Migrated naming and plugins pages

i2p2www/pages/global/nav.html

@@ -67,6 +67,8 @@
           <li><a href="{{ site_url('docs/specs/updates') }}"><span>{{ _('Software updates') }}</span></a></li>
         </ul>
       </li>
+      <li><a href="{{ site_url('docs/naming') }}"><span>{{ _('Naming and addressbook') }}</span></a></li>
+      <li><a href="{{ site_url('docs/plugins') }}"><span>{{ _('Plugins') }}</span></a></li>
       <li><a href="{{ site_url('docs/papers') }}"><span>{{ _('Papers and presentations') }}</span></a></li>
     </ul>
   </li>

i2p2www/pages/site/docs/naming.html

@@ -0,0 +1,291 @@
+{% extends "global/layout.html" %}
+{% block title %}Naming and Addressbook{% endblock %}
+{% block content %}
+<h1>Naming in I2P</h1>
+<h2 id="overview">Overview</h2>
+
+This page was last updated in March 2012 and is accurate for router version 0.8.13.
+<p>
+I2P ships with a generic naming library and a base implementation 
+designed to work off a local name to destination mapping, as well as an
+add-on application called the <a href="#addressbook">addressbook</a>. 
+I2P also supports <a href="#base32">Base32 hostnames</a> similar to Tor's .onion addresses.
+</p>
+
+<p>
+The addressbook is a web-of-trust
+driven secure, distributed, and human readable naming system, sacrificing only
+the call for all human readable names to be globally unique by mandating only
+local uniqueness.  While all messages in I2P are cryptographically addressed
+by their destination, different people can have local addressbook entries for
+"Alice" which refer to different destinations.  People can still discover new
+names by importing published addressbooks of peers specified in their web of trust,
+by adding in the entries provided through a third party, or (if some people organize
+a series of published addressbooks using a first come first serve registration
+system) people can choose to treat these addressbooks as name servers, emulating
+traditional DNS.
+</p>
+
+<p>
+NOTE: For the reasoning behind the I2P naming system, common arguments against it
+and possible alternatives see the <a href="{{ site_url('docs/discussions/naming') }}">naming discussion</a>
+page.
+</p>
+
+
+<h2 id="components">Naming System Components</h2>
+<p>
+There is no central naming authority in I2P.
+All hostnames are local.
+</p>
+<p>
+The naming system is quite simple and most of it is implemented
+in applications external to the router, but bundled with
+the I2P distribution.
+The components are:
+</p>
+<ol>
+<li>The <a href="#lookup">client application</a> which does local lookups in hosts.txt
+and also takes care of the <a href="#base32">Base32 hostnames</a>.
+<li>The <a href="#httpproxy">HTTP proxy</a> which asks the router for lookups and points
+the user to remote jump services to assist with failed lookups
+<li>HTTP <a href="#add-services">host-add forms</a> which allow users to add hosts to their local hosts.txt
+<li>HTTP <a href="#jump-services">jump services</a> which provide their own lookups and redirection
+<li>The <a href="#addressbook">addressbook</a> application which merges external
+host lists, retrieved via HTTP, with the local list
+<li>The <a href="#susidns">SusiDNS</a> application which is a simple web front-end
+for addressbook configuration and viewing of the local host lists.
+</ol>
+
+<h2 id="lookup">Naming Files and Lookups</h2>
+<p>
+All destinations in I2P are 516-byte (or longer) keys.
+(To be more precise, it is a 256-byte public key plus a 128-byte signing key
+plus a null certificate, which in Base64 representation is 516 bytes.
+<a href="{{ site_url('docs/discussions/naming') }}#certificates">Certificates</a> are not used now,
+if they are, the keys will be longer.
+One possible use of certificates is for <a href="todo.html#hashcash">proof of work</a>.)
+</p><p>
+If an application (i2ptunnel or the HTTP proxy) wishes to access
+a destination by name, the router does a very simple local lookup
+to resolve that name.
+The client application (technically, the client side of I2CP in the I2P API)
+does a linear search through three local files, in order, to
+look up host names and convert them to a 516-byte destination key:
+<ol>
+<li>privatehosts.txt
+<li>userhosts.txt
+<li>hosts.txt
+</ol>
+<p>The lookup is case-insensitive.
+The first match is used, and conflicts are not detected.
+There is no enforcement of naming rules in lookups.
+</p><p>
+Lookups are cached for a few minutes.
+There is an experimental facility for real-time lookups (a la DNS) over the network within the router,
+although it is not enabled by default
+(see "EepGet" under <a href="{{ site_url('docs/discussions/naming') }}#alternatives">Alternatives on the discussion page</a>).
