Next: Highly secure isolated air-gap computers, Previous: Satellite links, Up: Use cases [Index]
All Internet connections can be eavesdropped and forged. You have to to use encryption and authentication for securing them. But it is very hard to secure metadata, that leaks during each online session. When you start your shiny new software server be sure that there could be huge quantity of bogus peers trying to perform Sybil attack. Opennet peer-to-peer networking is dangerous thing to do.
The most popular cryptographic protocol in Internet is TLS that is very hard to implement correctly and hard to configure for mutual participants authentication. Not all TLS configurations and related protocols provide forward secrecy property – all previously intercepted packets could be read if private keys are compromised.
Friend-to-friend networks, darknets can mitigate risks related to fake and forged nodes. However they are harder to support and require more time to be done right.
NNCP’s TCP daemon uses Noise-IK protocol to mutually authenticate peers and provide effective (both participants send payload in the very first packet) secure transport with forward secrecy property.
$ nncp-daemon -bind "[::]":5400
will start TCP daemon listening on all interfaces for incoming connections.
$ nncp-call bob
will try to connect to bob’s node known TCP addresses (taken from configuration file) and send all related outbound packets and retrieve those the Bob has. All interrupted transfers will be automatically resumed.
Ability to do multicast nodes discovery of participant in IPv6 networks allows complete ignorance of network addresses specifying.