format
msgid ""
"For more information see the <a href=\"%(naming)s\">Naming and "
"Addressbook</a> page."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:840
#: i2p2www/pages/site/docs/how/tech-intro.html:914
#: i2p2www/pages/site/docs/how/tech-intro.html:961
#: i2p2www/pages/site/docs/how/tech-intro.html:993
#: i2p2www/pages/site/docs/how/tech-intro.html:1001
#: i2p2www/pages/site/docs/how/tech-intro.html:1009
#: i2p2www/pages/site/docs/how/tech-intro.html:1019
#: i2p2www/pages/site/docs/how/tech-intro.html:1027
#: i2p2www/pages/site/docs/how/tech-intro.html:1049
#, python-format
msgid "Developed by: %(dev)s"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:842
msgid ""
"Naming within I2P has been an oft-debated topic since the very beginning"
" \n"
"with advocates across the spectrum of possibilities. However, given I2P's"
" \n"
"inherent demand for secure communication and decentralized operation, the"
" \n"
"traditional DNS-style naming system is clearly out, as are \"majority "
"rules\" \n"
"voting systems. Instead, I2P ships with a generic naming library and a "
"base \n"
"implementation designed to work off a local name to destination mapping, "
"as \n"
"well as an optional add-on application called the \"addressbook\". The "
"addressbook \n"
"is a web-of-trust-driven secure, distributed, and human readable naming "
"system, \n"
"sacrificing only the call for all human readable names to be globally "
"unique \n"
"by mandating only local uniqueness. While all messages in I2P are "
"cryptographically \n"
"addressed by their destination, different people can have local "
"addressbook \n"
"entries for \"Alice\" which refer to different destinations. People can "
"still \n"
"discover new names by importing published addressbooks of peers specified"
" \n"
"in their web of trust, by adding in the entries provided through a third "
"party, \n"
"or (if some people organize a series of published addressbooks using a "
"first \n"
"come first serve registration system) people can choose to treat these "
"addressbooks \n"
"as name servers, emulating traditional DNS."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:862
msgid ""
"I2P does not promote the use of DNS-like services though, as the damage \n"
"done by hijacking a site can be tremendous - and insecure destinations "
"have \n"
"no value. DNSsec itself still falls back on registrars and certificate "
"authorities, \n"
"while with I2P, requests sent to a destination cannot be intercepted or "
"the \n"
"reply spoofed, as they are encrypted to the destination's public keys, "
"and \n"
"a destination itself is just a pair of public keys and a certificate. "
"DNS-style \n"
"systems on the other hand allow any of the name servers on the lookup "
"path \n"
"to mount simple denial of service and spoofing attacks. Adding on a "
"certificate \n"
"authenticating the responses as signed by some centralized certificate "
"authority \n"
"would address many of the hostile nameserver issues but would leave open "
"replay \n"
"attacks as well as hostile certificate authority attacks."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:876
msgid ""
"Voting style naming is dangerous as well, especially given the "
"effectiveness \n"
"of Sybil attacks in anonymous systems - the attacker can simply create an"
" \n"
"arbitrarily high number of peers and \"vote\" with each to take over a "
"given \n"
"name. Proof-of-work methods can be used to make identity non-free, but as"
" \n"
"the network grows the load required to contact everyone to conduct online"
" \n"
"voting is implausible, or if the full network is not queried, different "
"sets \n"
"of answers may be reachable."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:886
msgid ""
"As with the Internet however, I2P is keeping the design and operation of"
" \n"
"a naming system out of the (IP-like) communication layer. The bundled "
"naming \n"
"library includes a simple service provider interface which alternate "
"naming \n"
"systems can plug into, allowing end users to drive what sort of naming "
"tradeoffs \n"
"they prefer."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:895
msgid ""
"The old Syndie bundled with I2P has been replaced by the new Syndie which"
"\n"
"is distributed separately. For more information see the <a "
"href=\"http://syndie.i2p2.de/\">Syndie</a>\n"
"pages."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:901
msgid ""
"Syndie is a safe, anonymous blogging / content publication / content "
"aggregation \n"
"system. It lets you create information, share it with others, and read "
"posts \n"
"from those you're interested in, all while taking into consideration your"
" \n"
"needs for security and anonymity. Rather than building its own content "
"distribution \n"
"network, Syndie is designed to run on top of existing networks, "
"syndicating \n"
"content through eepsites, Tor hidden services, Freenet freesites, normal "
"websites, \n"
"usenet newsgroups, email lists, RSS feeds, etc. Data published with "
"Syndie \n"
"is done so as to offer pseudonymous authentication to anyone reading or "
"archiving \n"
"it."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:916
msgid ""
"I2PTunnel is probably I2P's most popular and versatile client "
"application, \n"
"allowing generic proxying both into and out of the I2P network. I2PTunnel"
" \n"
"can be viewed as four separate proxying applications - a \"client\" which"
" receives \n"
"inbound TCP connections and forwards them to a given I2P destination, an "
"\"httpclient\" \n"
"(aka \"eepproxy\") which acts like an HTTP proxy and forwards the "
"requests to \n"
"the appropriate I2P destination (after querying the naming service if "
"necessary), \n"
"a \"server\" which receives inbound I2P streaming connections on a "
"destination \n"
"and forwards them to a given TCP host+port, and an \"httpserver\" which "
"extends \n"
"the \"server\" by parsing the HTTP request and responses to allow safer "
"operation. \n"
"There is an additional \"socksclient\" application, but its use is not "
"encouraged \n"
"for reasons previously mentioned."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:930
msgid ""
"I2P itself is not an outproxy network - the anonymity and security "
"concerns \n"
"inherent in a mix net which forwards data into and out of the mix have "
"kept \n"
"I2P's design focused on providing an anonymous network which capable of "
"meeting \n"
"the user's needs without requiring external resources. However, the "
"I2PTunnel \n"
"\"httpclient\" application offers a hook for outproxying - if the "
"hostname requested \n"
"doesn't end in \".i2p\", it picks a random destination from a user-"
"provided \n"
"set of outproxies and forwards the request to them. These destinations "
"are \n"
"simply I2PTunnel \"server\" instances run by volunteers who have "
"explicitly \n"
"chosen to run outproxies - no one is an outproxy by default, and running "
"an \n"
"outproxy doesn't automatically tell other people to proxy through you. "
"While \n"
"outproxies do have inherent weaknesses, they offer a simple proof of "
"concept \n"
"for using I2P and provide some functionality under a threat model which "
"may \n"
"be sufficient for some users."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:946
msgid ""
"I2PTunnel enables most of the applications in use. An \"httpserver\" "
"pointing \n"
"at a webserver lets anyone run their own anonymous website (or "
"\"eepsite\") \n"
"- a webserver is bundled with I2P for this purpose, but any webserver can"
" \n"
"be used. Anyone may run a \"client\" pointing at one of the anonymously "
"hosted \n"
"IRC servers, each of which are running a \"server\" pointing at their "
"local \n"
"IRCd and communicating between IRCds over their own \"client\" tunnels. "
"End \n"
"users also have \"client\" tunnels pointing at <a "
"href=\"#app.i2pmail\">I2Pmail's</a> \n"
"POP3 and SMTP destinations (which in turn are simply \"server\" instances"
" pointing \n"
"at POP3 and SMTP servers), as well as \"client\" tunnels pointing at "
"I2P's CVS \n"
"server, allowing anonymous development. At times people have even run "
"\"client\" \n"
"proxies to access the \"server\" instances pointing at an NNTP server."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:963
msgid ""
"i2p-bt is a port of the mainline python BitTorrent client to run both the"
" \n"
"tracker and peer communication over I2P. Tracker requests are forwarded "
"through \n"
"the eepproxy to eepsites specified in the torrent file while tracker "
"responses \n"
"refer to peers by their destination explicitly, allowing i2p-bt to open "
"up \n"
"a <a href=\"#app.streaming\">streaming lib</a> connection to query them "
"for \n"
"blocks."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:972
msgid ""
"In addition to i2p-bt, a port of bytemonsoon has been made to I2P, making"
" \n"
"a few modifications as necessary to strip any anonymity-compromising "
"information \n"
"from the application and to take into consideration the fact that IPs "
"cannot \n"
"be used for identifying peers."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:980
msgid ""
"I2PSnark developed: jrandom, et al, ported from <a\n"
"href=\"http://www.klomp.org/mark/\">mjw</a>'s <a\n"
"href=\"http://www.klomp.org/snark/\">Snark</a> client"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:986
msgid ""
"Bundled with the I2P install, I2PSnark offers a simple anonymous "
"BitTorrent \n"
"client with multitorrent capabilities, exposing all of the functionality "
"through \n"
"a plain HTML web interface."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:995
#, python-format
msgid ""
"Robert is a Bittorrent client written in Python.\n"
"It is hosted on <a "
"href=\"http://%(bob)s/Robert.html\">http://%(bob)s/Robert.html</a> <!-- "
"TODO: expand -->"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1003
#, python-format
msgid ""
"PyBit is a Bittorrent client written in Python.\n"
"It is hosted on <a href=\"%(pybit)s\">%(pybit)s</a> <!-- TODO: expand -->"
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1011
msgid ""
"I2Phex is a fairly direct port of the Phex Gnutella filesharing client to"
" \n"
"run entirely on top of I2P. While it has disabled some of Phex's "
"functionality, \n"
"such as integration with Gnutella webcaches, the basic file sharing and "
"chatting \n"
"system is fully functional."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1021
msgid ""
"iMule is a fairly direct port of the aMule filesharing client \n"
"running entirely inside I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1029
#, python-format
msgid ""
"I2Pmail is more a service than an application - postman offers both "
"internal \n"
"and external email with POP3 and SMTP service through I2PTunnel instances"
" \n"
"accessing a series of components developed with mastiejaner, allowing "
"people \n"
"to use their preferred mail clients to send and receive mail "
"pseudonymously. \n"
"However, as most mail clients expose substantial identifying information,"
" \n"
"I2P bundles susi23's web based susimail client which has been built "
"specifically \n"
"with I2P's anonymity needs in mind. The I2Pmail/mail.i2p service offers "
"transparent \n"
"virus filtering as well as denial of service prevention with hashcash "
"augmented \n"
"quotas. In addition, each user has control of their batching strategy "
"prior \n"
"to delivery through the mail.i2p outproxies, which are separate from the "
"mail.i2p \n"
"SMTP and POP3 servers - both the outproxies and inproxies communicate "
"with \n"
"the mail.i2p SMTP and POP3 servers through I2P itself, so compromising "
"those \n"
"non-anonymous locations does not give access to the mail accounts or "
"activity \n"
"patterns of the user. At the moment the developers work on a "
"decentralized \n"
"mailsystem, called \"v2mail\". More information can be found on the "
"eepsite \n"
"<a href=\"http://%(postman)s/\">%(postman)s</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1051
msgid ""
"I2P-Bote is a distributed e-mail application. It does not use the "
"traditional\n"
"e-mail concept of sending an e-mail to a server and retrieving it from a "
"server.\n"
"Instead, it uses a Kademlia Distributed Hash Table to store mails.\n"
"One user can push a mail into the DHT, while another can request the "
"e-mail from the DHT.\n"
"And all the mails sent within the I2P-Bote network are automatically "
"encrypted end-to-end. <br>\n"
"Furthermore, I2P-Bote offers a remailer function on top of I2P, for "
"increased high-latency anonymity."
msgstr ""
#: i2p2www/pages/site/docs/how/tech-intro.html:1061
msgid ""
"I2P-Messenger is an end-to-end encrypted serverless communication "
"application.\n"
"For communication between two users, they need to give each other their "
"destination keys, to allow the other to connect.\n"
"It supports file transfer and has a search for other users, based on "
"Seedless."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:2
msgid "I2P's Threat Model"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:3
msgid "November 2010"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:7
msgid "low"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:8
msgid "medium"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:9
msgid "high"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:34
msgid "Damage Potential"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:35
msgid "Reliability"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:36
msgid "Exploitability"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:37
msgid "Affected Users"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:38
msgid "Discoverability"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:39
msgid "Severity"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:40
#: i2p2www/pages/site/docs/protocol/i2np.html:93
msgid "Priority"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:45
msgid "Index of Attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:47
#: i2p2www/pages/site/docs/how/threat-model.html:206
msgid "Brute force attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:48
#: i2p2www/pages/site/docs/how/threat-model.html:250
msgid "Timing attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:49
#: i2p2www/pages/site/docs/how/threat-model.html:287
msgid "Intersection attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:50
#: i2p2www/pages/site/docs/how/threat-model.html:367
msgid "Denial of service attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:51
#: i2p2www/pages/site/docs/how/threat-model.html:466
msgid "Tagging attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:52
#: i2p2www/pages/site/docs/how/threat-model.html:484
msgid "Partitioning attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:53
#: i2p2www/pages/site/docs/how/threat-model.html:524
msgid "Predecessor attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:54
#: i2p2www/pages/site/docs/how/threat-model.html:569
msgid "Harvesting attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:55
#: i2p2www/pages/site/docs/how/threat-model.html:616
msgid "Identification Through Traffic Analysis"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:56
#: i2p2www/pages/site/docs/how/threat-model.html:676
msgid "Sybil attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:57
#: i2p2www/pages/site/docs/how/threat-model.html:725
msgid "Buddy Exhaustion attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:58
#: i2p2www/pages/site/docs/how/threat-model.html:750
msgid "Cryptographic attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:59
msgid "Floodfill attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:60
#: i2p2www/pages/site/docs/how/threat-model.html:811
msgid "Other Network Database attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:61
msgid "Attacks on centralized resources"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:62
#: i2p2www/pages/site/docs/how/threat-model.html:877
msgid "Development attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:63
msgid "Implementation attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:64
#: i2p2www/pages/site/docs/how/threat-model.html:961
msgid "Other Defenses"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:69
msgid "What do we mean by \"anonymous\"?"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:71
msgid ""
"Your level of anonymity can be described as \"how hard it is for someone\n"
"to find out information you don't want them to know?\" - who you are, "
"where\n"
"you are located, who you communicate with, or even when you communicate."
" \n"
"\"Perfect\" anonymity is not a useful concept here - software will not "
"make \n"
"you indistinguishable from people that don't use computers or who are not"
" on\n"
"the Internet. Instead, we are working to provide sufficient anonymity to"
" meet the\n"
"real needs of whomever we can - from those simply browsing websites, to "
"those exchanging\n"
"data, to those fearful of discovery by powerful organizations or states."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:82
msgid ""
"The question of whether I2P provides sufficient anonymity for your \n"
"particular needs is a hard one, but this page will hopefully assist in \n"
"answering that question by exploring how I2P operates under various "
"attacks\n"
"so that you may decide whether it meets your needs."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:89
msgid ""
"We welcome further research and analysis on I2P's resistance to the "
"threats described below.\n"
"More review of existing literature (much of it focused on Tor) and "
"original\n"
"work focused on I2P is needed."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:95
msgid "Network Topology Summary"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:96
#, python-format
msgid ""
"I2P builds off the ideas of many <a href=\"%(comparisons)s\">other</a> \n"
"<a href=\"%(links)s\">systems</a>, but a few key points should be kept in"
" mind when \n"
"reviewing related literature:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:102
msgid ""
"<b>I2P is a free route mixnet</b> - the message creator explicitly "
"defines the\n"
"path that messages will be sent out (the outbound tunnel), and the "
"message \n"
"recipient explicitly defines the path that messages will be received on "
"(the\n"
"inbound tunnel)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:108
msgid ""
"<b>I2P has no official entry and exit points</b> - all peers fully "
"participate in the \n"
"mix, and there are no network layer in- or out-proxies (however, at the \n"
"application layer, a few proxies do exist)"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:113
msgid ""
"<b>I2P is fully distributed</b> - there are no central controls or "
"authorities.\n"
"One could modify some routers to operate mix cascades (building tunnels "
"and giving\n"
"out the keys necessary to control the forwarding at the tunnel endpoint) "
"or directory \n"
"based profiling and selection, all without breaking compatibility with "
"the rest of \n"
"the network, but doing so is of course not necessary (and may even harm "
"one's\n"
"anonymity)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:123
#, python-format
msgid ""
"We have documented plans to implement <a "
"href=\"%(todo)s#stop\">nontrivial delays</a>\n"
"and <a href=\"%(todo)s#batching\">batching strategies</a> \n"
"whose existence is only known to the particular hop or tunnel gateway "
"that \n"
"receives the message, allowing a mostly low latency mixnet to provide "
"cover \n"
"traffic for higher latency communication (e.g. email).\n"
"However we are aware that significant delays are required to provide "
"meaningful\n"
"protection, and that implementation of such delays will be a significant "
"challenge.\n"
"It is not clear at this time whether we will actually implement these "
"delay features."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:134
msgid ""
"In theory, routers along the message path may inject an \n"
"arbitrary number of hops before forwarding the message to the next peer, "
"though\n"
"the current implementation does not."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:141
msgid "The Threat Model"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:142
msgid ""
"I2P design started in 2003, not long after the advent of\n"
"<a href=\"http://www.onion-router.net\">[Onion Routing]</a>,\n"
"<a href=\"http://freenetproject.org/\">[Freenet]</a>, and\n"
"<a href=\"https://www.torproject.org/\">[Tor]</a>.\n"
"Our design benefits substantially from the research published around that"
" time.\n"
"I2P uses several onion routing techniques, so we continue to benefit\n"
"from the significant academic interest in Tor."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:152
msgid ""
"Taking from the attacks and analysis put forth in the \n"
"<a href=\"http://freehaven.net/anonbib/topic.html\">anonymity "
"literature</a> (largely \n"
"<a href=\"http://citeseer.ist.psu.edu/454354.html\">Traffic Analysis: "
"Protocols, Attacks, Design \n"
"Issues and Open Problems</a>), the following briefly describes a wide "
"variety \n"
"of attacks as well as many of I2Ps defenses. We update\n"
"this list to include new attacks as they are identified."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:161
msgid ""
"Included are some attacks that may be unique to I2P.\n"
"We do not have good answers for all these attacks, however\n"
"we continue to do research and improve our defenses."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:167
msgid ""
"In addition, many of these attacks are significantly easier than\n"
"they should be, due to the modest size of the current network.\n"
"While we are aware of some limitations that need to be addressed,\n"
"I2P is designed to support hundreds of thousands, or millions, of\n"
"participants.\n"
"As we continue to spread the word and grow the network,\n"
"these attacks will become much harder."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:177
#, python-format
msgid ""
"The\n"
"<a href=\"%(comparisons)s\">network comparisons</a> and\n"
"<a href=\"%(garlicrouting)s\">\"garlic\" terminology</a> pages may also "
"be helpful\n"
"to review."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:210
msgid ""
"A brute force attack can be mounted by a global passive or active "
"adversary, \n"
"watching all the messages pass between all of the nodes and attempting to"
" correlate\n"
"which message follows which path. Mounting this attack against I2P "
"should be \n"
"nontrivial, as all peers in the network are frequently sending messages "
"(both\n"
"end to end and network maintenance messages), plus an end to end message "
"changes\n"
"size and data along its path. In addition, the external adversary does "
"not have\n"
"access to the messages either, as inter-router communication is both "
"encrypted\n"
"and streamed (making two 1024 byte messages indistinguishable from one "
"2048 byte\n"
"message)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:222
msgid ""
"However, a powerful attacker can use brute force to detect trends - if "
"they \n"
"can send 5GB to an I2P destination and monitor everyone's network "
"connection,\n"
"they can eliminate all peers who did not receive 5GB of data. Techniques"
" to \n"
"defeat this attack exist, but may be prohibitively expensive (see: \n"
"<a "
"href=\"http://citeseer.ist.psu.edu/freedman02tarzan.html\">Tarzan</a>'s "
"mimics\n"
"or constant rate traffic). Most users are not concerned with this "
"attack, as \n"
"the cost of mounting it are extreme (and often require illegal activity)."
" \n"
"However, the attack is still possible, for example by an observer at\n"
"a large ISP or an Internet exchange point.\n"
"Those who want to defend against it \n"
"would want to take appropriate countermeasures, such as\n"
"setting low bandwidth limits, and using unpublished or encrypted "
"leasesets for eepsites.\n"
"Other countermeasures, such as nontrivial delays and restricted routes, "
"are\n"
"not currently implemented."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:239
#, python-format
msgid ""
"As a partial defense against a single router or group of routers trying "
"to route all the network's traffic,\n"
"routers contain limits as to how many tunnels can be routed through a "
"single peer.\n"
"As the network grows, these limits are subject to further adjustment.\n"
"Other mechanisms for peer rating, selection and avoidance\n"
"are discussed on the\n"
"<a href=\"%(peerselection)s\">peer selection page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:254
msgid ""
"I2P's messages are unidirectional and do not necessarily imply that a "
"reply\n"
"will be sent. However, applications on top of I2P will most likely have\n"
"recognizable patterns within the frequency of their messages - for "
"instance, an \n"
"HTTP request will be a small message with a large sequence of reply "
"messages \n"
"containing the HTTP response. Using this data as well as a broad view of"
" the \n"
"network topology, an attacker may be able to disqualify some links as "
"being too \n"
"slow to have passed the message along."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:264
msgid ""
"This sort of attack is powerful, but its applicability to I2P is non "
"obvious,\n"
"as the variation on message delays due to queuing, message processing, "
"and \n"
"throttling will often meet or exceed the time of passing a message along "
"a \n"
"single link - even when the attacker knows that a reply will be sent as "
"soon as\n"
"the message is received. There are some scenarios which will expose "
"fairly \n"
"automatic replies though - the streaming library does (with the SYN+ACK) "
"as does the \n"
"message mode of guaranteed delivery (with the "
"DataMessage+DeliveryStatusMessage)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:274
#, python-format
msgid ""
"Without protocol scrubbing or higher latency, global active adversaries "
"can \n"
"gain substantial information. As such, people concerned with these "
"attacks could\n"
"increase the latency (using <a href=\"%(todo)s#stop\">nontrivial "
"delays</a> or \n"
"<a href=\"%(todo)s#batching\">batching strategies</a>), include protocol "
"scrubbing, or\n"
"other advanced tunnel routing <a "
"href=\"%(todo)s#batching\">techniques</a>,\n"
"but these are unimplemented in I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:283
#, python-format
msgid ""
"References: <a href=\"%(pdf)s\">Low-Resource Routing Attacks Against "
"Anonymous Systems</a>"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:291
msgid ""
"Intersection attacks against low latency systems are extremely powerful -"
"\n"
"periodically make contact with the target and keep track of what peers "
"are on\n"
"the network. Over time, as node churn occurs the attacker will gain \n"
"significant information about the target by simply intersecting the sets "
"of\n"
"peers that are online when a message successfully goes through. The cost"
" of \n"
"this attack is significant as the network grows, but may be feasible in "
"some\n"
"scenarios."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:301
#, python-format
msgid ""
"In summary, if an attacker is at both ends of your tunnel at the same "
"time,\n"
"he may be successful.\n"
"I2P does not have a full defense to this for low latency communication.\n"
"This is an inherent weakness of low-latency onion routing.\n"
"Tor provides a <a href=\"%(url)s\">similar disclaimer</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:309
msgid "Partial defenses implemented in I2P:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:313
#, python-format
msgid "<a href=\"%(tunnelimpl)s#ordering\">strict ordering</a> of peers"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:316
#, python-format
msgid ""
"<a href=\"%(peerselection)s\">peer profiling and selection</a> from a "
"small group that changes slowly"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:319
msgid "Limits on the number of tunnels routed through a single peer"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:322
msgid ""
"Prevention of peers from the same /16 IP range from being members of a "
"single tunnel"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:325
msgid ""
"For eepsites or other hosted services, we support\n"
"simultaneous hosting on multiple routers, or\n"
"<a href=\"#intersection\">multihoming</a>"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:332
msgid ""
"Even in total, these defenses are not a complete solution.\n"
"Also, we have made some design choices that may significantly increase "
"our vulnerability:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:337
msgid "We do not use low-bandwidth \"guard nodes\""
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:340
msgid ""
"We use tunnel pools comprised of several tunnels, and traffic can shift "
"from tunnel to tunnel."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:343
msgid "Tunnels are not long-lived; new tunnels are built every 10 minutes."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:346
msgid ""
"Tunnel lengths are configurable.\n"
"While 3-hop tunnels are recommended for full protection, several "
"applications and\n"
"services use 2-hop tunnels by default."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:353
#, python-format
msgid ""
"In the future, it could\n"
"for peers who can afford significant delays (per <a "
"href=\"%(todo)s#stop\">nontrivial\n"
"delays</a> and <a href=\"%(todo)s#batching\">batching strategies</a>). "
"In addition,\n"
"this is only relevant for destinations that other people know about - a "
"private\n"
"group whose destination is only known to trusted peers does not have to "
"worry,\n"
"as an adversary can't \"ping\" them to mount the attack.</p>"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:362
#, python-format
msgid "Reference: <a href=\"%(oce)s\">One Cell Enough</a>"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:369
msgid ""
"There are a whole slew of denial of service attacks available against "
"I2P,\n"
"each with different costs and consequences:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:375
msgid ""
"<b>Greedy user attack:</b> This is simply\n"
"people trying to consume significantly more resources than they are \n"
"willing to contribute. The defense against this is:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:381
#, python-format
msgid ""
"Set defaults so that most users provide resources to the network.\n"
"In I2P, users route traffic by default. In sharp distinction to\n"
"<a href=\"%(comparisons)s\">other networks</a>,\n"
"over 95&#37; of I2P users relay traffic for others."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:387
msgid ""
"Provide easy configuration options so that users may increase their\n"
"contribution (share percentage) to the network. Display easy-to-"
"understand\n"
"metrics such as \"share ratio\" so that users may see what they are "
"contributing."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:392
msgid ""
"Maintain a strong community with blogs, forums, IRC, and other means of "
"communication."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:399
#, python-format
msgid ""
"<b>Starvation attack:</b> A hostile user may attempt to harm the network "
"by\n"
"creating a significant number of peers in the network who are not "
"identified as\n"
"being under control of the same entity (as with Sybil). These nodes then"
" \n"
"decide not to provide any resources to the network, causing existing "
"peers \n"
"to search through a larger network database or request more tunnels than"
" \n"
"should be necessary. \n"
"Alternatively, the nodes may provide intermittent service by periodically"
"\n"
"dropping selected traffic, or refusing connections to certain peers.\n"
"This behavior may be indistinguishable from that of a heavily-loaded or "
"failing node.\n"
"I2P addresses these issues by maintaining <a "
"href=\"%(peerselection)s\">profiles</a> on the \n"
"peers, attempting to identify underperforming ones and simply ignoring \n"
"them, or using them rarely.\n"
"We have significantly enhanced the\n"
"ability to recognize and avoid troublesome peers; however there are still"
"\n"
"significant efforts required in this area."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:419
#, python-format
msgid ""
"<b>Flooding attack:</b> A hostile user may attempt to flood the network,\n"
"a peer, a destination, or a tunnel. Network and peer flooding is "
"possible,\n"
"and I2P does nothing to prevent standard IP layer flooding. The flooding"
" of\n"
"a destination with messages by sending a large number to the target's "
"various\n"
"inbound tunnel gateways is possible, but the destination will know this "
"both\n"
"by the contents of the message and because the tunnel's tests will fail."
" The\n"
"same goes for flooding just a single tunnel. I2P has no defenses for a "
"network\n"
"flooding attack. For a destination and tunnel flooding attack, the "
"target\n"
"identifies which tunnels are unresponsive and builds new ones. New code "
"could\n"
"also be written to add even more tunnels if the client wishes to handle "
"the\n"
"larger load. If, on the other hand, the load is more than the client can"
"\n"
"deal with, they can instruct the tunnels to throttle the number of "
"messages or\n"
"bytes they should pass on (once the <a "
"href=\"%(todo)s#batching\">advanced tunnel\n"
"operation</a> is implemented)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:438
msgid ""
"<b>CPU load attack:</b> There are currently some methods for people to \n"
"remotely request that a peer perform some cryptographically expensive \n"
"operation, and a hostile attacker could use these to flood that peer with"
"\n"
"a large number of them in an attempt to overload the CPU. Both using "
"good \n"
"engineering practices and potentially requiring nontrivial certificates \n"
"(e.g. HashCash) to be attached to these expensive requests should "
"mitigate\n"
"the issue, though there may be room for an attacker to exploit various\n"
"bugs in the implementation."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:451
#, python-format
msgid ""
"<b>Floodfill DOS attack:</b> A hostile user may attempt to harm the "
"network by\n"
"becoming a floodfill router. The current defenses against unreliable,\n"
"intermittent, or malicious floodfill routers are poor.\n"
"A floodfill router may provide bad or no response to lookups, and\n"
"it may also interfere with inter-floodfill communication.\n"
"Some defenses and\n"
"<a href=\"%(peerselection)s\">peer profiling</a> are implemented,\n"
"however there is much more to do.\n"
"For more information see the\n"
"<a href=\"%(netdb)s#threat\">network database page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:470
#, python-format
msgid ""
"Tagging attacks - modifying a message so that it can later be identified"
" \n"
"further along the path - are by themselves impossible in I2P, as messages"
" \n"
"passed through tunnels are signed. However, if an attacker is the "
"inbound \n"
"tunnel gateway as well as a participant further along in that tunnel, "
"with\n"
"collusion they can identify the fact that they are in the same tunnel "
"(and \n"
"prior to adding <a href=\"%(todo)s#tunnelId\">unique hop ids</a> and "
"other updates,\n"
"colluding peers within the same tunnel can recognize that fact without "
"any \n"
"effort). An attacker in an outbound tunnel and any part of an inbound "
"tunnel cannot \n"
"collude however, as the tunnel encryption pads and modifies the data "
"separately\n"
"for the inbound and outbound tunnels. External attackers cannot do "
"anything,\n"
"as the links are encrypted and messages signed."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:488
msgid ""
"Partitioning attacks - finding ways to segregate (technically or "
"analytically)\n"
"the peers in a network - are important to keep in mind when dealing with "
"a \n"
"powerful adversary, since the size of the network plays a key role in "
"determining\n"
"your anonymity. Technical partitioning by cutting links between peers to"
" create\n"
"fragmented networks is addressed by I2P's built in network database, "
"which \n"
"maintains statistics about various peers so as to allow any existing "
"connections\n"
"to other fragmented sections to be exploited so as to heal the network. "
"However,\n"
"if the attacker does disconnect all links to uncontrolled peers, "
"essentially\n"
"isolating the target, no amount of network database healing will fix it."
" At\n"
"that point, the only thing the router can hope to do is notice that a "
"significant\n"
"number of previously reliable peers have become unavailable and alert the"
" client\n"
"that it is temporarily disconnected (this detection code is not "
"implemented at\n"
"the moment)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:504
#, python-format
msgid ""
"Partitioning the network analytically by looking for differences in how "
"routers \n"
"and destinations behave and grouping them accordingly is also a very "
"powerful\n"
"attack. For instance, an attacker <a href=\"#harvesting\">harvesting</a>"
" the network\n"
"database will know when a particular destination has 5 inbound tunnels in"
" their\n"
"LeaseSet while others have only 2 or 3, allowing the adversary to "
"potentially \n"
"partition clients by the number of tunnels selected. Another partition "
"is \n"
"possible when dealing with the <a href=\"%(todo)s#stop\">nontrivial "
"delays</a> and \n"
"<a href=\"%(todo)s#batching\">batching strategies</a>, as the tunnel "
"gateways and the\n"
"particular hops with non-zero delays will likely stand out. However, "
"this data\n"
"is only exposed to those specific hops, so to partition effectively on "
"that \n"
"matter, the attacker would need to control a significant portion of the "
"network\n"
"(and still that would only be a probabilistic partition, as they wouldn't"
" know\n"
"which other tunnels or messages have those delays)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:520
#, python-format
msgid ""
"Also discussed on the <a href=\"%(netdb)s#threat\">network database "
"page</a> (bootstrap attack)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:528
msgid ""
"The predecessor attack is passively gathering statistics in an attempt to"
" see\n"
"what peers are 'close' to the destination by participating in their "
"tunnels and\n"
"keeping track of the previous or next hop (for outbound or inbound "
"tunnels, \n"
"respectively). Over time, using a perfectly random sample of peers and "
"random\n"
"ordering, an attacker would be able to see which peer shows up as "
"'closer' \n"
"statistically more than the rest, and that peer would in turn be where "
"the\n"
"target is located."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:538
#, python-format
msgid ""
"I2P avoids this in four ways: first, the peers selected to participate in"
"\n"
"tunnels are not randomly sampled throughout the network - they are "
"derived from\n"
"the <a href=\"%(peerselection)s\">peer selection</a> algorithm which "
"breaks them\n"
"into tiers. Second, with <a href=\"%(tunnelimpl)s#ordering\">strict "
"ordering</a> of peers\n"
"in a tunnel, the fact that a peer shows up more frequently does not mean "
"they're\n"
"the source. Third, with <a href=\"%(tunnelimpl)s#length\">permuted "
"tunnel length</a>\n"
"(not enabled by default)\n"
"even 0 hop tunnels can provide plausible deniability as the occasional \n"
"variation of the gateway will look like normal tunnels. Fourth, with \n"
"<a href=\"%(todo)s#fullRestrictedRoutes\">restricted routes</a> "
"(unimplemented), only the peer with\n"
"a restricted connection to the target will ever contact the target, while"
" \n"
"attackers will merely run into that gateway."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:555
#, python-format
msgid ""
"The current <a href=\"%(tunnelcreation)s\">tunnel build method</a>\n"
"was specifically designed to combat the predecessor attack.\n"
"See also <a href=\"#intersection\">the intersection attack</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:561
#, python-format
msgid ""
"References: <a href=\"%(pdf2008)s\">%(pdf2008)s</a>\n"
"which is an update to the 2004 predecessor attack paper\n"
"<a href=\"%(pdf2004)s\">%(pdf2004)s</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:573
msgid ""
"\"Harvesting\" means compiling a list of users running I2P.\n"
"It can be used for legal attacks and to help\n"
"other attacks by simply running a peer, seeing who it connects to, and \n"
"harvesting whatever references to other peers it can find."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:580
msgid ""
"I2P itself is not designed with effective defenses against\n"
"this attack, since there is the distributed network database \n"
"containing just this information.\n"
"The following factors make the attack somewhat harder in practice:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:587
msgid ""
"Network growth will make it more difficult to obtain a given proportion "
"of the network"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:590
msgid "Floodfill routers implement query limits as DOS protection"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:593
msgid ""
"\"Hidden mode\", which prevents a router from publishing its information "
"to the netDb,\n"
"(but also prevents it from relaying data) is not widely used now but "
"could be."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:599
#, python-format
msgid ""
"In future implementations,\n"
"<a href=\"%(todo)s#nat\">basic</a> and \n"
"<a href=\"%(todo)s#fullRestrictedRoutes\">comprehensive</a> restricted "
"routes,\n"
"this attack loses much of its power, as the \"hidden\" peers do not "
"publish their\n"
"contact addresses in the network database - only the tunnels through "
"which \n"
"they can be reached (as well as their public keys, etc)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:608
msgid ""
"In the future, routers could use GeoIP to identify if they are in a "
"particular\n"
"country where identification as an I2P node would be risky.\n"
"In that case, the router could automatically enable hidden mode, or\n"
"enact other restricted route methods."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:620
#, python-format
msgid ""
"By inspecting the traffic into and out of a router, a malicious ISP\n"
"or state-level firewall could identify that a computer is running I2P.\n"
"As discussed <a href=\"#harvesting\">above</a>, I2P is not specifically "
"designed\n"
"to hide that a computer is running I2P. However, several design decisions"
" made\n"
"in the design of the\n"
"<a href=\"%(transport)s\">transport layer and protocols</a>\n"
"make it somewhat difficult to identify I2P traffic:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:630
msgid "Random port selection"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:633
msgid "Point-to-Point Encryption of all traffic"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:636
msgid ""
"DH key exchange with no protocol bytes or other unencrypted constant "
"fields"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:639
#, python-format
msgid ""
"Simultaneous use of both\n"
"<a href=\"%(ntcp)s\">TCP</a> and\n"
"<a href=\"%(ssu)s\">UDP</a> transports.\n"
"UDP may be much harder for some Deep Packet Inspection (DPI) equipment to"
" track."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:647
msgid ""
"In the near future, we plan to directly address traffic analysis issues "
"by further obfuscation of I2P transport protocols, possibly including:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:651
msgid ""
"Padding at the transport layer to random lengths, especially during the "
"connection handshake"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:654
msgid ""
"Study of packet size distribution signatures, and additional padding as "
"necessary"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:657
msgid ""
"Development of additional transport methods that mimic SSL or other "
"common protocols"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:660
msgid ""
"Review of padding strategies at higher layers to see how they affect "
"packet sizes at the transport layer"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:663
msgid ""
"Review of methods implemented by various state-level firewalls to block "
"Tor"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:666
msgid "Working directly with DPI and obfuscation experts"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:671
#, python-format
msgid ""
"Reference: <a href=\"%(pdf)s\">Breaking and Improving Protocol "
"Obfuscation</a>"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:680
msgid ""
"Sybil describes a category of attacks where the adversary creates "
"arbitrarily\n"
"large numbers of colluding nodes and uses the increased numbers to help \n"
"mounting other attacks. For instance, if an attacker is in a network "
"where peers\n"
"are selected randomly and they want an 80&#37; chance to be one of those "
"peers, they\n"
"simply create five times the number of nodes that are in the network and "
"roll \n"
"the dice. When identity is free, Sybil can be a very potent technique "
"for a \n"
"powerful adversary. The primary technique to address this is simply to "
"make \n"
"identity 'non free' - <a "
"href=\"http://www.pdos.lcs.mit.edu/tarzan/\">Tarzan</a>\n"
"(among others) uses the fact that IP addresses are limited, while \n"
"IIP used \n"
"<a href=\"http://www.hashcash.org/\">HashCash</a> to 'charge' for "
"creating a new\n"
"identity. We currently have not implemented any particular technique to "
"address\n"
"Sybil, but do include placeholder certificates in the router's and \n"
"destination's data structures which can contain a HashCash certificate of"
" \n"
"appropriate value when necessary (or some other certificate proving "
"scarcity)."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:698
msgid "Requiring HashCash Certificates in various places has two major problems:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:702
msgid "Maintaining backward compatibility"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:705
msgid ""
"The classic HashCash problem -\n"
"selecting HashCash values that are meaningful proofs of work on high-end "
"machines,\n"
"while still being feasible on low-end machines such as mobile devices."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:712
msgid ""
"Various limitations on the number of routers in a given IP range restrict"
"\n"
"the vulnerability to attackers that don't have the ability to put "
"machines\n"
"in several IP blocks.\n"
"However, this is not a meaningful defense against a powerful adversary."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:719
#, python-format
msgid ""
"See the <a href=\"%(netdb)s#threat\">network database page</a>\n"
"for more Sybil discussion."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:729
#, python-format
msgid ""
"(Reference: <a href=\"%(pdf)s\">In Search of an Anonymouns and Secure "
"Lookup</a> Section 5.2)"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:733
#, python-format
msgid ""
"By refusing to accept or forward tunnel build requests, except to a "
"colluding peer, a router could ensure\n"
"that a tunnel is formed wholly from its set of colluding routers.\n"
"The chances of success are enhanced if there is a large number of "
"colluding routers,\n"
"i.e. a <a href=\"#sybil\">Sybil attack</a>.\n"
"This is somewhat mitigated by our\n"
"<a href=\"%(peerselection)s\">peer profiling</a> methods used to monitor "
"the performance\n"
"of peers.\n"
"However, this is a powerful attack as the number of routers approaches\n"
"<i>f</i> = 0.2, or 20&#37; malicious nodes, as specifed in the paper.\n"
"The malicous routers could also maintain connections to the target router"
" and provide\n"
"excellent forwarding bandwidth for traffic over those connections, in an "
"attempt\n"
"to manipulate the profiles managed by the target and appear attractive.\n"
"Further research and defenses may be necessary."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:754
#, python-format
msgid ""
"We use strong cryptography with long keys, and\n"
"we assume the security of the industry-standard cryptographic primitives "
"used in I2P, as documented\n"
"<a href=\"%(cryptography)s\">on the low-level cryptography page</a>. \n"
"Security features include the immediate detection of \n"
"altered messages along the path, the inability to decrypt messages not "
"addressed to you,\n"
"and defense against man-in-the-middle attacks.\n"
"The key sizes chosen in 2003 were quite conservative at the time, and are"
" still longer than\n"
"those used in <a href=\"https://torproject.org/\">other anonymity "
"networks</a>.\n"
"We don't think the current key lengths are our biggest weakness,\n"
"especially for traditional, non-state-level adversaries;\n"
"bugs and the small size of the network are much more worrisome.\n"
"Of course, all cryptographic algorithms eventually become obsolete due to"
"\n"
"the advent of faster processors, cryptographic research, and advancements"
" in\n"
"methods such as rainbow tables, clusters of video game hardware, etc.\n"
"Unfortunately, I2P was not designed with easy mechanisms to lengthen keys"
" or change\n"
"shared secret values while maintaining backward compatibility."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:773
#, python-format
msgid ""
"Upgrading the various data structures and protocols to support longer "
"keys\n"
"will have to be tackled eventually, and this will be a\n"
"<a href=\"%(cryptography)s\">major undertaking</a>, just as it will be "
"for \n"
"<a href=\"https://torproject.org/\">others</a>.\n"
"Hopefully, through careful planning, we can minimize the disruption, and\n"
"implement mechanisms to make it easier for future transitions."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:782
msgid ""
"In the future, several I2P protocols and data structures\n"
"support securely padding messages to arbitrary sizes, so messages could "
"be made constant\n"
"size or garlic messages could be modified randomly so that some cloves "
"appear to contain\n"
"more subcloves than they actually do. At the moment, however, garlic, "
"tunnel, and \n"
"end to end messages include simple random padding."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:792
msgid "Floodfill Anonymity attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:796
#, python-format
msgid ""
"In addition to the floodfill DOS attacks described\n"
"<a href=\"#ffdos\">above</a>, floodfill routers are uniquely positioned\n"
"to learn about network participants, due to their role\n"
"in the netDb, and the high frequency of communication with those "
"participants.\n"
"This is somewhat mitigated because floodfill routers only manage a "
"portion\n"
"of the total keyspace, and the keyspace rotates daily, as explained \n"
"on the <a href=\"%(netdb)s#threat\">network database page</a>.\n"
"The specific mechanisms by which routers communicate with floodfills have"
" been\n"
"<a href=\"%(netdb)s#delivery\">carefully designed</a>.\n"
"However, these threats should be studied further.\n"
"The specific potential threats and corresponding defenses are a topic for"
" future research."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:812
#, python-format
msgid ""
"A hostile user may attempt to harm the network by\n"
"creating one or more floodfill routers and crafting them to offer\n"
"bad, slow, or no responses.\n"
"Several scenarios are discussed on the\n"
"<a href=\"%(netdb)s#threat\">network database page</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:822
msgid "Central Resource Attacks"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:826
msgid ""
"There are a few centralized or limited resources (some inside I2P, some "
"not)\n"
"that could be attacked or used as a vector for attacks.\n"
"The absence of jrandom starting November 2007, followed by the loss of "
"the i2p.net hosting service in January 2008,\n"
"highlighted numerous centralized resources in the development and "
"operation of the I2P network,\n"
"most of which are now distributed.\n"
"Attacks on externally-reachable resources mainly affect the ability of "
"new users to find us,\n"
"not the operation of the network itself."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:836
#, python-format
msgid ""
"The <a href=\"%(site)s\">website</a> is mirrored and uses DNS round-robin"
" for external public access."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:839
#, python-format
msgid ""
"Routers now support <a href=\"%(faq)s#reseed\">multiple external reseed "
"locations</a>,\n"
"however more reseed hosts may be needed, and the handling of unreliable "
"or malicious\n"
"reseed hosts may need improvement."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:844
msgid ""
"Routers now support multiple update file locations.\n"
"A malicious update host could feed a huge file, need to limit the size."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:848
msgid "Routers now support multiple default trusted update signers."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:851
msgid ""
"Routers now better handle <a href=\"#ffdos\">multiple unreliable "
"floodfill peers</a>.\n"
"Malicious floodfills <a href=\"#ffdos\">needs</a> <a "
"href=\"#floodfill\">more</a> study."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:855
#, python-format
msgid ""
"The code is now stored in a <a href=\"%(monotone)s\">distributed source "
"control system</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:858
msgid ""
"Routers rely on a single news host, but there is a hardcoded backup URL "
"pointing to a different host.\n"
"A malicious news host could feed a huge file, need to limit the size."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:862
#, python-format
msgid ""
"<a href=\"%(naming)s\">Naming system services</a>, including addressbook "
"subscription providers, add-host services,\n"
"and jump services, could be malicious. Substantial protections for "
"subscriptions were implemented\n"
"in release 0.6.1.31, with additional enhancements in subsequent releases."
"\n"
"However, all naming services require some measure of trust, see\n"
"<a href=\"%(naming)s\">the naming page</a> for details."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:869
msgid ""
"We remain reliant on the DNS service for i2p2.de, losing this would cause"
" substantial\n"
"disruption in our ability to attract new users,\n"
"and would shrink the network (in the short-to-medium term), just as the "
"loss of i2p.net did."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:881
msgid ""
"These attacks aren't directly on the network, but instead go after its "
"development team \n"
"by either introducing legal hurdles on anyone contributing to the "
"development\n"
"of the software, or by using whatever means are available to get the "
"developers to \n"
"subvert the software. Traditional technical measures cannot defeat these"
" attacks, and\n"
"if someone threatened the life or livelihood of a developer (or even just"
" issuing a \n"
"court order along with a gag order, under threat of prison), we would "
"have a big problem."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:890
msgid "However, two techniques help defend against these attacks:"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:894
#, python-format
msgid ""
"All components of the network must be open source to enable inspection, "
"verification, \n"
"modification, and improvement. If a developer is compromised, once it is"
" noticed \n"
"the community should demand explanation and cease to accept that "
"developer's work.\n"
"All checkins to our <a href=\"%(monotone)s\">distributed source control "
"system</a>\n"
"are cryptographically signed, and the release packagers use a trust-list "
"system\n"
"to restrict modifications to those previously approved."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:902
#, python-format
msgid ""
"Development over the network itself, allowing developers to stay "
"anonymous but still \n"
"secure the development process. All I2P development can occur through "
"I2P - using\n"
"a <a href=\"%(monotone)s\">distributed source control system</a>,\n"
"a distributed source control system, IRC chat,\n"
"public web servers,\n"
"discussion forums (forum.i2p), and the software distribution sites,\n"
"all available within I2P."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:913
msgid ""
"We also maintain relationships with various organizations that offer "
"legal advice,\n"
"should any defense be necessary."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:918
msgid "Implementation attacks (bugs)"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:922
msgid ""
"Try as we might, most nontrivial applications include errors in the "
"design or \n"
"implementation, and I2P is no exception. There may be bugs that could be"
" exploited to \n"
"attack the anonymity or security of the communication running over I2P in"
" unexpected \n"
"ways. To help withstand attacks against the design or protocols in use, "
"we publish \n"
"all designs and documentation and solicit review and criticism with \n"
"the hope that many eyes will improve the system.\n"
"We do not believe in\n"
"<a href=\"http://www.haystacknetwork.com/\">security through "
"obscurity</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:933
msgid ""
"In addition, the code is being \n"
"treated the same way, with little aversion towards reworking or throwing "
"out \n"
"something that isn't meeting the needs of the software system (including "
"ease of \n"
"modification). Documentation for the design and implementation of the "
"network and \n"
"the software components are an essential part of security, as without "
"them it is \n"
"unlikely that developers would be willing to spend the time to learn the "
"software \n"
"enough to identify shortcomings and bugs."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:943
msgid ""
"Our software is likely, in particular, to contain bugs related to denial "
"of service\n"
"through out-of-memory errors (OOMs), cross-site-scripting (XSS) issues "
"in the router console,\n"
"and other vulnerabilities to non-standard inputs via the various "
"protocols."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:949
#, python-format
msgid ""
"I2P is still a small network with a small development community and "
"almost no\n"
"interest from academic or research groups.\n"
"Therefore we lack the analysis that\n"
"<a href=\"https://torproject.org/\">other anonymity networks</a>\n"
"may have received. We continue to recruit people to\n"
"<a href=\"%(volunteer)s\">get involved</a> and help."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:962
msgid "Blocklists"
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:963
msgid ""
"To some extent, I2P could be enhanced to avoid peers operating at IP "
"addresses\n"
"listed in a blocklist. Several blocklists are commonly available in "
"standard formats,\n"
"listing anti-P2P organizations, potential state-level adversaries, and "
"others."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:969
msgid ""
"To the extent that active peers actually do show up in the actual "
"blocklist,\n"
"blocking by only a subset of peers would tend to segment the network,\n"
"exacerbate reachability problems, and decrease overall reliability.\n"
"Therefore we would want to agree on a particular blocklist and\n"
"enable it by default."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:977
msgid ""
"Blocklists are only a part (perhaps a small part) of an array of defenses"
"\n"
"against maliciousness.\n"
"In large part the profiling system does a good job of measuring\n"
"router behavior so that we don't need to trust anything in netDb.\n"
"However there is more that can be done. For each of the areas in the\n"
"list above there are improvements we can make in detecting badness."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:986
msgid ""
"If a blocklist is hosted at a central location with automatic updates\n"
"the network is vulnerable to a\n"
"<a href=\"#central\">central resource attack</a>.\n"
"Automatic subscription to a list gives the list provider the power to "
"shut\n"
"the i2p network down. Completely."
msgstr ""
#: i2p2www/pages/site/docs/how/threat-model.html:994
msgid ""
"Currently, a default blocklist is distributed with our software,\n"
"listing only the IPs of past DOS sources.\n"
"There is no automatic update mechanism.\n"
"Should a particular IP range implement serious attacks on the I2P "
"network,\n"
"we would have to ask people to update their blocklist manually through\n"
"out-of-band mechanisms such as forums, blogs, etc."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:2
msgid "Tunnel Routing"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:3
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:3
msgid "July 2011"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:7
msgid ""
"This page contains an overview of I2P tunnel terminology and operation, "
"with\n"
"links to more technical pages, details, and specifications."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:12
#, python-format
msgid ""
"As briefly explained in the <a href=\"%(intro)s\">introduction</a>, I2P "
"builds virtual \"tunnels\" -\n"
"temporary and unidirectional paths through a sequence of routers. These"
" \n"
"tunnels are classified as either inbound tunnels (where everything \n"
"given to it goes towards the creator of the tunnel) or outbound tunnels\n"
"(where the tunnel creator shoves messages away from them). When Alice\n"
"wants to send a message to Bob, she will (typically) send it out one of\n"
"her existing outbound tunnels with instructions for that tunnel's "
"endpoint\n"
"to forward it to the gateway router for one of Bob's current inbound \n"
"tunnels, which in turn passes it to Bob."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:25
msgid "Alice connecting through her outbound tunnel to Bob via his inbound tunnel"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:27
msgid "Outbound Gateway"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:28
msgid "Outbound Participant"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:29
#: i2p2www/pages/site/docs/tunnels/implementation.html:131
msgid "Outbound Endpoint"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:30
#: i2p2www/pages/site/docs/tunnels/implementation.html:140
msgid "Inbound Gateway"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:31
msgid "Inbound Participant"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:32
msgid "Inbound Endpoint"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:36
msgid "Tunnel vocabulary"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:38
#, python-format
msgid ""
"<b>Tunnel gateway</b> - the first router in a tunnel. For inbound "
"tunnels,\n"
"this is the one mentioned in the LeaseSet published in the\n"
"<a href=\"%(netdb)s\">network database</a>. For outbound tunnels, the\n"
"gateway is the originating router. (e.g. both A and D above)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:44
msgid ""
"<b>Tunnel endpoint</b> - the last router in a tunnel. (e.g. both C and F"
" above)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:45
msgid ""
"<b>Tunnel participant</b> - all routers in a tunnel except for the "
"gateway or\n"
"endpoint (e.g. both B and E above)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:49
msgid ""
"<b>n-Hop tunnel</b> - a tunnel with a specific number of inter-router "
"jumps, e.g.:"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:51
msgid "<b>0-hop tunnel</b> - a tunnel where the gateway is also the endpoint"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:52
msgid ""
"<b>1-hop tunnel</b> - a tunnel where the gateway talks directly to the "
"endpoint"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:53
msgid ""
"<b>2-(or more)-hop tunnel</b> - a tunnel where there is at least one "
"intermediate\n"
"tunnel participant. (the above diagram includes two 2-hop tunnels - one\n"
"outbound from Alice, one inbound to Bob)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:60
#, python-format
msgid ""
"<b>Tunnel ID</b> - A <a href=\"%(commonstructures)s#type_TunnelId\">4 "
"byte integer</a>\n"
"different for each hop in a tunnel, and unique among all tunnels on a "
"router.\n"
"Chosen randomly by the tunnel creator."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:67
msgid "Tunnel Build Information"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:68
#, python-format
msgid ""
"Routers performing the three roles (gateway, participant, endpoint) are "
"given\n"
"different pieces of data in the initial\n"
"<a href=\"%(tunnelcreation)s\">Tunnel Build Message</a>\n"
"to accomplish their tasks:"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:75
msgid "The tunnel gateway gets:"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:77
#: i2p2www/pages/site/docs/how/tunnel-routing.html:97
#, python-format
msgid ""
"<b>tunnel encryption key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
"encrypting\n"
"messages and instructions to the next hop"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:81
#: i2p2www/pages/site/docs/how/tunnel-routing.html:101
#, python-format
msgid ""
"<b>tunnel IV key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
"double-encrypting\n"
"the IV to the next hop"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:85
#: i2p2www/pages/site/docs/how/tunnel-routing.html:105
#, python-format
msgid ""
"<b>reply key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES public key</a> for "
"encrypting\n"
"the reply to the tunnel build request"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:89
#: i2p2www/pages/site/docs/how/tunnel-routing.html:109
msgid ""
"<b>reply IV</b> - the IV for encrypting the reply to the tunnel build "
"request"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:90
msgid "<b>tunnel id</b> - 4 byte integer (inbound gateways only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:91
msgid ""
"<b>next hop</b> - what router is the next one in the path (unless this is"
" a 0-hop tunnel, and the gateway is also the endpoint)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:92
#: i2p2www/pages/site/docs/how/tunnel-routing.html:112
msgid "<b>next tunnel id</b> - The tunnel ID on the next hop"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:95
msgid "All intermediate tunnel participants get:"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:110
msgid "<b>tunnel id</b> - 4 byte integer"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:111
msgid "<b>next hop</b> - what router is the next one in the path"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:115
msgid "The tunnel endpoint gets:"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:117
#, python-format
msgid ""
"<b>tunnel encryption key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
"encrypting\n"
"messages and instructions to the the endpoint (itself)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:121
#, python-format
msgid ""
"<b>tunnel IV key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
"double-encrypting\n"
"the IV to the endpoint (itself)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:125
#, python-format
msgid ""
"<b>reply key</b> - an <a "
"href=\"%(commonstructures)s#type_SessionKey\">AES public key</a> for "
"encrypting\n"
"the reply to the tunnel build request (outbound endpoints only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:129
msgid ""
"<b>reply IV</b> - the IV for encrypting the reply to the tunnel build "
"request (outbound endpoints only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:130
msgid "<b>tunnel id</b> - 4 byte integer (outbound endpoints only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:131
msgid ""
"<b>reply router</b> - the inbound gateway of the tunnel to send the reply"
" through (outbound endpoints only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:132
msgid ""
"<b>reply tunnel id</b> - The tunnel ID of the reply router (outbound "
"endpoints only)"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:137
#, python-format
msgid ""
"Details are in the\n"
"<a href=\"%(tunnelcreation)s\">tunnel creation specification</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:142
msgid "Tunnel pooling"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:143
#, python-format
msgid ""
"Several tunnels for a particular purpose may be grouped into a \"tunnel "
"pool\",\n"
"as described in the\n"
"<a href=\"%(tunnelimpl)s#tunnel.pooling\">tunnel specification</a>.\n"
"This provides redundancy and additional bandwidth.\n"
"The pools used by the router itself are called \"exploratory tunnels\".\n"
"The pools used by applications are called \"client tunnels\"."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:154
msgid "Tunnel length"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:155
#, python-format
msgid ""
"As mentioned above, each client requests that their router provide "
"tunnels to\n"
"include at least a certain number of hops.\n"
"The decision as to how many routers\n"
"to have in one's outbound and inbound tunnels has an important effect "
"upon the\n"
"latency, throughput, reliability, and anonymity provided by I2P - the "
"more peers\n"
"that messages have to go through, the longer it takes to get there and "
"the more\n"
"likely that one of those routers will fail prematurely. The less routers"
" in a\n"
"tunnel, the easier it is for an adversary to mount traffic analysis "
"attacks and\n"
"pierce someone's anonymity.\n"
"Tunnel lengths are specified by clients via\n"
"<a href=\"%(i2cp)s#options\">I2CP options</a>.\n"
"The maximum number of hops in a tunnel is 7."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:171
msgid "0-hop tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:172
msgid ""
"With no remote routers in a tunnel, the user has very basic plausible\n"
"deniability (since no one knows for sure that the peer that sent them the"
"\n"
"message wasn't simply just forwarding it on as part of the tunnel). "
"However, it\n"
"would be fairly easy to mount a statistical analysis attack and notice "
"that\n"
"messages targeting a specific destination are always sent through a "
"single\n"
"gateway. Statistical analysis against outbound 0-hop tunnels are more "
"complex,\n"
"but could show similar information (though would be slightly harder to "
"mount)."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:182
msgid "1-hop tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:183
#, python-format
msgid ""
"With only one remote router in a tunnel, the user has both plausible\n"
"deniability and basic anonymity, as long as they are not up against an "
"internal\n"
"adversary (as described on <a href=\"%(threatmodel)s\">threat model</a>)."
" However,\n"
"if the adversary ran a sufficient number of routers such that the single "
"remote\n"
"router in the tunnel is often one of those compromised ones, they would "
"be able\n"
"to mount the above statistical traffic analysis attack."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:192
msgid "2-hop tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:193
msgid ""
"With two or more remote routers in a tunnel, the costs of mounting the "
"traffic\n"
"analysis attack increases, since many remote routers would have to be "
"compromised\n"
"to mount it."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:199
msgid "3-hop (or more) tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:200
#, python-format
msgid ""
"To reduce the susceptibility to <a href=\"%(url)s\">some attacks</a>,\n"
"3 or more hops are recommended for the highest level of protection.\n"
"<a href=\"%(url)s\">Recent studies</a>\n"
"also conclude that more than 3 hops does not provide additional "
"protection."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:208
msgid "Tunnel default lengths"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:209
#, python-format
msgid ""
"The router uses 2-hop tunnels by default for its exploratory tunnels.\n"
"Client tunnel defaults are set by the application, using\n"
"<a href=\"%(i2cp)s#options\">I2CP options</a>.\n"
"Most applications use 2 or 3 hops as their default."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:218
msgid "Tunnel testing"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:219
#, python-format
msgid ""
"All tunnels are periodically tested by their creator by sending a\n"
"DeliveryStatusMessage out an outbound tunnel and bound for another "
"inbound tunnel\n"
"(testing both tunnels at once). If either fails a number of consecutive "
"tests, it is marked as no longer\n"
"functional. If it was used for a client's inbound tunnel, a new leaseSet\n"
"is created.\n"
"Tunnel test failures are also reflected in the\n"
"<a href=\"%(peerselection)s#capacity\">capacity rating in the peer "
"profile</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:230
msgid "Tunnel creation"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:231
#, python-format
msgid ""
"Tunnel creation is handled by <a href=\"%(garlicrouting)s\">garlic "
"routing</a>\n"
"a Tunnel Build Message to a router, requesting that they participate in "
"the\n"
"tunnel (providing them with all of the appropriate information, as above,"
" along\n"
"with a certificate, which right now is a 'null' cert, but will support "
"hashcash\n"
"or other non-free certificates when necessary).\n"
"That router forwards the message to the next hop in the tunnel.\n"
"Details are in the\n"
"<a href=\"%(tunnelcreation)s\">tunnel creation specification</a>."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:245
#, python-format
msgid ""
"Multi-layer encryption is handled by <a href=\"%(garlicrouting)s\">garlic"
" encryption</a>\n"
"of tunnel messages.\n"
"Details are in the\n"
"<a href=\"%(tunnelimpl)s\">tunnel specification</a>.\n"
"The IV of each hop is encrypted with a separate key as explained there."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:257
msgid ""
"Other tunnel test techniques could be used, such as\n"
"garlic wrapping a number of tests into cloves, testing individual tunnel\n"
"participants separately, etc."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:263
msgid "Move to 3-hop exploratory tunnels defaults."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:267
msgid ""
"In a distant future release,\n"
"options specifying the pooling, mixing, and chaff generation settings may"
" be implemented."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:272
msgid ""
"In a distant future release,\n"
"limits on the quantity and size of messages allowed during the\n"
"tunnel's lifetime may be implemented (e.g. no more than 300 messages or\n"
"1MB per minute)."
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:284
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:15
msgid "Tunnel specification"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:286
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:17
msgid "Tunnel creation specification"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:288
msgid "Unidirectional tunnels"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:290
msgid "Tunnel message specification"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:292
msgid "Garlic routing"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:294
msgid "ElGamal/AES+SessionTag"
msgstr ""
#: i2p2www/pages/site/docs/how/tunnel-routing.html:296
msgid "I2CP options"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:3
msgid "Fegruary 2016"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:6
msgid ""
"The I2P Client Protocol (I2CP) exposes a strong separation of concerns "
"between\n"
"the router and any client that wishes to communicate over the network. "
"It enables\n"
"secure and asynchronous messaging by sending and receiving messages over "
"a \n"
"single TCP socket.\n"
"With I2CP, a client application tells the\n"
"router who they are (their \"destination\"), what anonymity, reliability,"
" and \n"
"latency tradeoffs to make, and where to send messages. In turn the "
"router uses\n"
"I2CP to tell the client when any messages have arrived, and to request "
"authorization\n"
"for some tunnels to be used."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:18
#, python-format
msgid ""
"The protocol itself is implemented in Java, to provide the\n"
"<a href=\"%(url)s\">Client SDK</a>.\n"
"This SDK is exposed in the i2p.jar package, which implements the client-"
"side of I2CP.\n"
"Clients should never need to access the router.jar package, which "
"contains the\n"
"router itself and the router-side of I2CP.\n"
"There is also a <a href=\"%(libi2cp)s\">C library implementation</a>.\n"
"A non-Java client would also have to implement the\n"
"<a href=\"%(streaming)s\">streaming library</a> for TCP-style connections."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:31
#, python-format
msgid ""
"Applications can take advantage of the base I2CP plus the \n"
"<a href=\"%(streaming)s\">streaming</a> and <a "
"href=\"%(datagrams)s\">datagram</a> libraries\n"
"by using the <a href=\"%(sam)s\">Simple Anonymous Messaging</a> or <a "
"href=\"%(bob)s\">BOB</a> protocols,\n"
"which do not require clients to deal with any sort of cryptography.\n"
"Also, clients may access the network by one of several proxies -\n"
"HTTP, CONNECT, and SOCKS 4/4a/5.\n"
"Alternatively, Java clients may access those libraries in "
"ministreaming.jar and streaming.jar.\n"
"So there are several options for both Java and non-Java applications."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:43
#, python-format
msgid ""
"Client-side end-to-end encryption (encrypting the data over the I2CP "
"connection)\n"
"was disabled in I2P release 0.6,\n"
"leaving in place the <a href=\"%(elgamalaes)s\">ElGamal/AES end-to-end "
"encryption</a>\n"
"which is implemented in the router.\n"
"The only cryptography that client libraries must still implement is\n"
"<a href=\"%(cryptography)s#DSA\">DSA public/private key signing</a>\n"
"for <a href=\"%(i2cp)s#msg_CreateLeaseSet\">LeaseSets</a> and\n"
"<a href=\"%(i2cp)s#struct_SessionConfig\">Session Configurations</a>, and"
" management of those keys."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:56
msgid ""
"In a standard I2P installation, port 7654 is used by external java "
"clients to communicate\n"
"with the local router via I2CP.\n"
"By default, the router binds to address 127.0.0.1. To bind to 0.0.0.0, "
"set the\n"
"router advanced configuration option "
"<tt>i2cp.tcp.bindAllInterfaces=true</tt> and restart.\n"
"Clients in the same JVM as the router pass messages directly to the "
"router\n"
"through an internal JVM interface."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:65
#, python-format
msgid ""
"The router also supports external connections over SSL.\n"
"While SSL is not the default, it is strongly recommended for any traffic "
"that may\n"
"be exposed to the open Internet. The authorization user/password (if "
"any), the\n"
"<a href=\"%(commonstructures)s#type_PrivateKey\">Private Key</a> and\n"
"<a href=\"%(commonstructures)s#type_SigningPrivateKey\">Signing Private "
"Key</a> for the\n"
"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>\n"
"are all transmitted in-the-clear unless SSL is enabled."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:75
msgid "I2CP Protocol Specification"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:76
#, python-format
msgid "Now on the <a href=\"%(i2cp)s\">I2CP Specification page</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:81
msgid "I2CP Initialization"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:82
#, python-format
msgid ""
"When a client connects to the router, it first sends a single protocol "
"version byte (0x2A).\n"
"Then it sends a <a href=\"%(i2cp)s#msg_GetDate\">GetDate Message</a> and "
"waits for the <a href=\"%(i2cp)s#msg_SetDate\">SetDate Message</a> "
"response.\n"
"Next, it sends a <a href=\"%(i2cp)s#msg_CreateSession\">CreateSession "
"Message</a> containing the session configuration.\n"
"It next awaits a <a href=\"%(i2cp)s#msg_RequestLeaseSet\">RequestLeaseSet"
" Message</a> from the router, indicating that inbound tunnels\n"
"have been built, and responds with a CreateLeaseSetMessage containing the"
" signed LeaseSet.\n"
"The client may now initiate or receive connections from other I2P "
"destinations."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:91
msgid "I2CP Options"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:92
#: i2p2www/pages/site/docs/protocol/i2cp.html:99
msgid "Router-side Options"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:93
#, python-format
msgid ""
"The following options are traditionally passed to the router via\n"
"a <a href=\"%(i2cp)s#struct_SessionConfig\">SessionConfig</a> contained "
"in a <a href=\"%(i2cp)s#msg_CreateSession\">CreateSession Message</a> or "
"a <a href=\"%(i2cp)s#msg_ReconfigureSession\">ReconfigureSession "
"Message</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:104
#: i2p2www/pages/site/docs/protocol/i2cp.html:479
msgid "As Of Release"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:105
#: i2p2www/pages/site/docs/protocol/i2cp.html:480
msgid "Recommended Arguments"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:106
#: i2p2www/pages/site/docs/protocol/i2cp.html:481
msgid "Allowable Range"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:117
msgid ""
"The timeout (ms) for all sent messages. Unused.\n"
"See the protocol specification for per-message settings."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:129
msgid ""
"Minimum number of ElGamal/AES Session Tags before we send more.\n"
"Recommended: approximately tagsToSend * 2/3"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:141
msgid ""
"Number of ElGamal/AES Session Tags to send at a time.\n"
"For clients with relatively low bandwidth per-client-pair (IRC, some UDP "
"apps), this may be set lower."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:153
msgid ""
"Comma-separated list of Base 64 Hashes of peers to build tunnels through;"
" for debugging only"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:162
msgid "Should generally be set to true for clients and false for servers"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:171
#: i2p2www/pages/site/docs/protocol/i2cp.html:519
msgid ""
"If true, the router just sends the MessagePayload instead\n"
"of sending a MessageStatus and awaiting a ReceiveMessageBegin."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:183
msgid ""
"Guaranteed is disabled;\n"
"None implemented in 0.8.1; the streaming lib default is None as of 0.8.1,"
" the client side default is None as of 0.9.4"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:195
msgid ""
"For authorization, if required by the router.\n"
"If the client is running in the same JVM as a router, this option is not "
"required.\n"
"Warning - username and password are sent in the clear to the router, "
"unless using SSL (i2cp.SSL=true).\n"
"Authorization is only recommended when using SSL."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:217
msgid "If incoming zero hop tunnel is allowed"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:226
msgid "If outgoing zero hop tunnel is allowed"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:232
#: i2p2www/pages/site/docs/protocol/i2cp.html:241
#: i2p2www/pages/site/docs/protocol/i2cp.html:250
#: i2p2www/pages/site/docs/protocol/i2cp.html:262
#: i2p2www/pages/site/docs/protocol/i2cp.html:274
#: i2p2www/pages/site/docs/protocol/i2cp.html:283
#: i2p2www/pages/site/docs/protocol/i2cp.html:292
#: i2p2www/pages/site/docs/protocol/i2cp.html:307
#: i2p2www/pages/site/docs/protocol/i2cp.html:343
#: i2p2www/pages/site/docs/protocol/i2cp.html:355
#: i2p2www/pages/site/docs/protocol/i2cp.html:368
#, python-format
msgid "number from %(from)s to %(to)s"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:233
#: i2p2www/pages/site/docs/protocol/i2cp.html:242
#: i2p2www/pages/site/docs/protocol/i2cp.html:369
msgid "No limit"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:235
msgid "Number of redundant fail-over for tunnels in"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:244
msgid "Number of redundant fail-over for tunnels out"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:251
#: i2p2www/pages/site/docs/protocol/i2cp.html:263
#: i2p2www/pages/site/docs/protocol/i2cp.html:275
#: i2p2www/pages/site/docs/protocol/i2cp.html:284
#: i2p2www/pages/site/docs/protocol/i2cp.html:293
#: i2p2www/pages/site/docs/protocol/i2cp.html:308
#: i2p2www/pages/site/docs/protocol/i2cp.html:344
#: i2p2www/pages/site/docs/protocol/i2cp.html:356
#: i2p2www/pages/site/docs/protocol/i2cp.html:608
#, python-format
msgid "%(from)s to %(to)s"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:253
#: i2p2www/pages/site/docs/protocol/i2cp.html:265
msgid ""
"Number of IP bytes to match to determine if\n"
"two routers should not be in the same tunnel. 0 to disable."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:277
msgid "Length of tunnels in"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:286
msgid "Length of tunnels out"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:295
msgid ""
"Random amount to add or subtract to the length of tunnels in.\n"
"A positive number x means add a random amount from 0 to x inclusive.\n"
"A negative number -x means add a random amount from -x to x inclusive.\n"
"The router will limit the total length of the tunnel to 0 to 7 inclusive."
"\n"
"The default variance was 1 prior to release 0.7.6."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:310
msgid ""
"Random amount to add or subtract to the length of tunnels out.\n"
"A positive number x means add a random amount from 0 to x inclusive.\n"
"A negative number -x means add a random amount from -x to x inclusive.\n"
"The router will limit the total length of the tunnel to 0 to 7 inclusive."
"\n"
"The default variance was 1 prior to release 0.7.6."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:325
msgid ""
"Name of tunnel - generally used in routerconsole, which will\n"
"use the first few characters of the Base64 hash of the destination by "
"default."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:337
msgid "Name of tunnel - generally ignored unless inbound.nickname is unset."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:346
msgid ""
"Priority adjustment for outbound messages.\n"
"Higher is higher priority."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:358
msgid ""
"Number of tunnels in.\n"
"Limit was increased from 6 to 16 in release 0.9; however, numbers higher "
"than 6 are\n"
"incompatible with older releases."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:371
msgid "Number of tunnels out"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:380
msgid "Used for consistent peer ordering across restarts."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:399
msgid ""
"Any other options prefixed with \"inbound.\" are stored\n"
"in the \"unknown options\" properties of the inbound tunnel pool's "
"settings."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:411
msgid ""
"Any other options prefixed with \"outbound.\" are stored\n"
"in the \"unknown options\" properties of the outbound tunnel pool's "
"settings."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:423
msgid ""
"Set to false to disable ever bundling a reply LeaseSet.\n"
"For clients that do not publish their LeaseSet, this option must be true\n"
"for any reply to be possible. \"true\" is also recommended for multihomed"
" servers\n"
"with long connection times."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:430
msgid ""
"Setting to \"false\" may save significant outbound bandwidth, especially "
"if\n"
"the client is configured with a large number of inbound tunnels (Leases)."
"\n"
"If replies are still required, this may shift the bandwidth burden to\n"
"the far-end client and the floodfill.\n"
"There are several cases where \"false\" may be appropriate:"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:438
msgid "Unidirectional communication, no reply required"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:439
msgid "LeaseSet is published and higher reply latency is acceptable"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:440
msgid ""
"LeaseSet is published, client is a \"server\", all connections are "
"inbound\n"
"so the connecting far-end destination obviously has the leaseset already."
"\n"
"Connections are either short, or it is acceptable for latency on a long-"
"lived\n"
"connection to temporarily increase while the other end re-fetches the "
"LeaseSet\n"
"after expiration.\n"
"HTTP servers may fit these requirements."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:453
msgid ""
"Note: Large quantity, length, or variance settings may cause significant "
"performance or reliability problems."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:457
#, python-format
msgid ""
"Note: As of release 0.7.7, option names and values must use UTF-8 "
"encoding.\n"
"This is primarily useful for nicknames.\n"
"Prior to that release, options with multi-byte characters were corrupted."
"\n"
"Since options are encoded in a <a "
"href=\"%(commonstructures)s#type_Mapping\">Mapping</a>,\n"
"all option names and values are limited to 255 bytes (not characters) "
"maximum."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:465
#: i2p2www/pages/site/docs/protocol/i2cp.html:474
msgid "Client-side Options"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:466
msgid ""
"The following options are interpreted on the client side,\n"
"and will be interpreted if passed to the I2PSession via the "
"I2PClient.createSession() call.\n"
"The streaming lib should also pass these options through to I2CP.\n"
"Other implementations may have different defaults."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:490
#: i2p2www/pages/site/docs/protocol/i2cp.html:590
#, python-format
msgid "%(num)s minimum"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:492
msgid "(ms) Idle time required (default 30 minutes)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:501
msgid "Close I2P session when idle"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:510
msgid "Encrypt the lease"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:531
msgid "Gzip outbound data"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:540
msgid "For encrypted leasesets. Base 64 SessionKey (44 characters)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:549
msgid ""
"Base 64 private key for encryption.\n"
"Optionally preceded by the key type and ':'.\n"
"Only \"ELGAMAL_2048:\" is supported, which is the default.\n"
"I2CP will generate the public key from the private key.\n"
"Use for persistent leaseset keys across restarts."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:564
msgid ""
"Base 64 private key for signatures.\n"
"Optionally preceded by the key type and ':'.\n"
"DSA_SHA1 is the default.\n"
"Key type must match the signature type in the destination.\n"
"I2CP will generate the public key from the private key.\n"
"Use for persistent leaseset keys across restarts."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:580
msgid ""
"Guaranteed is disabled;\n"
"None implemented in 0.8.1; None is the default as of 0.9.4"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:592
msgid "(ms) Idle time required (default 20 minutes, minimum 5 minutes)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:601
msgid "Reduce tunnel quantity when idle"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:610
msgid "Tunnel quantity when reduced (applies to both inbound and outbound)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:619
msgid ""
"Connect to the router using SSL.\n"
"If the client is running in the same JVM as a router, this option is "
"ignored, and the client connects to that router internally."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:631
msgid ""
"Router hostname.\n"
"If the client is running in the same JVM as a router, this option is "
"ignored, and the client connects to that router internally."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:643
msgid ""
"Router I2CP port.\n"
"If the client is running in the same JVM as a router, this option is "
"ignored, and the client connects to that router internally."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:650
msgid ""
"Note: All arguments, including numbers, are strings. True/false values "
"are case-insensitive strings.\n"
"Anything other than case-insensitive \"true\" is interpreted as false.\n"
"All option names are case-sensitive."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:656
msgid "I2CP Payload Data Format and Multiplexing"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:657
#, python-format
msgid ""
"The end-to-end messages handled by I2CP (i.e. the data sent by the client"
" in a\n"
"<a href=\"%(i2cp)s#msg_SendMessage\">SendMessageMessage</a>\n"
"and received by the client in a\n"
"<a href=\"%(i2cp)s#msg_MessagePayload\">MessagePayloadMessage</a>)\n"
"are gzipped with a standard 10-byte gzip\n"
"header beginning with 0x1F 0x8B 0x08 as\n"
"specified by <a href=\"http://www.ietf.org/rfc/rfc1952.txt\">RFC "
"1952</a>.\n"
"As of release 0.7.1, I2P uses ignored portions of the gzip header to "
"include\n"
"protocol, from-port, and to-port information, thus supporting streaming "
"and\n"
"datagrams on the same destination, and allowing query/response using "
"datagrams\n"
"to work reliably in the presence of multiple channels."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:671
msgid ""
"The gzip function cannot be completely turned off, however setting "
"i2cp.gzip=false\n"
"turns the gzip effort setting to 0, which may save a little CPU."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:677
#: i2p2www/pages/site/docs/protocol/i2np.html:32
msgid "Bytes"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:678
msgid "Content"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:683
msgid "Gzip header"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:688
msgid "Gzip flags"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:693
msgid "I2P Source port (Gzip mtime)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:698
msgid "I2P Destination port (Gzip mtime)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:703
msgid "Gzip xflags"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:708
msgid "I2P Protocol (6 = Streaming, 17 = Datagram, 18 = Raw Datagrams) (Gzip OS)"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:717
msgid ""
"Data integrity is verified with the standard gzip CRC-32 as\n"
"specified by <a href=\"http://www.ietf.org/rfc/rfc1952.txt\">RFC 1952</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:725
msgid ""
"The current authorization mechanism could be modified to use hashed "
"passwords."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:729
msgid ""
"The Signing Private Keys is included in the Create Lease Set message,\n"
"it is not required. Revocation is unimplemented.\n"
"It should be replaced with random data or removed."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2cp.html:735
#, python-format
msgid ""
"Some improvements may be able to use messages previously defined but not "
"implemented.\n"
"For reference, here is the\n"
"<a href=\"%(pdf1)s\">I2CP Protocol Specification Version 0.9</a>\n"
"(PDF) dated August 28, 2003.\n"
"That document also references the\n"
"<a href=\"%(pdf2)s\">Common Data Structures Specification Version 0.9</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:2
msgid "I2P Network Protocol"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:3
msgid "June 2013"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:6
msgid ""
"The I2P Network Protocol (I2NP),\n"
"which is sandwiched between I2CP and the various I2P transport protocols,"
" manages the\n"
"routing and mixing of messages between routers, as well as the selection "
"of what\n"
"transports to use when communicating with a peer for which there are "
"multiple\n"
"common transports supported."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:14
msgid "I2NP Definition"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:15
msgid ""
"I2NP (I2P Network Protocol) messages can be used for one-hop, router-to-"
"router, point-to-point messages.\n"
"By encrypting and wrapping messages in other messages, they can be sent "
"in a secure way\n"
"through multiple hops to the ultimate destination.\n"
"Priority is only used locally at the origin, i.e. when queuing for "
"outbound delivery."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:22
#, python-format
msgid ""
"The priorities listed below may not be current and are subject to change."
"\n"
"See the <a href=\"%(outnetmessage)s\">OutNetMessage Javadocs</a>\n"
"for the current priority settings.\n"
"Priority queueing implementation may vary."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:29
msgid "Message Format"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:32
msgid "Field"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:33
msgid "Unique ID"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:34
msgid "Expiration"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:35
#: i2p2www/pages/site/docs/protocol/i2np.html:92
msgid "Payload Length"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:36
msgid "Checksum"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:37
msgid "Payload"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:40
#, python-format
msgid ""
"While the maximum payload size is nominally 64KB, the size is further "
"constrained by the\n"
"method of fragmenting I2NP messages into multiple 1KB tunnel messages as "
"described on\n"
"<a href=\"%(tunnelimpl)s\">the tunnel implementation page</a>.\n"
"The maximum number of fragments is 64, and the message may not be "
"perfectly aligned,\n"
"So the message must nominally fit in 63 fragments."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:48
msgid ""
"The maximum size of an initial fragment is 956 bytes (assuming TUNNEL "
"delivery mode);\n"
"the maximum size of a follow-on fragment is 996 bytes.\n"
"Therefore the maximum size is approximately 956 + (62 * 996) = 62708 "
"bytes, or 61.2 KB."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:54
msgid ""
"In addition, the transports may have additional restrictions.\n"
"NTCP currently limits to 16KB - 6 = 16378 bytes but this will be "
"increased in a future release.\n"
"The SSU limit is approximately 32 KB."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:60
msgid ""
"Note that these are not the limits for datagrams that the client sees, as"
" the\n"
"router may bundle a reply leaseset and/or session tags together with the "
"client message\n"
"in a garlic message. The leaseset and tags together may add about 5.5KB.\n"
"Therefore the current datagram limit is about 10KB. This limit will be\n"
"increased in a future release."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:68
msgid "Message Types"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:69
msgid ""
"Higher-numbered priority is higher priority.\n"
"The majority of traffic is TunnelDataMessages (priority 400),\n"
"so anything above 400 is essentially high priority, and\n"
"anything below is low priority.\n"
"Note also that many of the messages are generally routed\n"
"through exploratory tunnels, not client tunnels, and\n"
"therefore may not be in the same queue unless the\n"
"first hops happen to be on the same peer."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:80
msgid ""
"Also, not all message types are sent unencrypted.\n"
"For example, when testing a tunnel, the router wraps a\n"
"DeliveryStatusMessage, which is wrapped in a GarlicMessage,\n"
"which is wrapped in a DataMessage."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:90
msgid "Message"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:91
msgid "Type"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:94
msgid "Comments"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:102
msgid "May vary"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:108
msgid ""
"Size is 65 + 32*(number of hashes) where typically, the hashes for\n"
"three floodfill routers are returned."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:117
msgid "Varies"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:119
msgid ""
"Priority may vary.\n"
"Size is 898 bytes for a typical 2-lease leaseSet.\n"
"RouterInfo structures are compressed, and size varies; however\n"
"there is a continuing effort to reduce the amount of data published in a "
"RouterInfo\n"
"as we approach release 1.0."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:133
msgid "Priority may vary on a per-destination basis"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:143
msgid ""
"Used for message replies, and for testing tunnels - generally wrapped in "
"a GarlicMessage"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:151
msgid ""
"Generally wrapped in a DataMessage -\n"
"but when unwrapped, given a priority of 100 by the forwarding router"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:178
msgid ""
"The most common message. Priority for tunnel participants, outbound "
"endpoints, and inbound gateways was\n"
"reduced to 200 as of release 0.6.1.33.\n"
"Outbound gateway messages (i.e. those originated locally) remains at 400."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:198
msgid "Shorter TunnelBuildMessage as of 0.7.12"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:206
msgid "Shorter TunnelBuildReplyMessage as of 0.7.12"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:209
#, python-format
msgid "Others listed in <a href=\"%(pdf)s\">2003 Spec</a>"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:215
msgid "Obsolete, Unused"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:219
msgid "Full Protocol Specification"
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:220
#, python-format
msgid ""
"<a href=\"%(i2npspec)s\">On the I2NP Specification page</a>.\n"
"See also the\n"
"<a href=\"%(commonstructures)s\">Common Data Structure Specification "
"page</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/i2np.html:227
msgid ""
"It isn't clear whether the current priority scheme is generally "
"effective,\n"
"and whether the priorities for various messages should be adjusted "
"further.\n"
"This is a topic for further research, analysis and testing."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:2
msgid "Protocol Stack"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:7
#, python-format
msgid ""
"Here is the protocol stack for I2P.\n"
"See also the <a href=\"%(docs)s\">Index to Technical Documentation</a>."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:12
msgid ""
"Each of the layers in the stack provides extra capabilities.\n"
"The capabilities are listed below, starting at the bottom of the protocol"
" stack."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:18
msgid "Internet Layer:"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:20
msgid ""
"IP: Internet Protocol, allow addressing hosts on the regular internet and"
" routing packets across the internet using best-effort delivery."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:23
msgid "Transport Layer:"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:25
msgid ""
"TCP: Transmission Control Protocol, allow reliable, in-order delivery of "
"packets across the internet."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:27
msgid ""
"UDP: User Datagram Protocol, allow unreliable, out-of-order delivery of "
"packets across the internet."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:30
msgid ""
"<b>I2P Transport Layer:</b> provide encrypted connections between 2 I2P "
"routers. These are not anonymous yet, this is strictly a hop-to-hop "
"connection.\n"
"Two protocols are implemented to provide these capabilities. NTCP builds "
"on top of TCP, while SSU uses UDP."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:35
msgid "NIO-based TCP"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:37
msgid "Secure Semi-reliable UDP"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:40
msgid "<b>I2P Tunnel Layer:</b> provide full encrypted tunnel connections."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:42
#, python-format
msgid ""
"<a href=\"%(tunnelmessage)s\">Tunnel messages</a>: tunnel messages are "
"large messages containing encrypted I2NP (see below) messages and "
"encrypted instructions for their delivery.\n"
"The encryption is layered. The first hop will decrypt the tunnel message "
"and read a part. Another part can still be encrypted (with another key),"
"\n"
"so it will be forwarded."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:48
#, python-format
msgid ""
"<a href=\"%(i2np)s\">I2NP messages</a>: I2P Network Protocol messages are"
" used to pass messages through multiple routers. These I2NP messages are "
"combined in tunnel messages."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:53
msgid ""
"<b>I2P Garlic Layer:</b> provide encrypted and anonymous end-to-end I2P "
"message delivery."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:55
#, python-format
msgid ""
"<a href=\"%(i2np)s\">I2NP messages</a>: I2P Network Protocol messages are"
" wrapped in each other and used to ensure encryption between two tunnels "
"and are passed along from source to destination, keeping both anonymous."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:61
msgid ""
"The following layers are strictly speaking no longer part of the I2P "
"Protocol stack, they are not part of the core 'I2P router' functionality."
"\n"
"However, each of these layers adds additional functionality, to allow "
"applications simple and convenient I2P usage."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:67
msgid ""
"<b>I2P Client Layer:</b> allow any client to use I2P functionality, "
"without requiring the direct use of the router API."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:69
#, python-format
msgid ""
"<a href=\"%(i2cp)s\">I2CP</a>: I2P Client Protocol, allows secure and "
"asynchronous messaging over I2P by communicating messages over the I2CP "
"TCP socket."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:74
msgid ""
"<b>I2P End-to-end Transport Layer:</b> allow TCP- or UDP-like "
"functionality on top of I2P."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:76
#, python-format
msgid ""
"<a href=\"%(streaming)s\">Streaming Library</a>: an implementation of "
"TCP-like streams over I2P. This allows easier porting of existing "
"applications to I2P."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:80
#, python-format
msgid ""
"<a href=\"%(datagrams)s\">Datagram Library</a>: an implementation of UDP-"
"like messages over I2P. This allows easier porting of existing "
"applications to I2P."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:85
msgid ""
"<b>I2P Application Interface Layer:</b> additional (optional) libraries "
"allowing easier implementations on top of I2P."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:93
msgid "<b>I2P Application Proxy Layer:</b> proxy systems."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:95
#, python-format
msgid "HTTP Client/Server, IRC Client, <a href=\"%(socks)s\">SOCKS</a>, Streamr"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:99
msgid ""
"Finally, what could be considered the <b>'I2P application layer'</b>, is "
"a large number of applications on top of I2P.\n"
"We can order this based on the I2P stack layer they use."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:104
msgid "<b>Streaming/datagram applications</b>: i2psnark, Syndie, i2phex..."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:105
msgid "<b>SAM/BOB applications</b>: IMule, i2p-bt, i2prufus, Robert..."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:106
#, python-format
msgid ""
"<b>Other I2P applications</b>: Syndie, EepGet, <a "
"href=\"%(plugins)s\">plugins</a>..."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:107
msgid ""
"<b>Regular applications</b>: Jetty, Apache, Monotone, CVS, browsers, "
"e-mail..."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:111
msgid "I2P Network stack"
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:113
msgid "Figure 1: The layers in the I2P Network stack."
msgstr ""
#: i2p2www/pages/site/docs/protocol/index.html:118
msgid "Note: SAM/SAMv2 can use both the streaming lib and datagrams."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:2
msgid "Transport Overview"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:3
msgid "September 2014"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:6
msgid "Transports in I2P"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:8
msgid ""
"A \"transport\" in I2P is a method for direct, point-to-point "
"communication\n"
"between two routers.\n"
"Transports must provide confidentiality and integrity \n"
"against external adversaries while authenticating that the router "
"contacted \n"
"is the one who should receive a given message."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:16
msgid ""
"I2P supports multiple transports simultaneously.\n"
"There are two transports currently implemented:"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:21
#, python-format
msgid "<a href=\"%(ntcp)s\">NTCP</a>, a Java New I/O (NIO) TCP transport"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:22
#, python-format
msgid " <a href=\"%(ssu)s\">SSU</a>, or Secure Semireliable UDP"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:25
msgid ""
"Each provides a \"connection\" paradigm, with authentication,\n"
"flow control, acknowledgments and retransmission."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:31
msgid "Transport Services"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:33
msgid "The transport subsystem in I2P provides the following services:"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:37
#, python-format
msgid ""
"Reliable delivery of <a href=\"%(i2np)s\">I2NP</a> messages.\n"
"Transports support I2NP message delivery ONLY.\n"
"They are not general-purpose data pipes."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:42
msgid "In-order delivery of messages is NOT guaranteed by all transports."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:43
msgid ""
"Maintain a set of router addresses, one or more for each transport,\n"
"that the router publishes as its global contact information (the "
"RouterInfo).\n"
"Each transport may connect using one of these addresses, which may be\n"
"IPv4 or (as of version 0.9.8) IPv6."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:49
msgid "Selection of the best transport for each outgoing message"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:50
msgid "Queueing of outbound messages by priority"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:51
msgid ""
"Bandwidth limiting, both outbound and inbound, according to router "
"configuration"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:52
msgid "Setup and teardown of transport connections"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:53
msgid "Encryption of point-to-point communications"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:54
msgid ""
"Maintenance of connection limits for each transport, implementation of "
"various thresholds for these limits,\n"
"and communication of threshold status to the router so it may make "
"operational changes based on the status"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:58
msgid "Firewall port opening using UPnP (Universal Plug and Play)"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:59
msgid "Cooperative NAT/Firewall traversal"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:60
msgid ""
"Local IP detection by various methods, including UPnP, inspection of "
"incoming connections, and enumeration of network devices"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:61
msgid ""
"Coordination of firewall status and local IP, and changes to either, "
"among the transports"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:62
#: i2p2www/pages/site/docs/transport/ssu.html:36
msgid ""
"Communication of firewall status and local IP, and changes to either, to "
"the router and the user interface"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:63
msgid ""
"Determination of a consensus clock, which is used to periodically update "
"the router's clock, as a backup for NTP"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:64
msgid ""
"Maintenance of status for each peer, including whether it is connected, "
"whether it was recently connected,\n"
"and whether it was reachable in the last attempt"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:68
msgid "Qualification of valid IP addresses according to a local rule set"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:69
msgid ""
"Honoring the automated and manual lists of banned peers maintained by the"
" router,\n"
"and refusing outbound and inbound connections to those peers"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:76
msgid "Transport Addresses"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:78
msgid ""
"The transport subsystem maintains a set of router addresses, each of "
"which lists a transport method, IP, and port.\n"
"These addresses constitute the advertised contact points, and are "
"published by the router to the network database.\n"
"Addresses may also contain an arbitrary set of additional options."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:84
msgid "Each transport method may publish multiple router addresses."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:88
msgid "Typical scenarios are:"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:90
msgid ""
"A router has no published addresses, so it is considered \"hidden\" and "
"cannot receive incoming connections"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:91
#, python-format
msgid ""
"A router is firewalled, and therefore publishes an SSU address which "
"contains a list of cooperating\n"
"peers or \"introducers\" who will assist in NAT traversal (see <a "
"href=\"%(ssu)s\">the SSU spec</a> for details)"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:95
msgid ""
"A router is not firewalled or its NAT ports are open; it publishes both "
"NTCP and SSU addresses containing\n"
"directly-accessible IP and ports."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:101
msgid "Transport Selection"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:103
#, python-format
msgid ""
"The transport system delivers <a href=\"%(i2np)s\">I2NP messages</a> "
"only. The transport selected for any message is\n"
"independent of the upper-layer protocols and contents (router or client "
"messages, whether an external application was using\n"
"TCP or UDP to connect to I2P, whether the upper layer was using\n"
"<a href=\"%(streaming)s\">the streaming library</a>\n"
"streaming\n"
"or\n"
"<a href=\"%(datagrams)s\">datagrams</a>,\n"
"datagrams\n"
"etc.)."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:117
msgid ""
"For each outgoing message, the transport system solicits \"bids\" from "
"each transport.\n"
"The transport bidding the lowest (best) value wins the bid and receives "
"the message for delivery.\n"
"A transport may refuse to bid."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:123
msgid "Whether a transport bids, and with what value, depend on numerous factors:"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:127
msgid "Configuration of transport preferences"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:128
msgid "Whether the transport is already connected to the peer"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:129
msgid ""
"The number of current connections compared to various connection limit "
"thresholds"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:130
msgid "Whether recent connection attempts to the peer have failed"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:131
msgid ""
"The size of the message, as different transports have different size "
"limits"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:132
msgid ""
"Whether the peer can accept incoming connections for that transport, as "
"advertised in its RouterInfo"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:133
msgid "Whether the connection would be indirect (requiring introducers) or direct"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:134
msgid "The peer's transport preference, as advertised in its RouterInfo"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:137
msgid ""
"In general, the bid values are selected so that two routers are only "
"connected by a single transport\n"
"at any one time. However, this is not a requirement."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:144
msgid "New Transports and Future Work"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:146
msgid "Additional transports may be developed, including:"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:151
msgid "A TLS/SSH look-alike transport"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:152
msgid ""
"An \"indirect\" transport for routers that are not reachable by all other"
" routers (one form of \"restricted routes\")"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:153
msgid "Tor-compatible pluggable transports"
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:156
msgid ""
"Work continues on adjusting default connection limits for each transport."
"\n"
"I2P is designed as a \"mesh network\", where it is assumed that any "
"router can connect to any other router.\n"
"This assumption may be broken by routers that have exceeded their "
"connection limits, and by\n"
"routers that are behind restrictive state firewalls (restricted routes)."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:163
msgid ""
"The current connection limits are higher for SSU than for NTCP, based on "
"the assumption that\n"
"the memory requirements for an NTCP connection are higher than that for "
"SSU.\n"
"However, as NTCP buffers are partially in the kernel and SSU buffers are "
"on the Java heap,\n"
"that assumption is difficult to verify."
msgstr ""
#: i2p2www/pages/site/docs/transport/index.html:170
#, python-format
msgid ""
"Analyze <a href=\"%(pdf)s\">Breaking and Improving Protocol "
"Obfuscation</a>\n"
"and see how transport-layer padding may improve things."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:2
msgid "NTCP (NIO-based TCP)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:3
msgid "November 2014"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:6
#, python-format
msgid ""
"NTCP is one of two <a href=\"%(transports)s\">transports</a> currently "
"implemented in I2P.\n"
"The other is <a href=\"%(ssu)s\">SSU</a>.\n"
"NTCP is a Java NIO-based transport introduced in I2P release 0.6.1.22.\n"
"Java NIO (new I/O) does not suffer from the 1 thread per connection "
"issues of the old TCP transport.\n"
"NTCP-over-IPv6 is supported as of version 0.9.8."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:14
msgid ""
"By default, NTCP uses the IP/Port\n"
"auto-detected by SSU. When enabled on config.jsp,\n"
"SSU will notify/restart NTCP when the external address changes\n"
"or when the firewall status changes.\n"
"Now you can enable inbound TCP without a static IP or dyndns service."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:22
msgid ""
"The NTCP code within I2P is relatively lightweight (1/4 the size of the "
"SSU code)\n"
"because it uses the underlying Java TCP transport for reliable delivery."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:28
#: i2p2www/pages/site/docs/transport/ssu.html:39
msgid "Router Address Specification"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:30
#: i2p2www/pages/site/docs/transport/ssu.html:41
msgid "The following properties are stored in the network database."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:44
msgid "NTCP Protocol Specification"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:46
msgid "Standard Message Format"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:47
msgid ""
"After establishment,\n"
"the NTCP transport sends individual I2NP messages, with a simple "
"checksum.\n"
"The unencrypted message is encoded as follows:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:65
msgid ""
"The data is then AES/256/CBC encrypted. The session key for the "
"encryption\n"
"is negotiated during establishment (using Diffie-Hellman 2048 bit).\n"
"The establishment between two routers is implemented in the "
"EstablishState class\n"
"and detailed below.\n"
"The IV for AES/256/CBC encryption is the last 16 bytes of the previous "
"encrypted message."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:73
msgid ""
"0-15 bytes of padding are required to bring the total message length\n"
"(including the six size and checksum bytes) to a multiple of 16.\n"
"The maximum message size is currently 16 KB.\n"
"Therefore the maximum data size is currently 16 KB - 6, or 16378 bytes.\n"
"The minimum data size is 1."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:81
msgid "Time Sync Message Format"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:82
msgid ""
"One special case is a metadata message where the sizeof(data) is 0. In\n"
"that case, the unencrypted message is encoded as:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:93
msgid ""
"Total length: 16 bytes. The time sync message is sent at approximately 15"
" minute intervals.\n"
"The message is encrypted just as standard messages are."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:99
msgid "Checksums"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:100
#, python-format
msgid ""
"The standard and time sync messages use the Adler-32 checksum\n"
"as defined in the <a href=\"%(rfc1950)s\">ZLIB Specification</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:106
#: i2p2www/pages/site/docs/transport/ssu.html:175
msgid "Idle Timeout"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:107
#: i2p2www/pages/site/docs/transport/ssu.html:176
msgid ""
"Idle timeout and connection close is at the discretion of each endpoint "
"and may vary.\n"
"The current implementation lowers the timeout as the number of "
"connections approaches the\n"
"configured maximum, and raises the timeout when the connection count is "
"low.\n"
"The recommended minimum timeout is two minutes or more, and the "
"recommended\n"
"maximum timeout is ten minutes or more."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:116
msgid "RouterInfo Exchange"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:117
msgid ""
"After establishment, and every 30-60 minutes thereafter,\n"
"the two routers should generally exchange RouterInfos using a "
"DatabaseStoreMessage.\n"
"However, Alice should check if the first queued message is a "
"DatabaseStoreMessage\n"
"so as not to send a duplicate message; this is often the case when "
"connecting to a floodfill router."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:125
msgid "Establishment Sequence"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:126
msgid ""
"In the establish state, there is a 4-phase message sequence to exchange "
"DH keys and signatures.\n"
"In the first two messages there is a 2048-bit Diffie Hellman exchange.\n"
"Then, signatures of the critical data are exchanged to confirm the "
"connection."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:142
msgid "Legend:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:143
msgid "256 byte DH public keys"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:147
msgid "timestamps (4 bytes, seconds since epoch)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:148
msgid "32 byte Session key"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:149
msgid "2 byte size of Alice identity to follow"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:152
msgid "DH Key Exchange"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:153
#, python-format
msgid ""
"The initial 2048-bit DH key exchange\n"
"uses the same shared prime (p) and generator (g) as that used for I2P's\n"
"<a href=\"%(cryptography)s#elgamal\">ElGamal encryption</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:159
msgid ""
"The DH key exchange consists of a number of steps, displayed below.\n"
"The mapping between these steps and the messages sent between I2P "
"routers,\n"
"is marked in bold."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:165
msgid ""
"Alice generates a secret integer x. She then calculates <code>X = g^x mod"
" p</code>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:166
msgid "Alice sends X to Bob <b>(Message 1)</b>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:167
msgid ""
"Bob generates a secret integer y. He then calculates <code>Y = g^y mod "
"p</code>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:168
msgid "Bob sends Y to Alice.<b>(Message 2)</b>"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:169
msgid "Alice can now compute <code>sessionKey = Y^x mod p</code>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:170
msgid "Bob can now compute <code>sessionKey = X^y mod p</code>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:171
msgid ""
"Both Alice and Bob now have a shared key <code>sessionKey = g^(x*y) mod "
"p</code>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:173
#, python-format
msgid ""
"The sessionKey is then used to exchange identities in <b>Message 3</b> "
"and <b>Message 4</b>.\n"
"The exponent (x and y) length for the DH exchange is documented on the\n"
"<a href=\"%(crypto)s#exponent\">cryptography page</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:193
msgid "Message 1 (Session Request)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:194
#, python-format
msgid ""
"This is the DH request. Alice already has Bob's\n"
"<a href=\"%(commonstructures)s#struct_RouterIdentity\">Router "
"Identity</a>,\n"
"IP address, and port, as contained in his\n"
"<a href=\"%(commonstructures)s#struct_RouterInfo\">Router Info</a>,\n"
"which was published to the\n"
"<a href=\"%(netdb)s\">network database</a>.\n"
"Alice sends Bob:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:207
#: i2p2www/pages/site/docs/transport/ntcp.html:250
#: i2p2www/pages/site/docs/transport/ntcp.html:332
#: i2p2www/pages/site/docs/transport/ntcp.html:437
msgid "Size:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:209
msgid "Contents:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:227
msgid "256 byte X from Diffie Hellman"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:229
msgid "SHA256 Hash(X) xored with SHA256 Hash(Bob's `RouterIdentity`)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:236
#: i2p2www/pages/site/docs/transport/ntcp.html:319
#: i2p2www/pages/site/docs/transport/ntcp.html:398
msgid "Notes:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:237
msgid ""
"Bob verifies HXxorHI using his own router hash. If it does not verify,\n"
"Alice has contacted the wrong router, and Bob drops the connection."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:243
msgid "Message 2 (Session Created)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:244
msgid "This is the DH reply. Bob sends Alice:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:252
#: i2p2www/pages/site/docs/transport/ntcp.html:334
#: i2p2www/pages/site/docs/transport/ntcp.html:439
msgid "Unencrypted Contents:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:274
#: i2p2www/pages/site/docs/transport/ntcp.html:310
msgid "256 byte Y from Diffie Hellman"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:276
msgid "SHA256 Hash(X concatenated with Y)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:279
#: i2p2www/pages/site/docs/transport/ntcp.html:364
msgid "4 byte timestamp (seconds since the epoch)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:281
msgid "12 bytes random data"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:285
#: i2p2www/pages/site/docs/transport/ntcp.html:376
#: i2p2www/pages/site/docs/transport/ntcp.html:466
msgid "Encrypted Contents:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:312
#, python-format
msgid ""
"48 bytes <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH "
"session key and\n"
" the last 16 bytes of Y as the IV"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:320
msgid ""
"Alice may drop the connection if the clock skew with Bob is too high as "
"calculated using tsB."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:325
msgid "Message 3 (Session Confirm A)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:326
msgid ""
"This contains Alice's router identity, and a signature of the critical "
"data. Alice sends Bob:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:360
msgid "2 byte size of Alice's router identity to follow (387+)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:362
msgid "Alice's 387+ byte `RouterIdentity`"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:366
#: i2p2www/pages/site/docs/transport/ntcp.html:461
msgid "0-15 bytes random data"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:368
msgid ""
"the `Signature` of the following concatenated data:\n"
" X, Y, Bob's `RouterIdentity`, tsA, tsB.\n"
" Alice signs it with the `SigningPrivateKey` associated with "
"the `SigningPublicKey` in her `RouterIdentity`"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:389
#, python-format
msgid ""
"448 bytes <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH"
" session key and\n"
" the last 16 bytes of HXxorHI (i.e., the last 16 bytes "
"of message #1) as the IV"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:400
msgid "Bob verifies the signature, and on failure, drops the connection."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:403
msgid ""
"Bob may drop the connection if the clock skew with Alice is too high as "
"calculated using tsA."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:406
msgid ""
"Alice will use the last 16 bytes of the encrypted contents of this "
"message as the IV for the next message."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:430
msgid "Message 4 (Session Confirm B)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:431
msgid "This is a signature of the critical data. Bob sends Alice:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:455
msgid ""
"the `Signature` of the following concatenated data:\n"
" X, Y, Alice's `RouterIdentity`, tsA, tsB.\n"
" Bob signs it with the `SigningPrivateKey` associated with "
"the `SigningPublicKey` in his `RouterIdentity`"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:479
#, python-format
msgid ""
"Data <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH "
"session key and\n"
" the last 16 bytes of the encrypted contents of message "
"#2 as the IV\n"
" 48 bytes for a DSA signature, may vary for other "
"signature types"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:488
msgid "Alice verifies the signature, and on failure, drops the connection."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:491
msgid ""
"Bob will use the last 16 bytes of the encrypted contents of this message "
"as the IV for the next message."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:506
msgid "After Establishment"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:507
msgid ""
"The connection is established, and standard or time sync messages may be "
"exchanged.\n"
"All subsequent messages are AES encrypted using the negotiated DH session"
" key.\n"
"Alice will use the last 16 bytes of the encrypted contents of message #3 "
"as the next IV.\n"
"Bob will use the last 16 bytes of the encrypted contents of message #4 as"
" the next IV."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:516
msgid "Check Connection Message"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:517
msgid ""
"Alternately, when Bob receives a connection, it could be a\n"
"check connection (perhaps prompted by Bob asking for someone\n"
"to verify his listener).\n"
"Check Connection is not currently used.\n"
"However, for the record, check connections are formatted as follows.\n"
"A check info connection will receive 256 bytes containing:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:526
msgid "32 bytes of uninterpreted, ignored data"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:527
msgid "1 byte size"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:528
msgid ""
"that many bytes making up the local router's IP address (as reached by "
"the remote side)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:529
msgid "2 byte port number that the local router was reached on"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:530
msgid ""
"4 byte i2p network time as known by the remote side (seconds since the "
"epoch)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:531
msgid "uninterpreted padding data, up to byte 223"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:532
msgid ""
"xor of the local router's identity hash and the SHA256 of bytes 32 "
"through bytes 223"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:535
msgid "Check connection is completely disabled as of release 0.9.12."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:539
msgid "Discussion"
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:540
#, python-format
msgid "Now on the <a href=\"%(ntcpdisc)s\">NTCP Discussion Page</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:546
msgid "The maximum message size should be increased to approximately 32 KB."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:550
msgid ""
"A set of fixed packet sizes may be appropriate to further hide the data \n"
"fragmentation to external adversaries, but the tunnel, garlic, and end to"
" \n"
"end padding should be sufficient for most needs until then.\n"
"However, there is currently no provision for padding beyond the next "
"16-byte boundary,\n"
"to create a limited number of message sizes."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:558
msgid ""
"Memory utilization (including that of the kernel) for NTCP should be "
"compared to that for SSU."
msgstr ""
#: i2p2www/pages/site/docs/transport/ntcp.html:562
msgid ""
"Can the establishment messages be randomly padded somehow, to frustrate\n"
"identification of I2P traffic based on initial packet sizes?"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:2
msgid "Secure Semireliable UDP"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:7
#, python-format
msgid ""
"SSU (also called \"UDP\" in much of the I2P documentation and user "
"interfaces)\n"
"is one of two <a href=\"%(transports)s\">transports</a> currently "
"implemented in I2P.\n"
"The other is <a href=\"%(ntcp)s\">NTCP</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:13
msgid ""
"SSU is the newer of the two transports,\n"
"introduced in I2P release 0.6.\n"
"In a standard I2P installation, the router uses both NTCP and SSU for "
"outbound connections.\n"
"SSU-over-IPv6 is supported as of version 0.9.8."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:20
msgid ""
"SSU is called \"semireliable\" because it will repeatedly retransmit "
"unacknowledged messages,\n"
"but only up to a maximum number of times. After that, the message is "
"dropped."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:25
msgid "SSU Services"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:27
msgid ""
"Like the NTCP transport, SSU provides reliable, encrypted, connection-"
"oriented, point-to-point data transport.\n"
"Unique to SSU, it also provides IP detection and NAT traversal services, "
"including:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:33
msgid ""
"Cooperative NAT/Firewall traversal using <a "
"href=\"#introduction\">introducers</a>"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:34
msgid ""
"Local IP detection by inspection of incoming packets and <a "
"href=\"#peerTesting\">peer testing</a>"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:35
msgid ""
"Communication of firewall status and local IP, and changes to either to "
"NTCP"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:47
#: i2p2www/pages/site/docs/transport/ssu.html:54
#: i2p2www/pages/site/docs/transport/ssu.html:55
#: i2p2www/pages/site/docs/transport/ssu.html:57
#: i2p2www/pages/site/docs/transport/ssu.html:60
#: i2p2www/pages/site/docs/transport/ssu.html:61
#: i2p2www/pages/site/docs/transport/ssu.html:66
msgid "See below"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:73
msgid "Protocol Details"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:75
msgid "Congestion control"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:77
msgid ""
"SSU's need for only semireliable delivery, TCP-friendly operation,\n"
"and the capacity for high throughput allows a great deal of latitude in\n"
"congestion control. The congestion control algorithm outlined below is\n"
"meant to be both efficient in bandwidth as well as simple to implement."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:84
msgid ""
"Packets are scheduled according to the router's policy, taking care\n"
"not to exceed the router's outbound capacity or to exceed the measured \n"
"capacity of the remote peer. The measured capacity operates along the\n"
"lines of TCP's slow start and congestion avoidance, with additive "
"increases\n"
"to the sending capacity and multiplicative decreases in face of "
"congestion.\n"
"Unlike for TCP, routers may give up on some messages after\n"
"a given period or number of retransmissions while continuing to transmit"
" \n"
"other messages."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:95
msgid ""
"The congestion detection techniques vary from TCP as well, since each \n"
"message has its own unique and nonsequential identifier, and each message"
"\n"
"has a limited size - at most, 32KB. To efficiently transmit this "
"feedback\n"
"to the sender, the receiver periodically includes a list of fully ACKed \n"
"message identifiers and may also include bitfields for partially received"
"\n"
"messages, where each bit represents the reception of a fragment. If \n"
"duplicate fragments arrive, the message should be ACKed again, or if the\n"
"message has still not been fully received, the bitfield should be \n"
"retransmitted with any new updates."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:107
msgid ""
"The current implementation does not pad the packets to\n"
"any particular size, but instead just places a single message fragment "
"into\n"
"a packet and sends it off (careful not to exceed the MTU)."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:114
msgid ""
"As of router version 0.8.12,\n"
"two MTU values are used for IPv4: 620 and 1484.\n"
"The MTU value is adjusted based on the percentage of packets that are "
"retransmitted."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:120
msgid ""
"For both MTU values, it is desirable that (MTU &#37; 16) == 12, so that\n"
"the payload portion after the 28-byte IP/UDP header is a multiple of\n"
"16 bytes, for encryption purposes."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:126
msgid ""
"For the small MTU value, it is desirable to pack a 2646-byte\n"
"Variable Tunnel Build Message efficiently into multiple packets;\n"
"with a 620-byte MTU, it fits into 5 packets with nicely."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:132
msgid ""
"Based on measurements, 1492 fits nearly all reasonably small I2NP "
"messages\n"
"(larger I2NP messages may be up to 1900 to 4500 bytes, which isn't going "
"to fit\n"
"into a live network MTU anyway)."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:138
msgid ""
"The MTU values were 608 and 1492 for releases 0.8.9 - 0.8.11.\n"
"The large MTU was 1350 prior to release 0.8.9."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:143
msgid ""
"The maximum receive packet size\n"
"is 1571 bytes as of release 0.8.12.\n"
"For releases 0.8.9 - 0.8.11 it was 1535 bytes.\n"
"Prior to release 0.8.9 it was 2048 bytes."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:150
msgid ""
"As of release 0.9.2, if a router's network interface MTU is less than "
"1484,\n"
"it will publish that in the network database, and other routers should\n"
"honor that when a connection is established."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:156
msgid ""
"For IPv6, the minimum MTU is 1280. The IPv6 IP/UDP header is 48 bytes,\n"
"so we use an MTU where (MTN &#37; 16 == 0), which is true for 1280.\n"
"The maximum IPv6 MTU is 1472."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:162
msgid "Message Size Limits"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:163
msgid ""
"While the maximum message size is nominally 32KB, the practical\n"
"limit differs. The protocol limits the number of fragments to 7 bits, or "
"128.\n"
"The current implementation, however, limits each message to a maximum of "
"64 fragments,\n"
"which is sufficient for 64 * 534 = 33.3 KB when using the 608 MTU.\n"
"Due to overhead for bundled LeaseSets and session keys, the practical "
"limit\n"
"at the application level is about 6KB lower, or about 26KB.\n"
"Further work is necessary to raise the UDP transport limit above 32KB.\n"
"For connections using the larger MTU, larger messages are possible."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:185
msgid "Keys"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:187
msgid ""
"All encryption used is AES256/CBC with 32 byte keys and 16 byte IVs.\n"
"When Alice originates a session with Bob,\n"
"the MAC and session keys are negotiated as part of the DH exchange, and "
"are then used\n"
"for the HMAC and encryption, respectively. During the DH exchange, \n"
"Bob's publicly knowable introKey is used for the MAC and encryption."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:195
msgid ""
"Both the initial message and the subsequent\n"
"reply use the introKey of the responder (Bob) - the responder does \n"
"not need to know the introKey of the requester (Alice). The DSA \n"
"signing key used by Bob should already be known to Alice when she \n"
"contacts him, though Alice's DSA key may not already be known by \n"
"Bob."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:204
msgid ""
"Upon receiving a message, the receiver checks the \"from\" IP address and"
" port\n"
"with all established sessions - if there are matches,\n"
"that session's MAC keys are tested in the HMAC. If none\n"
"of those verify or if there are no matching IP addresses, the \n"
"receiver tries their introKey in the MAC. If that does not verify,\n"