+</p>
+
+<h2 id="httpproxy">HTTP Proxy</h2>
+<p>The HTTP proxy does a lookup via the router for all hostnames ending in '.i2p'.
+Otherwise, it forwards the request to a configured HTTP outproxy.
+Thus, in practice, all HTTP (eepsite) hostnames must end in the pseudo-Top Level Domain '.i2p'.
+</p>
+
+<p>
+If the router fails to resolve the hostname, the HTTP proxy returns
+an error page to the user with links to several "jump" services.
+See below for details.
+</p>
+
+<h2 id="addressbook">Addressbook</h2>
+<h3>Incoming Subscriptions and Merging</h3>
+<p>
+The addressbook application periodically
+retrieves other users' hosts.txt files and merges
+them with the local hosts.txt, after several checks.
+Naming conflicts are resolved on a first-come first-served
+basis.
+</p><p>
+Subscribing to another user's hosts.txt file involves
+giving them a certain amount of trust.
+You do not want them, for example, 'hijacking' a new site
+by quickly entering in their own key for a new site before
+passing the new host/key entry to you.
+</p><p>
+For this reason, the only subscription configured by
+default is <code>http://www.i2p2.i2p/hosts.txt</code>,
+which contains a copy of the hosts.txt included
+in the I2P release.
+Users must configure additional subscriptions in their
+local addressbook application (via subscriptions.txt or <a href="#susidns">SusiDNS</a>).
+</p><p>
+Some other public addressbook subscription links:
+</p>
+<ul>
+<li><a href="http://{{ i2pconv('i2host.i2p') }}/cgi-bin/i2hostetag">http://i2host.i2p/cgi-bin/i2hostetag</a>
+<li><a href="http://{{ i2pconv('stats.i2p') }}/cgi-bin/newhosts.txt">http://stats.i2p/cgi-bin/newhosts.txt</a>
+</ul>
+<p>
+The operators of these services may have various policies for listing hosts.
+Presence on this list does not imply endorsement.
+</p>
+
+<h3>Naming Rules</h3>
+<p>
+While there are hopefully not any technical limitations within I2P on host names,
+the addressbook enforces several restrictions on host names
+imported from subscriptions.
+It does this for basic typographical sanity and compatibility with browsers,
+and for security.
+The rules are essentially the same as those in RFC2396 Section 3.2.2.
+Any hostnames violating these rules may not be propagated
+to other routers.
+</p><p>
+Naming rules:</p>
+<ul>
+<li>Names are converted to lower case on import.
+<li>Names are checked for conflict with existing names in the existing userhosts.txt and hosts.txt
+(but not privatehosts.txt) after conversion to lower case.
+<li>Must contain only [a-z] [0-9] '.' and '-' after conversion to lower case.
+<li>Must not start with '.' or '-'.
+<li>Must end with '.i2p'.
+<li>67 characters maximum, including the '.i2p'.
+<li>Must not contain '..'.
+<li>Must not contain '.-' or '-.' (as of 0.6.1.33).
+<li>Must not contain '--' except in 'xn--' for IDN.
+<li>Base32 hostnames (*.b32.i2p) are not allowed.
+<li>Certain hostnames reserved for project use are not allowed
+    (proxy.i2p, router.i2p, console.i2p, *.proxy.i2p, *.router.i2p, *.console.i2p, and others)
+<li>Keys are checked for base64 validity.
+<li>Keys are checked for conflict with existing keys in hosts.txt (but not privatehosts.txt).
+<li>Minimum key length 516 bytes.
+<li>Maximum key length 616 bytes (to account for certs up to 100 bytes).
+</ul>
+<p>
+Any name received via subscription that passes all the checks is added to the local hosts.txt.		
+</p><p>
+Note that the '.' symbols in a host name are of no significance,
+and do not denote any actual naming or trust hierarchy.
+If the name 'host.i2p' already exists, there is nothing
+to prevent anybody from adding a name 'a.host.i2p' to their hosts.txt,
+and this name can be imported by others' addressbook.
+Methods to deny subdomains to non-domain 'owners' (certificates?),
+and the desirability and feasibility of these methods,
+are topics for future discussion.
+</p><p>
+International Domain Names (IDN) also work in i2p (using punycode 'xn--' form).
+To see IDN .i2p domain names rendered correctly in Firefox's location bar,
+add 'network.IDN.whitelist.i2p (boolean) = true' in about:config.
+</p><p>
+As the addressbook application does not use privatehosts.txt at all, in practice
+this file is the only place where it is appropriate to place private aliases or
+"pet names" for sites already in hosts.txt.
