Changes between Version 2 and Version 3 of intro

Jul 29, 2010 5:23:46 AM (10 years ago)


  • intro

    v2 v3  
    1 ==HOW DOES I2P WORK?==
     1=== HOW DOES I2P WORK? ===
    33Note: the "how" documents have not been fully updated to include several changes including the new tunnel routing and encryption algorithms, addressing several issues (with the groundwork for addressing others), and other changes.
    56I2P is an effort to build, deploy, and maintain a network to support secure and anonymous communication. People using I2P are in control of the tradeoffs between anonymity, reliability, bandwidth usage, and latency. There is no central point in the network on which pressure can be exerted to compromise the integrity, security, or anonymity of the system. The network supports dynamic reconfiguration in response to various attacks, and has been designed to make use of additional resources as they become available. Of course, all aspects of the network are open and freely available.
    79Unlike many other anonymizing networks, I2P doesn't try to provide anonymity by hiding the originator of some communication and not the recipient, or the other way around. I2P is designed to allow peers using I2P to communicate with each other anonymously — both sender and recipient are unidentifiable to each other as well as to third parties. For example, today there are both in-I2P web sites (allowing anonymous publishing / hosting) as well as HTTP proxies to the normal web (allowing anonymous web browsing). Having the ability to run servers within I2P is essential, as it is quite likely that any outbound proxies to the normal Internet will be monitored, disabled, or even taken over to attempt more malicious attacks.
    912The network itself is message oriented - it is essentially a secure and anonymous IP layer, where messages are addressed to cryptographic keys (Destinations) and can be significantly larger than IP packets. Some example uses of the network include "eepsites" (webservers hosting normal web applications within I2P), a BitTorrent port ("I2PSnark"), or a distributed data store. With the help of mihi's I2PTunnel application, we are able to stream traditional TCP/IP applications over I2P, such as SSH, IRC, a squid proxy, and even streaming audio. Most people will not use I2P directly, or even need to know they're using it. Instead their view will be of one of the I2P enabled applications, or perhaps as a little controller app to turn on and off various proxies to enable the anonymizing functionality.
    1115An essential part of designing, developing, and testing an anonymizing network is to define the threat model, since there is no such thing as "true" anonymity, just increasingly expensive costs to identify someone. Briefly, I2P's intent is to allow people to communicate in arbitrarily hostile environments by providing militant grade anonymity, mixed in with sufficient cover traffic provided by the activity of people who require less anonymity. This includes letting Joe Sixpack chat with his buddies without anyone listening in, Jane Filetrader to share files knowing that large corporations cannot identify her, as well as Will Whistleblower to publish sensitive documents - all on the same network, where each one's messages are essentially indistinguishable from the others.
    12 Why?
     19=== Why? ===
    1422There are a multitude of fantastic reasons why we need a system to support anonymous communication, and everyone has their own personal rationale. There are many other efforts working on finding ways to provide varying degrees of anonymity to people through the Internet, but we could not find any that met our needs or threat model.
    15 How?
     26=== How? ===
    1729The network at a glance is made up of a set of nodes ("routers") with a number of unidirectional inbound and outbound virtual paths ("tunnels", as outlined on the tunnel routing page). Each router is identified by a cryptographic RouterIdentity which is typically long lived. These routers communicate with each other through existing transport mechanisms (TCP, UDP, etc), passing various messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia algorithm) for scalable distributing routing and contact information securely.