Closed Shoalsteed closed 1 year ago
Shoalsteed
commented
1 year ago mirroring clearnet properties- the difficulty is proving the clearnet site owner is also the I2P site owner. Simply setting up a mirror is easy, meaningfully and automatically proving provenance back to a person or org, i.e. what clearnet does with TLS, is hard
Shoalsteed
commented
1 year ago NOTES - incomplete.
History
Vision/ Mission
The Protocols SSU(2)
SSU2 is Noise-XK with obfuscated handshakes. We can do obfuscated keys because I2P routers are "key-addressed" as part of a datastructure shared among all I2P nodes in the network.
If you can talk to a router, you have enough information to use the router's keys as a way to "obfuscate" the contents of the handshake, which are they keys you exchange with the other relay to start your transport session.
This cryptography occurs router to router. Routers respond to I2NP messages which they can receive on these transports, or down tunnels which are nested within these transports. I2NP messages carry instructions about how to build tunnels, through which routers, and over which transports, but they are responded to at the discretion of the router that receives them. There are many reasons a router might drop a message from one peer, but not another, but usually it is because of spam or adverse network conditions.
Online DPI Inspecting: Online DPI does not have access to the I2P network database. The online DPI is not designed specifically to detect I2P, although it may have limited classification rules for that purpose.
Offline DPI inspecting data stored by the online DPI for later analysis. The offline DPI may be designed specifically to detect I2P. The offline DPI does have real-time access to the I2P network database. The offline DPI does have access to this and other I2P specifications. The offline DPI has unlimited computational capability, including all cryptographic functions defined in this specification.
The offline DPI does not have the ability to block existing connections. The offline DPI does have the capability to do near-realtime (within minutes of setup) sending to host/port of parties by packet injection. The offline DPI does have the capability to do near-realtime (within minutes of setup) replay of previous messages (modified or not) for "probing" or other reasons.
It is not a goal to prevent protocol identification by an offline DPI. All decoding of obfuscated data in the first two messages, which is implemented by I2P routers, may also be implemented by the offline DPI.
It is a goal to reject attempted connections using replay of previous messages.
NTCP2 NTCP2 is also Noise-XK which obfuscated handshakes and works in more-or-less the same way, but because SSU2 is a UDP-based protocol it also contains features for maintaining the integrity of connections when the router does things like change IP address. This is to deal with the differences between TCP and UDP, primarily. However, I2P has a modular transport structure. There is no requirement to be Noise-XK based or even Noise based. These were chosen because they match most closely with the current needs and abilities of the I2P network.
Noise-XK The public keys alone are sufficient to have both encryption and authentication without relying on any third party for the security guarantees. Other protocols such as SSL have inherent points of failure - such as the PKI, which has been abused for many real world attacks on security. expanded info: https://noiseexplorer.com/patterns/XK/
Other Transports That Are Possible Other transports are possible with developer time and commitment. Some we think are interesting are TLS, DTLS, and SSH.
Shoalsteed
commented
1 year ago Intro: A hook, a question, an intiguing idea Outline: the problem / what drove and drives I2P development Name the Audience Who does this benefit? "I2P network allows....." Explain it: For the first time user, no jargon. Ending: End it positive, passionate. "What if I2P had....."
Shoalsteed
commented
1 year ago What if we had the internet to do all over again? What would we change? What if those people had considered encryption, the right to access and anonymity for people using the network first?
I2P development began in the era of the crypto wars. Cryptography not cryptocurrency. It took a privacy by design approach to its network design. Developers wanted to address the insecurities found in the Internet at the time and begin research and development of a new transport layer that deliver full anonymity, privacy, and security at the highest level possible. It would be decentralized and peer to peer, which would also mean ISP's not being able to control your traffic. Last year, the project finalized work on its transports. After 20 years, a very small group of people have created a network that is end to end encrypted, offers interoperability for almost any protocol that wants to add I2P integration, and is proving resistant in places where communication access is being restricted.
Shoalsteed
commented
1 year ago Re-thinking the 15 minutes presentation.
(one part) -Helen's initial impression of I2P -that is behave like the internet -how I see the internet...that it's an invisible infrastructure. with buildings and highways -that it's my own virtual world -that it's maintained by the users
(another part) -Origin story up to last year, .birth of I2P, crypto wars, what was trying to solve?
Frame in terms of boundaries and choice. Focus on utility of protocols. Refrain from hyperbolic terms. Core development - where it happens and the software that it provides.
Use Cases It functions the same the way the internet does. The network protocols allow anyone to build applications or operate services for people who use the network. It is for anyone and everyone who wants to use it and build on it.
In terms of right to access of information, internet properties can be mirrored on the I2p network. This is not perfect for some reasons such as links that may lead to the internet, speed, etc, but it is a very resistant option and does not require using proxy / VPN.