* First pass of the new tunnel creation crypto, specified in the new
router/doc/tunnel-alt-creation.html (referenced in the current
router/doc/tunnel-alt.html). It isn't actually used anywhere yet, other
than in the test code, but the code verifies the technical viability, so
further scrutiny would be warranted.
2005-07-27 jrandom
* Enabled SSU as the default top priority transport, adjusting the
config.jsp page accordingly.
* Add verification fields to the SSU and TCP connection negotiation (not
compatible with previous builds)
* Enable the backwards incompatible tunnel crypto change as documented in
tunnel-alt.html (have each hop encrypt the received IV before using it,
then encrypt it again before sending it on)
* Disable the I2CP encryption, leaving in place the end to end garlic
encryption (another backwards incompatible change)
* Adjust the protocol versions on the TCP and SSU transports so that they
won't talk to older routers.
* Fix up the config stats handling again
* Fix a rare off-by-one in the SSU fragmentation
* Reduce some unnecessary netDb resending by inluding the peers queried
successfully in the store redundancy count.
* added more inbound tests
* made the tunnel preprocessing header more clear and included better fragmentation support
(still left: tests for outbound tunnel processing, structures and jobs to integrate with the router,
remove that full SHA256 from each and every I2NPMessage or put a smaller one at the
transport layer, and all the rest of the tunnel pooling/building stuff)
tunnel ID they listen on and make sure the previous peer doesn't change over time. The
worst that a hostile peer could do is create a multiplicative work factor - they send N
messages, causing N*#hops in the loop of bandwidth usage. This is identical to the hostile
peer simply building a pair of tunnels and sending N messages through them.
also added some discussion about the tradeoffs and variations wrt fixed size tunnel messages.