+</p>
+
+<h3>Outgoing Subscriptions</h3>
+<p>
+Addressbook will publish the merged hosts.txt to a location
+(traditionally hosts.txt in the local eepsite's home directory) to be accessed by others
+for their subscriptions.
+This step is optional and is disabled by default.
+</p>
+
+<h3>Hosting and HTTP Transport Issues</h3>
+<p>
+The addressbook application, together with eepget, saves the Etag and/or Last-Modified
+information returned by the web server of the subscription.
+This greatly reduces the bandwidth required, as the web server will
+return a '304 Not Modified' on the next fetch if nothing has changed.
+</p>
+<p>
+However the entire hosts.txt is downloaded if it has changed.
+See below for discussion on this issue.
+</p>
+<p>
+Hosts serving a static hosts.txt or an equivalent CGI application
+are strongly encouraged to deliver
+a Content-Length header, and either an Etag or Last-Modified header.
+Also ensure that the server delivers a '304 Not Modified' when appropriate.
+This will dramatically reduce the network bandwidth, and
+reduce chances of corruption.
+</p>
+
+<h2 id="add-services">Host Add Services</h2>
+<p>
+A host add service is a simple CGI application that takes a hostname and a Base64 key as parameters
+and adds that to its local hosts.txt.
+If other routers subscribe to that hosts.txt, the new hostname/key
+will be propagated through the network.
+</p><p>
+It is recommended that host add services impose, at a minimum, the restrictions imposed by the addressbook application listed above.
+Host add services may impose additional restrictions on hostnames and keys, for example:
+</p>
+<ul>
+<li>A limit on number of 'subdomains'.
+<li>Authorization for 'subdomains' through various methods.
+<li>Hashcash or signed certificates.
+<li>Editorial review of host names and/or content.
+<li>Categorization of hosts by content.
+<li>Reservation or rejection of certain host names.
+<li>Restrictions on the number of names registered in a given time period.
+<li>Delays between registration and publication.
+<li>Requirement that the host be up for verification.
+<li>Expiration and/or revocation.
+<li>IDN spoof rejection.
+</ul>
+
+<h2 id="jump-services">Jump Services</h2>
+<p>
+A jump service is a simple CGI application that takes a hostname as a parameter
+and returns a 301 redirect to the proper URL with a <code>?i2paddresshelper=key</code>
+string appended.
+The HTTP proxy will interpret the appended string and
+use that key as the actual destination.
+In addition, the proxy will cache that key so the
+address helper is not necessary until restart.
+</p>
+<p>
+Note that, like with subscriptions, using a jump service
+implies a certain amount of trust, as a jump service could maliciously
+redirect a user to an incorrect destination.
+</p>
+<p>
+To provide the best service, a jump service should be subscribed to
+several hosts.txt providers so that its local host list is current.
+</p>
+
+<h2 id="susidns">SusiDNS</h2>
+<p>
+SusiDNS is simply a web interface front-end to configuring addressbook subscriptions
+and accessing the four addressbook files.
+All the real work is done by the 'addressbook' application.
+</p><p>
+Currently, there is little enforcement of addressbook naming rules within SusiDNS,
+so a user may enter hostnames locally that would be rejected by
+the addressbook subscription rules.
+</p>
+
+<h2 id="base32">Base32 Names</h2>
+<p>I2P supports Base32 hostnames similar to Tor's .onion addresses.
+Base32 addresses are much shorter and easier to handle than the
+full 516-character Base64 Destinations or addresshelpers.
+Example: <code>ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p</code>
+</p><p>
+In Tor, the address is 16 characters (80 bits), or half of the SHA-1 hash.
+I2P uses 52 characters (256 bits) to represent the full SHA-256 hash.
+The form is {52 chars}.b32.i2p.
+Base32 is implemented in the naming service, which queries the
+router over I2CP to lookup the LeaseSet to get the full Destination.
+Base32 lookups will only be successful when the Destination is up and publishing
+a LeaseSet.
+Because resolution may require a network database lookup, it may take significantly
+longer than a local address book lookup.
+</p><p>
+Base32 addresses can be used in most places where hostnames or full destinations
+are used, however there are some exceptions where they may fail if the
+name does not immediately resolve. I2PTunnel will fail, for example, if
+the name does not resolve to a destination.
+</p>
+{% endblock %}

i2p2www/pages/site/docs/plugins.html

@@ -0,0 +1,109 @@
+{% extends "global/layout.html" %}
+{% block title %}Plugins{% endblock %}
+{% block content %}
+<h2>I2P Plugins</h2>
+
+Page last updated June 2012, current as of router version 0.9.
+
+<h3>General Information</h3>
+<p>
+I2P includes a plugin architecture
+to support easy development and installation of additional software.
+</p>
+
+<p>
+There are now plugins available that support distributed email, blogs, IRC
+clients, distributed file storage, wikis, and more.
+</p>
+
+<p>
+Benefits to i2p users and app developers:
+</p>
+
+<ul>
+<li>Easy distribution of applications</li>
+<li>Allows innovation and use of additional libraries without worrying about
+increasing the size of <code>i2pupdate.sud</code></li>
+<li>Support large or special-purpose applications that would never be bundled
+with the I2P installation</li>
+<li>Cryptographically signed and verified applications</li>
+<li>Automatic updates of applications, just like for the router</li>
+<li>Separate initial install and update packages, if desired, for smaller update downloads</li>
+<li>One-click installation of applications. No more asking users to modify
+<code>wrapper.config</code> or <code>clients.config</code></li>
+<li>Isolate applications from the base <code>$I2P</code> installation</li>
+<li>Automatic compatibility checking for I2P version, Java version, Jetty
+version, and previous installed application version</li>
+<li>Automatic link addition in console</li>
+<li>Automatic startup of application, including modifying classpath, without requiring a restart</li>
+<li>Automatic integration and startup of webapps into console Jetty instance</li>
+<li>Facilitate creation of 'app stores' like the one at <a
+    href="http://{{ i2pconv('plugins.i2p') }}">plugins.i2p</a></li>
+<li> One-click uninstall</li>
+<li> Language and theme packs for the console </li>
+<li> Bring detailed application information to the router console </li>
+<li> Non-java applications also supported </li>
+</ul>
+
+
+<h4>Required I2P version</h4>
+<p> 0.7.12 or newer.  </p>
+
+<h4>Installation</h4>
+<p> To install and start a plugin, copy the <code>.xpi2p</code> install link to
+the form at the bottom of <a
+    href="http://127.0.0.1:7657/configclients.jsp#plugin">configclients.jsp in
+    your router console</a> and click the "install plugin" button.  After a
+plugin is installed and started, a link to the plugin will usually appear at
+the top of your summary bar.  </p>
+
+<p> To update a plugin to the latest version, just click the update button on
+<a href="http://127.0.0.1:7657/configclients.jsp#plugin">configclients.jsp</a>.
+There is also a button to check if the plugin has a more recent version, as
+well as a button to check for updates for all plugins.  Plugins will be checked
+for updates automatically when updating to a new I2P release (not including dev
+builds).</p>
+
+
+<h3>Development</h3>
+<p> See the latest <a href="{{ site_url('docs/specs/plugin') }}">plugin specification</a> and the <a
+    href="http://{{ i2pconv('zzz.i2p') }}/forums/16">plugin forum</a> on zzz.i2p.  </p> <p> See
+also the sources for plugins developed by various people.  Some plugins, such
+as <a href="http://{{ i2pconv('plugins.i2p') }}/plugins/snowman">snowman</a>, were developed
+specifically as examples.  </p>
+
+<p> <b>Developers wanted!</b> Plugins are a great way to learn more about I2P
+or easily add some feature.  </p>
+
+<h3>Getting Started</h3>
+<p> To create a plugin from an existing binary package you will need to get
+makeplugin.sh from <a
+    href="http://{{ i2pconv('trac.i2p2.i2p') }}/browser/plugin/makeplugin.sh?rev=776519571fda0689ef09c42f66e7398f30432e87">the
+    i2p.scripts branch in monotone</a>.  </p>
+
+
+<h3>Known Issues</h3>
+<p> Note that the router's plugin architecture does <b>NOT</b> currently
+provide any additional security isolation or sandboxing of plugins.</p>
+
+<ul>
+<li>Updates of a plugin with included jars (not wars) won't be recognized if
+the plugin was already run, as it requires class loader trickery to flush the
+class cache; a full router restart is required.</li>
+<li> The stop button may be displayed even if there is nothing to stop.</li>
+<li> Plugins running in a separate JVM create a <code>logs/</code> directory in
+<code>$CWD</code>.</li>
+<li>No initial keys are present, except for those of jrandom and zzz (using the
+same keys as for router update), so the first key seen for a signer is
+automatically accepted&mdash;there is no signing key authority.  </li>
+<li> When deleting a plugin, the directory is not always deleted, especially on
+Windows.  </li>
+<li> Installing a plugin requiring Java 1.6 on a Java 1.5 machine will result
+in a "plugin is corrupt" message if pack200 compression of the plugin file is
+used.  </li>
+<li> Theme and translation plugins are untested.  </li>
+<li> Disabling autostart doesn't always work.  </li>
+</ul>
+
+<!-- vim: set noai ff=unix nosi ft=html tw=79 et sw=4 ts=4 spell spelllang=en: -->
+{% endblock %}