X-Git-Url: https://git.distorted.org.uk/~mdw/hippotat/blobdiff_plain/a2b48abfb3e429655bbc13992bd2dd12d05679e7..216519e342072164533ae340141d585c638db8e2:/PROTOCOL

diff --git a/PROTOCOL b/PROTOCOL
index cf6eacf..e18cf0e 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -8,7 +8,9 @@ from the queue and returns them as the POST response body payload
 Each incoming request contains up to max_batch_up bytes of payload.
 It's a multipart/form-data.
 
-Authentication: for now, plaintext password
+Authentication: clock-based lifetime-limited bearer tokens.
+
+Encryption and integrity checking: none.  Use a real VPN over this!
 
 Routing assistance: none in hippotat; can be requested on client
  from userv-ipif via `vroutes' parameter.  Use with secnet polypath
@@ -17,12 +19,16 @@ Routing assistance: none in hippotat; can be requested on client
 Client form parameters (multipart/form-data):
  m		metadata, newline-separated list (text file) of
 			client ip address (textual)
-		       	password
+		       	token
 			target_requests_outstanding
 			http_timeout
  d              data (SLIP format, with SLIP_ESC and `-' swapped)
 
 
+Authentication token is:
+        <time_t in hex with no leading 0s> <hmac in base64>
+(separated by a single space).  The hmac is
+        HMAC(secret, <time_t in hex>)
 
 
 Possible future nonce-based authentication: