5 * Occasional connection to mail server: UsecaseMail.
6 * Lightweight fast POP3/IMAP4 replacement: UsecasePOP.
7 * Unreliable/expensive communication link: UsecaseUnreliable.
8 * Slow/expensive link for high-volume data, bad QoS: UsecaseQoS.
9 * Extreme terrestrial environments, no link: UsecaseNoLink.
10 * Private, isolated MitM/Sybil-resistant networks: UsecaseF2F.
11 * Highly secure isolated air-gap computers: UsecaseAirgap.
12 * Network censorship bypassing: UsecaseCensor.
13 * Reconnaissance, spying, intelligence, covert agents: UsecaseSpy.
17 @section Occasional connection to mail server
19 Assume that you have got your own @url{http://www.postfix.org/, Postfix}
20 SMTP server connected to the Internet. But you read and write emails on
21 your notebook, that is connected to it just from time to time. How can
22 you flush buffered mail queues when your notebook is connected?
24 One possibility is to log in and run something like @command{postqueue
25 -f}, but by default you have got only several days so and sender will
26 receive notification emails that his messages still are not delivered
27 yet. Also you must have secure link (SSH, VPN, etc).
29 Another possibility is to use POP3/IMAP4 servers, but this is too
30 overcomplicated and bloated for the simple task. Not an option. KISS!
32 Just tell both of your Postfixes (on the server and notebook) to drop
33 email as a mail via NNCP (@ref{nncp-mail}) to specified node. This is
34 done similarly as with UUCP and as written in
35 @url{http://www.postfix.org/UUCP_README.html, Postfix documentation}.
37 Look @ref{Postfix, here} for further information. All mail will be
38 stored in NNCP @ref{Spool, spool}, that after exchanging and tossing
39 will call local @command{sendmail} command to deliver them just like
40 that happened on the same machine.
43 @section Lightweight fast POP3/IMAP4 replacement
45 @ref{nncp-daemon} can be connected with @ref{nncp-caller} for a long
46 time -- it can create TCP connection that lasts for many hours. When
47 SMTP server receives mail, it will call @ref{nncp-mail} creating an
48 outbound encrypted packet. Daemon checks outbound directory each second
49 and immediately sends notification about undelivered packets to remote
50 side, that also downloads it at once.
52 There are only dozens of bytes notifying about incoming packets, dozens
53 of bytes telling to download those packets. Mail packets are compressed
54 (POP3 and IMAP4 as a rule do not). You have lightweight, compressed,
55 low-delay, reliable link for the mail with strong encryption and mutual
58 @node UsecaseUnreliable
59 @section Unreliable/expensive communication link
61 Assume that you have got slow modem/radio/cellular link that frequently
62 disconnects and causes TCP timeouts. Not all HTTP servers support file
63 download continuation. SMTP does not support resuming at all and heavy
64 messages is problematic to retrieve. Moreover, each disconnect leads to
65 the same data retransmission again, that can not be afforded sometimes.
67 Just send your @ref{nncp-mail, mail} and @ref{nncp-file, files} through
68 NNCP. You can use either offline delivery methods -- read about them in
69 the next section, or you can use included NNCP @ref{nncp-daemon, TCP
75 % nncp-file file_i_want_to_send bob:
76 % nncp-file another_file bob:movie.avi
79 will queue two files for sending to @code{emph} node. Fire and forget!
80 Now this is daemon's job (or offline transfer) to send this file part by
81 part to remote system when it is available.
84 @section Slow/expensive link for high-volume data, bad QoS
86 Assume that you can give your relatively cheap 2 TiB removable hard
87 drive to someone each day at the morning (and take it back at the
88 evening). This equals to 185 Mbps good quality (without any speed
89 degradation) link in single direction. What about more and bigger hard
90 drives? This type of data exchange is called
91 @url{https://en.wikipedia.org/wiki/Sneakernet, sneakernet}/floppynet.
93 NNCP allows traffic @ref{Niceness, prioritizing}: each packet has
94 niceness level, that will guarantee that it will be processed earlier or
95 later than the other ones. Nearly all commands has corresponding option:
98 % nncp-file -nice 32 myfile node:dst
99 % nncp-xfer -nice 192 /mnt/shared
100 % nncp-call -nice 224 bob
105 @section Extreme terrestrial environments, no link
107 This is some kind of too slow link. Offline delivery methods is the only
108 choice. Just send files as shown in previous section, but use removable
109 media for transferring packets to other nodes.
111 Assume that you send two files to @emph{bob} node. Insert USB storage
112 device, mount it and run @ref{nncp-xfer}:
115 % nncp-xfer -node bob /media/usbstick
118 to copy all outbound packets related to @emph{bob}. Use @option{-mkdir}
119 option to create related directory on USB storage if they are missing
120 (for example when running for the first time).
122 If you use single storage device to transfer data both to @emph{bob} and
123 @emph{alice}, then just omit @option{-node} option to copy all existing
124 outgoing packets to that storage device.
127 % nncp-xfer /media/usbstick
130 Unmount it and transfer somehow to Bob and Alice. When they will insert
131 it in their computers, they will use exactly the same command:
134 % nncp-xfer /media/usbstick
137 to find all packets related to their node and copy them locally for
138 further processing. nncp-xfer is the only command used with removable
142 @section Private, isolated MitM/Sybil-resistant networks
144 All Internet connections can be eavesdropped and forged. You
145 @strong{have to} to use encryption and authentication for securing them.
146 But it is very hard to secure metadata, that leaks during each online
147 session. When you start your shiny new software server be sure that
148 there could be huge quantity of bogus peers trying to perform
149 @url{https://en.wikipedia.org/wiki/Sybil_attack, Sybil attack}. Opennet
150 peer-to-peer networking is dangerous thing to do.
152 The most popular cryptographic protocol in Internet is
153 @url{https://en.wikipedia.org/wiki/Transport_Layer_Security, TLS} that
154 is very hard to implement correctly and hard to configure for mutual
155 participants authentication. Not all TLS configurations and related
156 protocols provide @url{https://en.wikipedia.org/wiki/Forward_secrecy,
157 forward secrecy} property -- all previously intercepted packets could be
158 read if private keys are compromised.
160 Friend-to-friend networks, darknets can mitigate risks related to fake
161 and forged nodes. However they are harder to support and require more
162 time to be done right.
164 NNCP's @ref{nncp-daemon, TCP daemon} uses
165 @url{http://noiseprotocol.org/, Noise-IK} protocol to mutually
166 authenticate peers and provide effective (both participants send payload
167 in the very first packet) secure transport with forward secrecy
171 % nncp-daemon -bind [::]:5400
173 will start TCP daemon listening on all interfaces for incoming
179 will try to connect to @emph{bob}'s node known TCP addresses (taken from
180 configuration file) and send all related outbound packets and retrieve
181 those the Bob has. All interrupted transfers will be automatically
185 @section Highly secure isolated air-gap computers
187 If you worry much about security, then air-gapped computer could be the
188 only choice you can afford. Computer without any modems, wired and
189 wireless networks. Obviously the only possibility to exchange mail and
190 files is to use physically removable storage devices like CD-ROM, hard
191 drive, tape and USB flash drives (worst choice, due to those devices
194 Presumably you have got another own hop before that computer: another
195 intermediate node which performs basic verification of retrieved storage
196 devices, possibly by rewriting the data from USB/hard drives to CD-RWs.
198 NNCP supports packets relying (transitioning) out-of-box.
205 lan: [fe80::5400%igb0]:5400
211 That @ref{Configuration, configuration file} tells that we have got two
212 known neighbours: @emph{bob} and @emph{bob-airgap}. @emph{bob} can be
213 reached via online connection using @emph{lan} address.
214 @emph{bob-airgap} can be reached by sending intermediate relay packet
215 through the @emph{bob}.
217 Any command like @command{nncp-file myfile bob-airgap:} will
218 automatically create an encapsulated packet: one for the destination
219 endpoint, and other carrying it for intermediate relaying node.
221 Pay attention that relaying node knows nothing about the packet inside,
222 but just its size and priority. Transition packets are encrypted too.
223 @emph{bob} can not read @emph{bob-airgap}'s packets.
226 @section Network censorship bypassing
228 This is some kind of bad link too. Some governments tend to forbid
229 @strong{any} kind of private communication between people, allowing only
230 entertainment content delivering and popular social networks access
231 (that are already bloated with advertisements, locally executed
232 proprietary JavaScript code (for spying on user activities, collect data
233 on them), shamelessly exploiting the very basic human need of communication).
235 This is their natural wish. But nobody forces you to obey huge
236 corporations like Apple, Google or Microsoft. It is your choice to
237 create an isolated friend-to-friend network with piles of harmless
238 content and private messaging. Only predators silently watch for their
239 victims in mammals world -- it harms your health being watched and
240 feeling that you are the victim that has already done something wrong.
243 @section Reconnaissance, spying, intelligence, covert agents
245 Those guys know how Internet is a dangerous place incompatible with
246 privacy. They require quick, fast dropping and picking of data. No
247 possibility of many round-trips -- just drop the data, fire-and-forget.
248 It could be either removable media again, or
249 @url{https://en.wikipedia.org/wiki/USB_dead_drop, USB dead drops}, or
250 @url{https://en.wikipedia.org/wiki/PirateBox, PirateBox}es, or
251 @url{https://en.wikipedia.org/wiki/Short-range_agent_communications, SRAC}.
252 Short lived short range networks like Bluetooth and WiFi can also
253 be pretty fast, allowing to quickly fire chunks of queued packets.
255 Very important property is that compromising of those dead drops and
256 storages must be neither fatal nor even dangerous. Packets sent through
257 the network and exchanged via those devices are end-to-end
258 @ref{Encrypted, encrypted} (but unfortunately lacking forward secrecy).
259 No filenames, mail recipients are seen.
261 All communications are done with so-called @ref{Spool, spool} area:
262 directory containing only those unprocessed encrypted packets. After
263 packet transfer you still can not read any of them: you have to run
264 another stage: @ref{nncp-toss, tossing}, that involves your private
265 cryptographic keys. So even if your loose your computer, storage devices
266 and so on -- it is not so bad, because you are not carrying private keys
267 with it (don't you?), you do not "toss" those packets immediately on the
268 same device. Tossing (reading those encrypted packets and extracting
269 transferred files and mail messages) could and should be done on a