2 @section Private, isolated MitM/Sybil-resistant networks
4 All Internet connections can be eavesdropped and forged. You
5 @strong{have to} to use encryption and authentication for securing them.
6 But it is very hard to secure metadata, that leaks during each online
7 session. When you start your shiny new software server be sure that
8 there could be huge quantity of bogus peers trying to perform
9 @url{https://en.wikipedia.org/wiki/Sybil_attack, Sybil attack}. Opennet
10 peer-to-peer networking is dangerous thing to do.
12 The most popular cryptographic protocol in Internet is
13 @url{https://en.wikipedia.org/wiki/Transport_Layer_Security, TLS} that
14 is very hard to implement correctly and hard to configure for mutual
15 participants authentication. Not all TLS configurations and related
16 protocols provide @url{https://en.wikipedia.org/wiki/Forward_secrecy,
17 forward secrecy} property -- all previously intercepted packets could be
18 read if private keys are compromised.
20 Friend-to-friend networks, darknets can mitigate risks related to fake
21 and forged nodes. However they are harder to support and require more
22 time to be done right.
24 NNCP's @ref{nncp-daemon, TCP daemon} uses
25 @url{http://noiseprotocol.org/, Noise-IK} protocol to mutually
26 authenticate peers and provide effective (both participants send payload
27 in the very first packet) secure transport with forward secrecy
31 $ nncp-daemon -bind "[::]":5400
34 will start TCP daemon listening on all interfaces for incoming
41 will try to connect to @emph{bob}'s node known TCP addresses (taken from
42 configuration file) and send all related outbound packets and retrieve
43 those the Bob has. All interrupted transfers will be automatically
46 Ability to do @ref{MCD, multicast nodes discovery} of participant in
47 IPv6 networks allows complete ignorance of network addresses specifying.