"the packet is dropped. If it does verify, it is interpreted \n"
"according to the message type, though if the receiver is overloaded,\n"
"it may be dropped anyway."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:215
msgid ""
"If Alice and Bob have an established session, but Alice loses the \n"
"keys for some reason and she wants to contact Bob, she may at any \n"
"time simply establish a new session through the SessionRequest and\n"
"related messages. If Bob has lost the key but Alice does not know\n"
"that, she will first attempt to prod him to reply, by sending a \n"
"DataMessage with the wantReply flag set, and if Bob continually \n"
"fails to reply, she will assume the key is lost and reestablish a \n"
"new one."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:226
#, python-format
msgid ""
"For the DH key agreement,\n"
"<a href=\"%(rfc3526)s\">RFC3526</a> 2048bit\n"
"MODP group (#14) is used:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:236
#, python-format
msgid ""
"These are the same p and g used for I2P's\n"
"<a href=\"%(cryptography)s#elgamal\">ElGamal encryption</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:241
msgid "Replay prevention"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:243
msgid ""
"Replay prevention at the SSU layer occurs by rejecting packets \n"
"with exceedingly old timestamps or those which reuse an IV. To\n"
"detect duplicate IVs, a sequence of Bloom filters are employed to\n"
"\"decay\" periodically so that only recently added IVs are detected."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:250
msgid ""
"The messageIds used in DataMessages are defined at layers above\n"
"the SSU transport and are passed through transparently. These IDs\n"
"are not in any particular order - in fact, they are likely to be\n"
"entirely random. The SSU layer makes no attempt at messageId \n"
"replay prevention - higher layers should take that into account."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:258
msgid "Addressing"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:260
msgid ""
"To contact an SSU peer, one of two sets of information is necessary:\n"
"a direct address, for when the peer is publicly reachable, or an\n"
"indirect address, for using a third party to introduce the peer.\n"
"There is no restriction on the number of addresses a peer may have."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:272
msgid ""
"Each of the addresses may also expose a series of options - special\n"
"capabilities of that particular peer. For a list of available\n"
"capabilities, see <a href=\"#capabilities\">below</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:278
#, python-format
msgid ""
"The addresses, options, and capabilities are published in the <a "
"href=\"%(netdb)s\">network database</a>."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:283
msgid "Direct Session Establishment"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:284
msgid ""
"Direct session establishment is used when no third party is required for "
"NAT traversal.\n"
"The message sequence is as follows:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:289
msgid "Connection establishment (direct)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:290
msgid ""
"Alice connects directly to Bob.\n"
"IPv6 is supported as of version 0.9.8."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:305
#, python-format
msgid ""
"After the SessionConfirmed message is received, Bob sends a small\n"
"<a href=\"%(i2npspec)s#msg_DeliveryStatus\">DeliveryStatus message</a>\n"
"as a confirmation.\n"
"In this message, the 4-byte message ID is set to a random number, and the"
"\n"
"8-byte \"arrival time\" is set to the current network-wide ID, which is 2"
"\n"
"(i.e. 0x0000000000000002)."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:314
#, python-format
msgid ""
"After the status message is sent, the peers usually exchange\n"
"<a href=\"%(i2npspec)s#msg_DatabaseStore\">DatabaseStore messages</a>\n"
"containing their\n"
"<a href=\"%(commonstructures)s#struct_RouterInfo\">RouterInfos</a>,\n"
"however, this is not required."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:323
msgid ""
"It does not appear that the type of the status message or its contents "
"matters.\n"
"It was originally added becasue the DatabaseStore message was delayed\n"
"several seconds; since the store is now sent immediately, perhaps\n"
"the status message can be eliminated."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:332
msgid ""
"Introduction keys are delivered through an external channel \n"
"(the network database, where they are identical to the router Hash for "
"now)\n"
"and must be used when establishing a session key. For the indirect\n"
"address, the peer must first contact the relayhost and ask them for\n"
"an introduction to the peer known at that relayhost under the given\n"
"tag. If possible, the relayhost sends a message to the addressed\n"
"peer telling them to contact the requesting peer, and also gives \n"
"the requesting peer the IP and port on which the addressed peer is\n"
"located. In addition, the peer establishing the connection must \n"
"already know the public keys of the peer they are connecting to (but\n"
"not necessary to any intermediary relay peer)."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:346
msgid ""
"Indirect session establishment by means of a third party introduction\n"
"is necessary for efficient NAT traversal. Charlie, a router behind a\n"
"NAT or firewall which does not allow unsolicited inbound UDP packets,\n"
"first contacts a few peers, choosing some to serve as introducers. Each\n"
"of these peers (Bob, Bill, Betty, etc) provide Charlie with an "
"introduction\n"
"tag - a 4 byte random number - which he then makes available to the "
"public\n"
"as methods of contacting him. Alice, a router who has Charlie's "
"published\n"
"contact methods, first sends a RelayRequest packet to one or more of the"
" \n"
"introducers, asking each to introduce her to Charlie (offering the \n"
"introduction tag to identify Charlie). Bob then forwards a RelayIntro\n"
"packet to Charlie including Alice's public IP and port number, then sends"
"\n"
"Alice back a RelayResponse packet containing Charlie's public IP and port"
"\n"
"number. When Charlie receives the RelayIntro packet, he sends off a "
"small\n"
"random packet to Alice's IP and port (poking a hole in his NAT/firewall),"
"\n"
"and when Alice receives Bob's RelayResponse packet, she begins a new \n"
"full direction session establishment with the specified IP and port."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:373
msgid "Connection establishment (indirect using an introducer)"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:375
msgid "Alice first connects to introducer Bob, who relays the request to Charlie."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:393
msgid ""
"After the hole punch, the session is established between Alice and "
"Charlie as in a direct establishment."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:405
msgid "Peer testing"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:407
msgid ""
"The automation of collaborative reachability testing for peers is\n"
"enabled by a sequence of PeerTest messages. With its proper \n"
"execution, a peer will be able to determine their own reachability\n"
"and may update its behavior accordingly. The testing process is \n"
"quite simple:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:426
msgid ""
"Each of the PeerTest messages carry a nonce identifying the\n"
"test series itself, as initialized by Alice. If Alice doesn't \n"
"get a particular message that she expects, she will retransmit\n"
"accordingly, and based upon the data received or the messages\n"
"missing, she will know her reachability. The various end states\n"
"that may be reached are as follows:"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:436
msgid ""
"If she doesn't receive a response from Bob, she will retransmit\n"
"up to a certain number of times, but if no response ever arrives,\n"
"she will know that her firewall or NAT is somehow misconfigured, \n"
"rejecting all inbound UDP packets even in direct response to an\n"
"outbound packet. Alternately, Bob may be down or unable to get \n"
"Charlie to reply."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:445
msgid ""
"If Alice doesn't receive a PeerTest message with the \n"
"expected nonce from a third party (Charlie), she will retransmit\n"
"her initial request to Bob up to a certain number of times, even\n"
"if she has received Bob's reply already. If Charlie's first message \n"
"still doesn't get through but Bob's does, she knows that she is\n"
"behind a NAT or firewall that is rejecting unsolicited connection\n"
"attempts and that port forwarding is not operating properly (the\n"
"IP and port that Bob offered up should be forwarded)."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:456
msgid ""
"If Alice receives Bob's PeerTest message and both of Charlie's\n"
"PeerTest messages but the enclosed IP and port numbers in Bob's \n"
"and Charlie's second messages don't match, she knows that she is \n"
"behind a symmetric NAT, rewriting all of her outbound packets with\n"
"different 'from' ports for each peer contacted. She will need to\n"
"explicitly forward a port and always have that port exposed for \n"
"remote connectivity, ignoring further port discovery."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:466
msgid ""
"If Alice receives Charlie's first message but not his second,\n"
"she will retransmit her PeerTest message to Charlie up to a \n"
"certain number of times, but if no response is received she knows\n"
"that Charlie is either confused or no longer online."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:474
msgid ""
"Alice should choose Bob arbitrarily from known peers who seem\n"
"to be capable of participating in peer tests. Bob in turn should\n"
"choose Charlie arbitrarily from peers that he knows who seem to be\n"
"capable of participating in peer tests and who are on a different\n"
"IP from both Bob and Alice. If the first error condition occurs\n"
"(Alice doesn't get PeerTest messages from Bob), Alice may decide\n"
"to designate a new peer as Bob and try again with a different nonce."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:484
msgid ""
"Alice's introduction key is included in all of the PeerTest \n"
"messages so that she doesn't need to already have an established\n"
"session with Bob and so that Charlie can contact her without knowing\n"
"any additional information. Alice may go on to establish a session\n"
"with either Bob or Charlie, but it is not required."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:506
msgid "Transmission window, ACKs and Retransmissions"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:507
#, python-format
msgid ""
"The DATA message may contain ACKs of full messages and\n"
"partial ACKs of individual fragments of a message. See\n"
"the data message section of\n"
"<a href=\"%(ssuspec)s\">the protocol specification page</a>\n"
"for details."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:515
#, python-format
msgid ""
"The details of windowing, ACK, and retransmission strategies are not "
"specified\n"
"here. See the Java code for the current implementation.\n"
"During the establishment phase, and for peer testing, routers\n"
"should implement exponential backoff for retransmission.\n"
"For an established connection, routers should implement\n"
"an adjustable transmission window, RTT estimate and timeout, similar to "
"TCP\n"
"or <a href=\"%(streaming)s\">streaming</a>.\n"
"See the code for initial, min and max parameters."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:527
msgid "Security"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:528
msgid ""
"UDP source addresses may, of course, be spoofed.\n"
"Additionally, the IPs and ports contained inside specific\n"
"SSU messages (RelayRequest, RelayResponse, RelayIntro, PeerTest)\n"
"may not be legitimate.\n"
"Also, certain actions and responses may need to be rate-limited."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:536
msgid ""
"The details of validation are not specified\n"
"here. Implementers should add defenses where appropriate."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:542
msgid "Peer capabilities"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:546
msgid ""
"If the peer address contains the 'B' capability, that means \n"
"they are willing and able to participate in peer tests as\n"
"a 'Bob' or 'Charlie'."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:552
msgid ""
"If the peer address contains the 'C' capability, that means\n"
"they are willing and able to serve as an introducer - serving\n"
"as a Bob for an otherwise unreachable Alice."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:561
msgid ""
"Analysis of current SSU performance, including assessment of window size "
"adjustment\n"
"and other parameters, and adjustment of the protocol implementation to "
"improve\n"
"performance, is a topic for future work."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:567
msgid ""
"The current implementation repeatedly sends acknowledgments for the same "
"packets,\n"
"which unnecessarily increases overhead."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:572
msgid ""
"The default small MTU value of 620 should be analyzed and possibly "
"increased.\n"
"The current MTU adjustment strategy should be evaluated.\n"
"Does a streaming lib 1730-byte packet fit in 3 small SSU packets? "
"Probably not."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:578
msgid "The protocol should be extended to exchange MTUs during the setup."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:582
msgid "Rekeying is currently unimplemented and may never be."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:586
msgid ""
"The potential use of the 'challenge' fields in RelayIntro and "
"RelayResponse,\n"
"and use of the padding field in SessionRequest and SessionCreated, is "
"undocumented."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:591
msgid ""
"Instead of a single fragment per packet, a more efficient\n"
"strategy may be to bundle multiple message fragments into the same "
"packet,\n"
"so long as it doesn't exceed the MTU."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:597
msgid ""
"A set of fixed packet sizes may be appropriate to further hide the data \n"
"fragmentation to external adversaries, but the tunnel, garlic, and end to"
" \n"
"end padding should be sufficient for most needs until then."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:603
msgid ""
"Why are introduction keys the same as the router hash, should it be "
"changed, would there be any benefit?"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:607
msgid "Capacities appear to be unused."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:611
msgid ""
"Signed-on times in SessionCreated and SessionConfirmed appear to be "
"unused or unverified."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:616
msgid "Implementation Diagram"
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:617
msgid ""
"This diagram\n"
"should accurately reflect the current implementation, however there may "
"be small differences."
msgstr ""
#: i2p2www/pages/site/docs/transport/ssu.html:625
msgid "Now on the SSU specification page"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:2
msgid "Tunnel Implementation"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:3
msgid "October 2010"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:7
msgid "This page documents the current tunnel implementation."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:9
msgid "Tunnel overview"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:11
msgid ""
"Within I2P, messages are passed in one direction through a virtual\n"
"tunnel of peers, using whatever means are available to pass the \n"
"message on to the next hop. Messages arrive at the tunnel's \n"
"</i>gateway</i>, get bundled up and/or fragmented into fixed-size tunnel "
"messages, \n"
"and are forwarded on to the next hop in the tunnel, which processes and "
"verifies\n"
"the validity of the message and sends it on to the next hop, and so on, "
"until\n"
"it reaches the tunnel endpoint. That <i>endpoint</i> takes the messages\n"
"bundled up by the gateway and forwards them as instructed - either\n"
"to another router, to another tunnel on another router, or locally."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:23
msgid ""
"Tunnels all work the same, but can be segmented into two different\n"
"groups - inbound tunnels and outbound tunnels. The inbound tunnels\n"
"have an untrusted gateway which passes messages down towards the \n"
"tunnel creator, which serves as the tunnel endpoint. For outbound \n"
"tunnels, the tunnel creator serves as the gateway, passing messages\n"
"out to the remote endpoint."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:32
msgid ""
"The tunnel's creator selects exactly which peers will participate\n"
"in the tunnel, and provides each with the necessary configuration\n"
"data. They may have any number of hops.\n"
"It is the intent to make\n"
"it hard for either participants or third parties to determine the length "
"of \n"
"a tunnel, or even for colluding participants to determine whether they "
"are a\n"
"part of the same tunnel at all (barring the situation where colluding "
"peers are\n"
"next to each other in the tunnel)."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:43
msgid ""
"In practice, a series of tunnel pools are used for different\n"
"purposes - each local client destination has its own set of inbound\n"
"tunnels and outbound tunnels, configured to meet its anonymity and\n"
"performance needs. In addition, the router itself maintains a series\n"
"of pools for participating in the network database and for managing\n"
"the tunnels themselves."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:52
msgid ""
"I2P is an inherently packet switched network, even with these \n"
"tunnels, allowing it to take advantage of multiple tunnels running \n"
"in parallel, increasing resilience and balancing load. Outside of\n"
"the core I2P layer, there is an optional end to end streaming library \n"
"available for client applications, exposing TCP-esque operation,\n"
"including message reordering, retransmission, congestion control, etc."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:61
#, python-format
msgid ""
"An overview of I2P tunnel terminology is\n"
"<a href=\"%(tunnelrouting)s\">on the tunnel overview page</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:66
msgid "Tunnel Operation (Message Processing)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:69
#, python-format
msgid ""
"After a tunnel is built, <a href=\"%(i2np)s\">I2NP messages</a> are "
"processed and passed through it.\n"
"Tunnel operation has four distinct processes, taken on by various \n"
"peers in the tunnel."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:75
msgid ""
"First, the tunnel gateway accumulates a number\n"
"of I2NP messages and preprocesses them into tunnel messages for\n"
"delivery."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:80
msgid ""
"Next, that gateway encrypts that preprocessed data, then\n"
"forwards it to the first hop."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:84
msgid ""
"That peer, and subsequent tunnel \n"
"participants, unwrap a layer of the encryption, verifying that it isn't\n"
"a duplicate, then forward it on to the next peer."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:89
msgid ""
"Eventually, the tunnel messages arrive at the endpoint where the I2NP "
"messages\n"
"originally bundled by the gateway are reassembled and forwarded on as \n"
"requested."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:96
msgid ""
"Intermediate tunnel participants do not know whether they are in an\n"
"inbound or an outbound tunnel; they always \"encrypt\" for the next hop.\n"
"Therefore, we take advantage of symmetric AES encryption\n"
"to \"decrypt\" at the outbound tunnel gateway,\n"
"so that the plaintext is revealed at the outbound endpoint."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:110
msgid "Role"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:111
msgid "Preprocessing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:112
msgid "Encryption Operation"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:113
msgid "Postprocessing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:117
msgid "Outbound Gateway (Creator)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:118
#: i2p2www/pages/site/docs/tunnels/implementation.html:141
msgid "Fragment, Batch, and Pad"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:119
msgid "Iteratively encrypt (using decryption operations)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:120
#: i2p2www/pages/site/docs/tunnels/implementation.html:127
#: i2p2www/pages/site/docs/tunnels/implementation.html:143
#: i2p2www/pages/site/docs/tunnels/implementation.html:150
msgid "Forward to next hop"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:124
#: i2p2www/pages/site/docs/tunnels/implementation.html:147
msgid "Participant"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:126
msgid "Decrypt (using an encryption operation)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:133
msgid "Decrypt (using an encryption operation) to reveal plaintext tunnel message"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:134
msgid "Reassemble Fragments, Forward as instructed to Inbound Gateway or Router"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:142
#: i2p2www/pages/site/docs/tunnels/implementation.html:149
msgid "Encrypt"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:154
msgid "Inbound Endpoint (Creator)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:156
msgid "Iteratively decrypt to reveal plaintext tunnel message"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:157
msgid "Reassemble Fragments, Receive data"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:163
msgid "Gateway Processing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:164
msgid "Message Preprocessing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:166
#, python-format
msgid ""
"A tunnel gateway's function is to fragment and pack\n"
"<a href=\"%(i2np)s\">I2NP messages</a> into fixed-size\n"
"<a href=\"%(tunnelmessage)s\">tunnel messages</a>\n"
"and encrypt the tunnel messages.\n"
"Tunnel messages contain the following:"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:174
msgid "A 4 byte Tunnel ID"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:175
msgid "A 16 byte IV (initialization vector)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:176
msgid "A checksum"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:177
msgid "Padding, if necessary"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:178
msgid "One or more { delivery instruction, I2NP message fragment } pairs"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:181
msgid ""
"Tunnel IDs are 4 byte numbers used at each hop - participants know what\n"
"tunnel ID to listen for messages with and what tunnel ID they should be "
"forwarded\n"
"on as to the next hop, and each hop chooses the tunnel ID which they "
"receive messages\n"
"on. Tunnels themselves are short-lived (10 minutes).\n"
"Even if subsequent tunnels are built using the same sequence of \n"
"peers, each hop's tunnel ID will change."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:190
msgid ""
"To prevent adversaries from tagging the messages along the path by "
"adjusting\n"
"the message size, all tunnel messages are a fixed 1024 bytes in size. To"
" accommodate \n"
"larger I2NP messages as well as to support smaller ones more efficiently,"
" the\n"
"gateway splits up the larger I2NP messages into fragments contained "
"within each\n"
"tunnel message. The endpoint will attempt to rebuild the I2NP message "
"from the\n"
"fragments for a short period of time, but will discard them as necessary."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:199
#, python-format
msgid ""
"Details are in the\n"
"<a href=\"%(tunnelmessage)s\">tunnel message specification</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:205
msgid "Gateway Encryption"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:207
msgid ""
"After the preprocessing of messages into a padded payload, the gateway "
"builds\n"
"a random 16 byte IV value, iteratively encrypting it and the tunnel "
"message as\n"
"necessary, and forwards the tuple {tunnelID, IV, encrypted tunnel "
"message} to the next hop."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:213
msgid ""
"How encryption at the gateway is done depends on whether the tunnel is an"
"\n"
"inbound or an outbound tunnel. For inbound tunnels, they simply select a"
" random\n"
"IV, postprocessing and updating it to generate the IV for the gateway and"
" using \n"
"that IV along side their own layer key to encrypt the preprocessed data."
