Possible Torrent Alternative.

Steve smorrey at gmail.com
Wed Oct 24 10:54:53 MDT 2007


Recent reports are that Comcast is killing torrents by using a packet
spoof to tell two connected clients that the other is requesting a
connection close.

Not only is this evil, it seems to me that a man in the middle attack
should be something the designer should account for when designing a
protocol such as this.

However it looks as though this particular attack is against the TCP
portion of Bittorrent, so this attack would be unavoidable, without
changing something fundamental in the TCP/IP stack.

Therefore I would like to propose that we create a new protocol which
is not susceptible to man in the middle attacks, and is stable, safe,
secure and reliable.

I would like to propose the following as the "PLUG" protocol in honor
of our beloved LUG.

It should accomplish the exact same things as bittorrent, i.e. it
should posses the ability to publish large files as much smaller
chunks distributed across multiple clients.

However instead of using TCP, and a connection based protocol, it
should use UDP and a connectionless protocol.

Furthermore the data should have the option of being encrypted using
some sort of solid encryption protocol.  This would allow for a
signature of sorts on each packet of data, to ensure that yes, this
packet did in fact originate from this sender.

Also instead of a tracker which can be taken down, I propose a query
request method using a globally unique identifier,  based on some sort
of file signature algorithm.  So essentially you query a list of known
hosts for each file, if they don't have it they query all the hosts
they know about etc and so forth.  A query result should return a list
of known hosts which have the file.

Replacing friend with IP addresses the whole system looks something like this...

plug://myfriend/verylongguid/

<query result>
me
myfriendsfriend
hisfriend
herfriend
</query result>

Then a file request would look something like

"I am looking for bytes 10-1000 of GUID"

or

"What bytes do you have for GUID?"

To which a reply would look like

"Here are bytes 10-1000 of GUID"
"File Checksum blah"
"Signature bytes"

or

"I don't have all of  those bytes"
"I have 900-1000"
"File Checksum blah"
"Signature bytes"

or

"I have none of those bytes"
"I possess 1001-EOF and 0-9"

or

"No file by that GUID, please remove me from list"


Anyways something like this should be fairly easy to put together if
anyone is interested in helping me test it out.  It's basically a
bullet proof bittorrent as far as I can tell, unless Comcast or some
other ISP decides to start filtering UDP.

Thoughts?

Sincerely,
Steve



More information about the PLUG mailing list