~mdw
/
hippotat
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ResponseConsumer: pass resp to superclass constructor (nfc)
[hippotat]
/
PROTOCOL
diff --git
a/PROTOCOL
b/PROTOCOL
index
ae64db8
..
e18cf0e
100644
(file)
--- a/
PROTOCOL
+++ b/
PROTOCOL
@@
-8,21
+8,30
@@
from the queue and returns them as the POST response body payload
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
-Authentication:
for now, plaintext password
+Authentication:
clock-based lifetime-limited bearer tokens.
-Routing assistance: none needed; secnet polypath will DTRT
+Encryption and integrity checking: none. Use a real VPN over this!
+
+Routing assistance: none in hippotat; can be requested on client
+ from userv-ipif via `vroutes' parameter. Use with secnet polypath
+ ideally uses the special support in secnet 0.4.x.
Client form parameters (multipart/form-data):
m metadata, newline-separated list (text file) of
client ip address (textual)
Client form parameters (multipart/form-data):
m metadata, newline-separated list (text file) of
client ip address (textual)
- password
+ token
target_requests_outstanding
http_timeout
d data (SLIP format, with SLIP_ESC and `-' swapped)
target_requests_outstanding
http_timeout
d data (SLIP format, with SLIP_ESC and `-' swapped)
+Authentication token is:
+ <time_t in hex with no leading 0s> <hmac in base64>
+(separated by a single space). The hmac is
+ HMAC(secret, <time_t in hex>)
+
-
F
uture nonce-based authentication:
+
Possible f
uture nonce-based authentication:
server keeps big nonce counter for each client
meaning is:
server keeps big nonce counter for each client
meaning is: