5 * Occasional connection to mail server: UsecaseMail.
6 * Unreliable/expensive communication link: UsecaseUnreliable.
7 * Slow/expensive link for high-volume data, bad QoS: UsecaseQoS.
8 * Extreme terrestrial environments, no link: UsecaseNoLink.
9 * Private, isolated MitM-resistant networks: UsecaseF2F.
10 * Highly secure isolated air-gap computers: UsecaseAirgap.
11 * Network censorship bypassing: UsecaseCensor.
12 * Reconnaissance, spying, intelligence, covert agents: UsecaseSpy.
16 @section Occasional connection to mail server
18 Assume that you have got your own @url{http://www.postfix.org/, Postfix}
19 SMTP server connected to the Internet. But you read and write emails on
20 your notebook, that is connected to it just from time to time. How can
21 you flush buffered mail queues when your notebook is connected?
23 One possibility is to log in and run something like @command{postqueue
24 -f}, but by default you have got only several days so and sender will
25 receive notification emails that his messages still are not delivered
26 yet. Also you must have secure link (SSH, VPN, etc).
28 Another possibility is to use POP3/IMAP4 servers, but this is too
29 overcomplicated and bloated for the simple task. Not an option. KISS!
33 Just tell both of your Postfixes (on the server and notebook) to drop
34 email as a mail via NNCP to specified node. This is done similarly as
35 with UUCP and as written in Postfix
36 @url{http://www.postfix.org/UUCP_README.html, documentation}.
38 Search for @code{uucp} related strings in @code{master.cf} and replace
42 nncp unix - n n - - pipe flags=Fqhu user=nncp argv=nncp-mail -quiet $nexthop $recipient
45 then add transport map, telling that mail for example.com domain can be
46 reached through NNCP transport to node @code{bob}:
52 Now, all mail will be stored in NNCP spool, that after exchanging and
53 tossing will call local @code{sendmail} command to deliver them just
54 that was happened on the same machine.
56 @node UsecaseUnreliable
57 @section Unreliable/expensive communication link
59 Assume that you have got slow modem/radio/cellular link that frequently
60 disconnects and causes TCP timeouts. Not all HTTP servers support file
61 download continuation. SMTP does not support resuming at all and heavy
62 messages is a problem to retrieve. Moreover, each disconnect leads to
63 the same data retransmission again, that can be expensive to afford.
65 Just send your mail and files through NNCP. You can use either offline
66 delivery methods -- read about them below, or you can use included NNCP
72 % nncp-file file_i_want_to_send bob:
73 % nncp-file another_file bob:movie.avi
76 will queue two files for sending to @code{bob} node. Fire and forget!
77 Now this is daemon's job (or offline transfer) to send this file part by
78 part to remote system when it is available.
81 @section Slow/expensive link for high-volume data, bad QoS
83 Assume that you can give your relatively cheap 2 TiB removable hard
84 drive to someone each day at the morning (and take it back at the
85 evening). This equals to 185 Mbps good quality (without any speed
86 degradation) link in single direction. What about more and bigger hard
87 drives? This type of data exchange is called
88 @url{https://en.wikipedia.org/wiki/Sneakernet, sneakernet}/floppynet.
90 NNCP allows traffic prioritizing: each packet has niceness level,
91 that will guarantee that it will be processed earlier or later than the
92 other ones. Nearly all commands has corresponding option:
95 % nncp-file -nice 32 myfile node:dst
96 % nncp-xfer -nice 192 /mnt/shared
97 % nncp-call -nice 224 bob
102 @section Extreme terrestrial environments, no link
104 This is some kind of too slow link. Offline delivery methods is the only
105 choice. Just send files as shown above, but use removable media for
106 transferring packets to other nodes.
108 Assume that you send two files to @code{bob} node. Insert USB storage
109 device, mount it and run:
112 % nncp-xfer -node bob /media/usbstick
115 to copy all outbound packets related to @code{bob}'s node. Use
116 @code{-force} option to forcefully create related directory on USB
117 storage if they are missing (for example when running for the first
120 If you use single storage device to transfer data both to @code{bob} and
121 @code{alice}, then just omit @code{-node} option to copy all existing
122 outgoing packets to that storage device.
125 % nncp-xfer /media/usbstick
128 Unmount it and transfer somehow to Bob and Alice. When they will insert
129 it in their computers, they will use exactly the same command:
132 % nncp-xfer /media/usbstick
135 to find all packets related to their node and copy them locally for
136 further processing. @code{nncp-xfer} is the only command used with
140 @section Private, isolated MitM-resistant networks
142 All Internet connections can be eavesdropped and forged. You
143 @strong{have to} to use encryption and authentication for securing them.
144 But it is very hard to secure metadata, that leaks during each online
145 session. When you start your shiny new software server be sure that
146 there could be huge quantity of bogus peers trying to perform
147 @url{https://en.wikipedia.org/wiki/Sybil_attack, Sybil attack}. Opennet
148 peer-to-peer networking is dangerous thing to do.
150 The most popular cryptographic protocol in Internet is
151 @url{https://en.wikipedia.org/wiki/Transport_Layer_Security, TLS} that
152 is very hard to implement right and hard to configure for mutual
153 participants authentication. Not all TLS configurations and related
154 protocols provide @url{https://en.wikipedia.org/wiki/Forward_secrecy,
155 forward secrecy} property -- all previously intercepted packets could be
156 read if private keys are compromised.
158 Friend-to-friend networks, darknets can mitigate risks related to fake
159 and forged nodes. However they are harder to support require more time
162 NNCP's TCP daemon uses @url{http://noiseprotocol.org/, Noise-IK}
163 protocol to mutually authenticate peers and provide effective (both
164 participants send payload in the very first packet) secure transport
165 with forward secrecy property.
168 % nncp-daemon -bind [::]:5400
170 will start TCP daemon listening on all interfaces for incoming
176 will try to connect to @code{bob}'s node known TCP addresses (taken from
177 configuration file) and send all related outbound packets and retrieve
178 those the Bob has. All interrupted transfers will be automatically
182 @section Highly secure isolated air-gap computers
184 If you worry much about security, then air-gapped computer could be the
185 only choice you can afford. Computer without any modems, wired and
186 wireless networks. Obviously the only possibility to exchange mail and
187 files is to use physically removable storage devices like CD-ROM, hard
188 drive, tape and USB flash drives (worst choice, due to those devices
191 Presumably you have got another own hop before that computer: another
192 intermediate node which performs basic verification of retrieved storage
193 devices, possibly by rewriting the data from USB/hard drives to CD-RWs.
195 NNCP supports packets relying (transitioning) out-of-box.
202 lan: [fe80::5400%igb0]:5400
208 That configuration file tells that we have got two known neighbours
209 (nodes, peers): @code{bob} and @code{bob-airgap}. @code{bob} can be
210 reached via online connection using @code{lan} address.
211 @code{bob-airgap} can be reached by sending intermediate relay packet
212 through the @code{bob}.
214 Any command like @code{nncp-file myfile bob-airgap:} will automatically
215 create two packets: one for the destination endpoint, other for
216 intermediate relaying node.
218 Pay attention that relaying node knows nothing about the packet inside,
219 but just its size and priority. Transition packets are encrypted too.
220 @code{bob} can not read @code{bob-airgap}'s packets.
223 @section Network censorship bypassing
225 This is some kind of bad link too. Some governments tend to forbid
226 @strong{any} kind of private communication between people, allowing only
227 entertainment content delivering and popular social networks access
228 (that are already bloated with advertisements, local proprietary
229 JavaScript code execution (for spying on user activities, collect data
230 on them), shamelessly exploiting of very basic interhuman need of
233 This is their natural right and wish. Nobody forces you to obey huge
234 corporations like Apple, Google or Microsoft. It is your choice to
235 create isolated friend-to-friend network with piles of harmless content
236 and private messaging. Only predators silently watch for their victims
237 in mammals world -- it harms your health being watched and feeling that
238 you are the victim that has already done something wrong.
241 @section Reconnaissance, spying, intelligence, covert agents
243 Those guys know how Internet is a dangerous place incompatible with
244 privacy. They require quick, fast dropping and picking of data. No
245 possibility of many round-trips -- just drop the data, fire-and-forget.
246 It could be either removable media again, or
247 @url{https://en.wikipedia.org/wiki/USB_dead_drop, USB dead drops}, or
248 @url{https://en.wikipedia.org/wiki/PirateBox, PirateBox}es, or
249 @url{https://en.wikipedia.org/wiki/Short-range_agent_communications, SRAC}.
250 Short lived short range networks like Bluetooth and WiFi can also
251 be pretty fast, allowing to quickly fire chunks of queued packets.
253 Very important property is that compromising of those dead drops and
254 storages must not be fatal and even dangerous. Packets sent through the
255 network and exchanged via those devices are end-to-end encrypted (but
256 unfortunately lacking forward secrecy). No filenames, mail recipients
259 All communications are done with so-called spool area: directory
260 containing only those unprocessed encrypted packets. After packet
261 transfer you still can not read any mail of get files: you have to run
262 another stage: tossing. Only that stage involves your private
263 cryptographic keys. So even if your loose your computer, storage devices
264 and so on -- it is not so bad, because you are not carrying private keys
265 with it, you do not "toss" those packets immediately on the same device.
266 Tossing (reading those encrypted packets and extracting transferred
267 files and mail messages) could and should be done on a separate