" For outbound \n"
"tunnels they must iteratively decrypt the (unencrypted) IV and "
"preprocessed \n"
"data with the IV and layer keys for all hops in the tunnel. The result "
"of the outbound\n"
"tunnel encryption is that when each peer encrypts it, the endpoint will "
"recover \n"
"the initial preprocessed data."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:225
msgid "Participant Processing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:227
msgid ""
"When a peer receives a tunnel message, it checks that the message came "
"from\n"
"the same previous hop as before (initialized when the first message comes"
" through\n"
"the tunnel). If the previous peer is a different router, or if the "
"message has\n"
"already been seen, the message is dropped. The participant then encrypts"
" the \n"
"received IV with AES256/ECB using their IV key to determine the current "
"IV, uses \n"
"that IV with the participant's layer key to encrypt the data, encrypts "
"the \n"
"current IV with AES256/ECB using their IV key again, then forwards the "
"tuple \n"
"{nextTunnelId, nextIV, encryptedData} to the next hop. This double "
"encryption\n"
"of the IV (both before and after use) help address a certain class of\n"
"confirmation attacks."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:243
msgid ""
"Duplicate message detection is handled by a decaying Bloom filter on "
"message\n"
"IVs. Each router maintains a single Bloom filter to contain the XOR of "
"the IV and\n"
"the first block of the message received for all of the tunnels it is "
"participating\n"
"in, modified to drop seen entries after 10-20 minutes (when the tunnels "
"will have\n"
"expired). The size of the bloom filter and the parameters used are "
"sufficient to\n"
"more than saturate the router's network connection with a negligible "
"chance of \n"
"false positive. The unique value fed into the Bloom filter is the XOR of"
" the IV \n"
"and the first block so as to prevent nonsequential colluding peers in the"
" tunnel \n"
"from tagging a message by resending it with the IV and first block "
"switched."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:256
msgid "Endpoint Processing"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:258
msgid ""
"After receiving and validating a tunnel message at the last hop in the "
"tunnel,\n"
"how the endpoint recovers the data encoded by the gateway depends upon "
"whether \n"
"the tunnel is an inbound or an outbound tunnel. For outbound tunnels, "
"the \n"
"endpoint encrypts the message with its layer key just like any other "
"participant, \n"
"exposing the preprocessed data. For inbound tunnels, the endpoint is "
"also the \n"
"tunnel creator so they can merely iteratively decrypt the IV and message,"
" using the \n"
"layer and IV keys of each step in reverse order."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:268
msgid ""
"At this point, the tunnel endpoint has the preprocessed data sent by the "
"gateway,\n"
"which it may then parse out into the included I2NP messages and forwards "
"them as\n"
"requested in their delivery instructions."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:275
msgid "Tunnel Building"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:277
msgid ""
"When building a tunnel, the creator must send a request with the "
"necessary\n"
"configuration data to each of the hops and wait for all of them to agree "
"before\n"
"enabling the tunnel. The requests are encrypted so that only the peers "
"who need\n"
"to know a piece of information (such as the tunnel layer or IV key) has "
"that\n"
"data. In addition, only the tunnel creator will have access to the "
"peer's\n"
"reply. There are three important dimensions to keep in mind when "
"producing\n"
"the tunnels: what peers are used (and where), how the requests are sent "
"(and \n"
"replies received), and how they are maintained."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:291
msgid ""
"Beyond the two types of tunnels - inbound and outbound - there are two "
"styles\n"
"of peer selection used for different tunnels - exploratory and client.\n"
"Exploratory tunnels are used for both network database maintenance and "
"tunnel\n"
"maintenance, while client tunnels are used for end to end client messages."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:299
msgid "Exploratory tunnel peer selection"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:301
msgid ""
"Exploratory tunnels are built out of a random selection of peers from a "
"subset\n"
"of the network. The particular subset varies on the local router and on "
"what their\n"
"tunnel routing needs are. In general, the exploratory tunnels are built "
"out of\n"
"randomly selected peers who are in the peer's \"not failing but active\" "
"profile\n"
"category. The secondary purpose of the tunnels, beyond merely tunnel "
"routing,\n"
"is to find underutilized high capacity peers so that they can be promoted"
" for\n"
"use in client tunnels."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:311
#, python-format
msgid ""
"Exploratory peer selection is discussed further on the\n"
"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:317
msgid "Client tunnel peer selection"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:319
msgid ""
"Client tunnels are built with a more stringent set of requirements - the "
"local\n"
"router will select peers out of its \"fast and high capacity\" profile "
"category so\n"
"that performance and reliability will meet the needs of the client "
"application.\n"
"However, there are several important details beyond that basic selection "
"that \n"
"should be adhered to, depending upon the client's anonymity needs."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:327
#, python-format
msgid ""
"Client peer selection is discussed further on the\n"
"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:332
msgid "Peer Ordering within Tunnels"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:334
#, python-format
msgid ""
"Peers are ordered within tunnels to deal with the\n"
"<a href=\"%(pdf)s\">predecessor attack</a>\n"
"<a href=\"%(pdf2008)s\">(2008 update)</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:341
msgid ""
"To frustrate the predecessor \n"
"attack, the tunnel selection keeps the peers selected in a strict order -"
"\n"
"if A, B, and C are in a tunnel for a particular tunnel pool, the hop "
"after A is always B, and the hop after\n"
"B is always C."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:348
msgid ""
"Ordering is implemented by generating a random 32-byte key for each\n"
"tunnel pool at startup.\n"
"Peers should not be able to guess the ordering, or an attacker could\n"
"craft two router hashes far apart to maximize the chance of being at both"
"\n"
"ends of a tunnel.\n"
"Peers are sorted by XOR distance of the\n"
"SHA256 Hash of (the peer's hash concatenated with the random key) from "
"the random key"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:363
msgid ""
"Because each tunnel pool uses a different random key, ordering is "
"consistent\n"
"within a single pool but not between different pools.\n"
"New keys are generated at each router restart."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:370
msgid "Request delivery"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:372
#, python-format
msgid ""
"A multi-hop tunnel is built using a single build message which is "
"repeatedly\n"
"decrypted and forwarded. In the terminology of\n"
"<a href=\"%(pdf)s\">Hashing it out in Public</a>,\n"
"this is \"non-interactive\" telescopic tunnel building."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:379
#, python-format
msgid ""
"This tunnel request preparation, delivery, and response method is\n"
"<a href=\"%(tunnelcreation)s\">designed</a> to reduce the number of\n"
"predecessors exposed, cuts the number of messages transmitted, verifies "
"proper\n"
"connectivity, and avoids the message counting attack of traditional "
"telescopic\n"
"tunnel creation.\n"
"(This method, which sends messages to extend a tunnel through the "
"already-established\n"
"part of the tunnel, is termed \"interactive\" telescopic tunnel building "
"in\n"
"the \"Hashing it out\" paper.)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:390
#, python-format
msgid ""
"The details of tunnel request and response messages, and their "
"encryption,\n"
"<a href=\"%(tunnelcreation)s\">are specified here</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:395
msgid ""
"Peers may reject tunnel creation requests for a variety of reasons, "
"though\n"
"a series of four increasingly severe rejections are known: probabilistic "
"rejection\n"
"(due to approaching the router's capacity, or in response to a flood of "
"requests), \n"
"transient overload, bandwidth overload, and critical failure. When "
"received, \n"
"those four are interpreted by the tunnel creator to help adjust their "
"profile of\n"
"the router in question."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:404
#, python-format
msgid ""
"For more information on peer profiling, see the\n"
"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:410
msgid "Tunnel Pools"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:412
#, python-format
msgid ""
"To allow efficient operation, the router maintains a series of tunnel "
"pools,\n"
"each managing a group of tunnels used for a specific purpose with their "
"own\n"
"configuration. When a tunnel is needed for that purpose, the router "
"selects one\n"
"out of the appropriate pool at random. Overall, there are two "
"exploratory tunnel\n"
"pools - one inbound and one outbound - each using the router's default "
"configuration.\n"
"In addition, there is a pair of pools for each local destination -\n"
"one inbound and one outbound tunnel pool. Those pools use the "
"configuration specified\n"
"when the local destination connects to the router via <a "
"href=\"%(i2cp)s\">I2CP</a>, or the router's defaults if\n"
"not specified."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:424
#, python-format
msgid ""
"Each pool has within its configuration a few key settings, defining how "
"many\n"
"tunnels to keep active, how many backup tunnels to maintain in case of "
"failure,\n"
"how long the tunnels should be, whether those\n"
"lengths should be randomized, as \n"
"well as any of the other settings allowed when configuring individual "
"tunnels.\n"
"Configuration options are specified on the <a href=\"%(i2cp)s\">I2CP "
"page</a>."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:434
msgid "Tunnel Lengths and Defaults"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:436
msgid "On the tunnel overview page"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:438
msgid "Anticipatory Build Strategy and Priority"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:440
msgid ""
"Tunnel building is expensive, and tunnels expire a fixed time after they "
"are built.\n"
"However, when a pool that runs out of tunnels, the Destination is "
"essentially dead.\n"
"In addition, tunnel build success rate may vary greatly with both local "
"and global\n"
"network conditions.\n"
"Therefore, it is important to maintain an anticipatory, adaptive build "
"strategy\n"
"to ensure that new tunnels are successfully built before they are needed,"
"\n"
"without building an excess of tunnels, building them too soon,\n"
"or consuming too much CPU or bandwidth creating and sending the encrypted"
" build messages."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:451
msgid ""
"For each tuple {exploratory/client, in/out, length, length variance}\n"
"the router maintains statistics on the time required for a successful\n"
"tunnel build.\n"
"Using these statistics, it calculates how long before a tunnel's "
"expiration\n"
"it should start attempting to build a replacement.\n"
"As the expiration time approaches without a successful replacement,\n"
"it starts multiple build attempts in parallel, and then\n"
"will increase the number of parallel attempts if necessary."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:462
msgid ""
"To cap bandwidth and CPU usage,\n"
"the router also limits the maximum number of build attempts outstanding\n"
"across all pools.\n"
"Critical builds (those for exploratory tunnels, and for pools that have\n"
"run out of tunnels) are prioritized."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:471
msgid "Tunnel Message Throttling"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:473
msgid ""
"Even though the tunnels within I2P bear a resemblance to a circuit "
"switched\n"
"network, everything within I2P is strictly message based - tunnels are "
"merely\n"
"accounting tricks to help organize the delivery of messages. No "
"assumptions are\n"
"made regarding reliability or ordering of messages, and retransmissions "
"are left\n"
"to higher levels (e.g. I2P's client layer streaming library). This "
"allows I2P\n"
"to take advantage of throttling techniques available to both packet "
"switched and\n"
"circuit switched networks. For instance, each router may keep track of "
"the \n"
"moving average of how much data each tunnel is using, combine that with "
"all of \n"
"the averages used by other tunnels the router is participating in, and be"
" able\n"
"to accept or reject additional tunnel participation requests based on its"
" \n"
"capacity and utilization. On the other hand, each router can simply drop"
" \n"
"messages that are beyond its capacity, exploiting the research used on "
"the \n"
"normal Internet."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:489
msgid ""
"In the current implementation, routers implement a\n"
"weighted random early discard (WRED) strategy.\n"
"For all participating routers (internal participant, inbound gateway, and"
" outbound endpoint),\n"
"the router will start randomly dropping a portion of messages as the\n"
"bandwidth limits are approached.\n"
"As traffic gets closer to, or exceeds, the limits, more messages are "
"dropped.\n"
"For an internal participant, all messages are fragmented and padded and "
"therefore are the same size.\n"
"At the inbound gateway and outbound endpoint, however, the dropping "
"decision is made\n"
"on the full (coalesced) message, and the message size is taken into "
"account.\n"
"Larger messages are more likely to be dropped.\n"
"Also, messages are more likely to be dropped at the outbound endpoint "
"than the inbound gateway,\n"
"as those messages are not as \"far along\" in their journey and thus the "
"network cost of\n"
"dropping those messages is lower."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:507
msgid "Mixing/batching"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:509
msgid ""
"What strategies could be used at the gateway and at each hop for "
"delaying,\n"
"reordering, rerouting, or padding messages? To what extent should this "
"be done\n"
"automatically, how much should be configured as a per tunnel or per hop "
"setting,\n"
"and how should the tunnel's creator (and in turn, user) control this "
"operation?\n"
"All of this is left as unknown, to be worked out for a distant future "
"release."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:518
msgid "Padding"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:519
msgid ""
"The padding strategies can be used on a variety of levels, addressing the"
"\n"
"exposure of message size information to different adversaries.\n"
"The current fixed tunnel message size is 1024 bytes. Within this "
"however, the fragmented\n"
"messages themselves are not padded by the tunnel at all, though for end "
"to end \n"
"messages, they may be padded as part of the garlic wrapping."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/implementation.html:529
msgid ""
"WRED strategies have a significant impact on end-to-end performance,\n"
"and prevention of network congestion collapse.\n"
"The current WRED strategy should be carefully evaluated and improved."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/old-implementation.html:2
msgid "Old Tunnel Implementation"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/old-implementation.html:5
#, python-format
msgid ""
"Note: Obsolete - NOT used! Replaced in 0.6.1.10 - see <a "
"href=\"%(tunnelimpl)s\">here</a> for the current implementation"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:7
msgid ""
"This page describes the origins and design of I2P's unidirectional "
"tunnels.\n"
"For further infomrmation see:"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:13
msgid "Tunnel overview page"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:19
msgid "Tunnel design discussion"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:21
msgid "Peer selection"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:23
msgid "Meeting 125 (~13:12-13:30)"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:28
msgid "Review"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:30
msgid ""
"While we aren't aware of any published research on the advantages of \n"
"unidirecdtional tunnels,\n"
"they appear to make it harder to detect a \n"
"request/response pattern, which is quite possible to detect over a \n"
"bidirectional tunnel.\n"
"Several apps and protocols, notably HTTP,\n"
"do transfer data in such manner. Having the traffic follow the same \n"
"route to its destination and back could make it easier for an \n"
"attacker who has only timing and traffic volume data to infer the path a"
" \n"
"tunnel is taking.\n"
"Having the response come back along a different path arguably \n"
"makes it harder."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:45
msgid ""
"When dealing with \n"
"an internal adversary or most external adversaries, I2P's undirectional "
"tunnels\n"
"expose half as much traffic data than would be exposed with bidirectional"
" circuits\n"
"by simply looking at the flows themselves - an HTTP request and response "
"would \n"
"follow the same path in Tor, while in I2P the packets making up the "
"request \n"
"would go out through one or more outbound tunnels and the packets making "
"up \n"
"the response would come back through one or more different inbound "
"tunnels."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:55
msgid ""
"The strategy of using two separate tunnels for inbound and outbound\n"
"communication is not the only technique available, and it does have "
"anonymity\n"
"implications. On the positive side, by using separate tunnels it lessens"
" the\n"
"traffic data exposed for analysis to participants in a tunnel - for "
"instance,\n"
"peers in an outbound tunnel from a web browser would only see the traffic"
" of\n"
"an HTTP GET, while the peers in an inbound tunnel would see the payload \n"
"delivered along the tunnel. With bidirectional tunnels, all participants"
" would\n"
"have access to the fact that e.g. 1KB was sent in one direction, then "
"100KB\n"
"in the other. On the negative side, using unidirectional tunnels means "
"that\n"
"there are two sets of peers which need to be profiled and accounted for, "
"and\n"
"additional care must be taken to address the increased speed of "
"predecessor\n"
"attacks. The tunnel pooling and building process\n"
"(peer selection and ordering strategies)\n"
"should minimize the worries of the predecessor attack."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:73
msgid "Anonymity"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:75
#, python-format
msgid ""
"A recent <a href=\"%(pdf)s\">paper by Hermann and Grothoff</a>\n"
"declared that I2P's unidirectional tunnels \"seems to be a bad design "
"decision\"."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:80
msgid ""
"The paper's main point is that\n"
"deanonymizations on unidirectional tunnels take a longer time, which is "
"an \n"
"advantage, but that an attacker can be more certain in the unidirectional"
" case. \n"
"Therefore, the paper claims it isn't an advantage at all, but a "
"disadvantage, at least\n"
"with long-living eepsites."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:88
msgid ""
"This conclusion is not fully supported by the paper. Unidirectional "
"tunnels clearly \n"
"mitigate other attacks and it's not clear how to trade off the risk of "
"the \n"
"attack in the paper\n"
"with attacks on a bidirectional tunnel architecture."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:95
msgid ""
"This conclusion is based on an arbitrary certainty vs. time weighting \n"
"(tradeoff) that may not be applicable in all cases. For \n"
"example, somebody could make a list of possible IPs then issue subpoenas "
"to \n"
"each. Or the attacker could DDoS each in turn and via a simple \n"
"intersection attack see if the eepsite goes down or is slowed down. So "
"close \n"
"may be good enough, or time may be more important."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:104
msgid ""
"The conclusion is based on a specific weighting of the importance of "
"certainty \n"
"vs. time, and that weighting may be wrong, and it's definitely debatable,"
" \n"
"especially in a real world with subpoenas, search warrants, and other "
"methods \n"
"available for final confirmation."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:111
msgid ""
"A full analysis of the tradeoffs of unidirectional vs. bidirectional \n"
"tunnels is clearly outside the scope of the paper, and has not been done"
" \n"
"elsewhere. For example, how does this attack compare to the numerous "
"possible \n"
"timing attacks published about onion-routed networks? Clearly the authors"
" have not\n"
"done that analysis, if it's even possible to do it\n"
"effectively."
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:120
msgid ""
"Tor uses bidirectional tunnels and has had a lot of academic review. I2P"
" \n"
"uses unidirectional tunnels and has had very little review. Does the lack"
" of a \n"
"research paper defending unidirectional tunnels mean that it is a poor "
"design \n"
"choice, or just that it needs more study? Timing attacks and \n"
"distributed attacks are difficult to defend against in both I2P and Tor. "
"The \n"
"design intent (see references above) was that unidirectional tunnels are "
"more \n"
"resistant to timing attacks. However, the paper presents a somewhat "
"different type of timing \n"
"attack. Is this attack, innovative as it is, sufficient to label I2P's \n"
"tunnel architecture (and thus I2P as a whole) a \"bad design\", and by \n"
"implication clearly inferior to Tor, or is it just a design alternative "
"that \n"
"clearly needs further investigation and analysis? There are several other"
" reasons \n"
"to consider I2P currently inferior to Tor and other projects (small "
"network \n"
"size, lack of funding, lack of review) but is unidirectional tunnels "
"really a \n"
"reason?"
msgstr ""
#: i2p2www/pages/site/docs/tunnels/unidirectional.html:137
msgid ""
"In summary, \"bad design decision\" is apparently (since the paper does\n"
"not label bidirectional tunnels \"bad\") shorthand for \"unidirectional \n"
"tunnels are unequivocally inferior to bidirectional tunnels\", yet this \n"
"conclusion is not supported by the paper."
msgstr ""
Reference in New Issue View Git Blame Copy Permalink