I2P Weekly Update: September 28th

Post Reply
Posts: 35
Joined: 18 Feb 2018 15:54

I2P Weekly Update: September 28th

Post by sadie »

(notes from zzz's forum)

Notes from the most recent LS2 meeting, w.r.t. ECIES:

- How to identify ECIES vs ElG block, should we want to support both down a tunnel at once? 

Previous discussion referred to AEAD inside the ECIES encrypted block 
- AEAD to replace AES for the AES encrypted blocks was not discussed last week but was discussed in this meeting. Undecided. 

Session tags is a 3rd topic. Keep the same scheme, or something else (synchronized PRNG?) SipHash is obvious choice. Do we just have, say, 40 per IV sent, or spin off a thousand? Sender side is straightforward, not clear how to implement the receiver side for a thousand or a million. If you're only doing 40, all the problems with lost tags remain?
Do we want to change everything at once?

There are two separate proposals todo:
ECIES+ECDH+SessionTags+AES (as currently implemented in i2pd) 
2) ECIES+X25519+?+AEAD?
If we have multiple variants with the same key, we would want multiple types specified as supported in the LS2
Revisit sending with unconfirmed tags? Maybe not necessary with X25519 as it's so much faster than ElG?

Next after figuring it out for destinations... then work on RI and build messages...

i2p launcher.jpg
i2p launcher.jpg (25.43 KiB) Viewed 11201 times
MacOS Installer debugging continues - please test it out if you can!

Packaging for CentOS, RHEL, Fedora, etc
For better experience of CentOS/RHEL/Fedora users, we could set up a repository
Keep an eye on the ticket link above for updates.

Router & Console

Str4d has a branch of Java I2P that uses Rust for Ed25519 (if a compatible library is available). Signature creation is about 2x faster than pure Java; verification is about 2.8x faster by his measurements. It has been made available for limited testing with Linux, Windows and Android libraries.

A first pass has been taken at the console overhaul. Initial consideration is being given to getting rid of /console and simplifying the summary bar. Updated iconography is being decided as well.

Our next release will be out in about a week, we are wrapping things up now. NTCP2 will be enabled.
For anyone not familiar with NTCP2 , here is a FAQ from zzz's forum earlier this year, as well as notes from August (viewtopic.php?f=27&t=450)

Q: When is it available? 

A: In Java I2P, in dev build 0.9.35-1, but it's disabled by default. The release will be 0.9.36 (August), but it will still be disabled by default. It will be enabled in 0.9.37 (November).

Q: How to enable? 

A: For Java I2P: Advanced config i2np.ntcp2.enable=true ... restart required.

Q: Is it on the same port as NTCP 1? 

A: The spec allows either the same or a different port. Implementation-dependent. In Java I2P we will use the same port. I believe i2pd will use a different port.

Q: Are there separate connection limits for NTCP 2? 

A: Not in Java I2P. The NTCP connection limits apply to the total NTCP 1 and 2 connections.

Q: How do I know if it's working, or if I have NTCP2 connections? 

A: Look on the /peers page in the NTCP section, there's now a column for version. There are very few routers out there with NTCP2 enabled right now, you may not see any.

Q: Does NTCP 2 work for outbound connections if I'm firewalled? 

A: It should, but I haven't tested that yet, so it probably doesn't.

Q: What are the benefits of NTCP 2? 

A: Faster, more secure, more resistant to traffic analysis and blocking.

Q: Will NTCP 1 support be removed? 

A: Eventually, yes.

In other news, we are working internally on updated use cases and threat models. Also we are working on a survey to help establish our future goals for I2P . We will be creating a survey which will be posted for the I2P community to take part in as well very soon.

Post Reply