Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
-Authentication: for now, plaintext password
+Authentication: clock-based lifetime-limited bearer tokens.
-Routing assistance: none needed; secnet polypath will DTRT
+Encryption and integrity checking: none. Use a real VPN over this!
+
+Routing assistance: none in hippotat; can be requested on client
+ from userv-ipif via `vroutes' parameter. Use with secnet polypath
+ ideally uses the special support in secnet 0.4.x.
Client form parameters (multipart/form-data):
m metadata, newline-separated list (text file) of
client ip address (textual)
- password
+ token
target_requests_outstanding
- d data (SLIP format)
+ http_timeout
+ d data (SLIP format, with SLIP_ESC and `-' swapped)
+
+Authentication token is:
+ <time_t in hex with no leading 0s> <hmac in base64>
+(separated by a single space). The hmac is
+ HMAC(secret, <time_t in hex>)
-Future nonce-based authentication:
+Possible future nonce-based authentication:
server keeps big nonce counter for each client
meaning is: