diff --git a/i2p2www/pages/site/get-involved/develop/applications.html b/i2p2www/pages/site/get-involved/develop/applications.html index ac0760d2..db4eae61 100644 --- a/i2p2www/pages/site/get-involved/develop/applications.html +++ b/i2p2www/pages/site/get-involved/develop/applications.html @@ -1,120 +1,130 @@ {% extends "global/layout.html" %} -{% block title %}Application Development{% endblock %} +{% block title %}{{ _('Application Development') }}{% endblock %} {% block content %} -

Application Development Guide

+

{{ _('Application Development Guide') }}

-

Contents

+

{{ _('Contents') }}

-

Why write I2P-specific code?

+

{{ _('Why write I2P-specific code?') }}

-

- There are multiple ways to use applications in I2P. - Using I2PTunnel, - you can use regular applications without needing to program explicit I2P support. - This is very effective for client-server scenario's, - where you need to connect to a single website. - You can simply create a tunnel using I2PTunnel to connect to that website, as shown in Figure 1. -

-

- If your application is distributed, it will require connections to a large amount of peers. - Using I2PTunnel, you will need to create a new tunnel for each peer you want to contact, - as shown in Figure 2. - This process can of course be automated, but running a lot of I2PTunnel instances creates a large amount of overhead. - In addition, with many protocols you will need to force everyone to - use the same set of ports for all peers - e.g. if you want to reliably run DCC - chat, everyone needs to agree that port 10001 is Alice, port 10002 is Bob, port - 10003 is Charlie, and so on, since the protocol includes TCP/IP specific information - (host and port). -

-

- General network applications often send a lot of additional data that could be used to identify users. - Hostnames, port numbers, time zones, character sets, etc. are often sent without informing the user. - As such, designing the network protocol specifically with anonymity in mind - can avoid compromising user identities. -

-

- There are also efficiency considerations to review when determining how to - interact on top of I2P. The streaming library and things built on top of it - operate with handshakes similar to TCP, while the core I2P protocols (I2NP and I2CP) - are strictly message based (like UDP or in some instances raw IP). The important - distinction is that with I2P, communication is operating over a long fat network - - each end to end message will have nontrivial latencies, but may contain payloads - of up to 32KB. An application that needs a simple request and response can get rid - of any state and drop the latency incurred by the startup and teardown handshakes - by using (best effort) datagrams without having to worry about MTU detection or - fragmentation of messages under 32KB. -

+

{% trans i2ptunnel=site_url('docs/api/i2ptunnel') -%} +There are multiple ways to use applications in I2P. +Using I2PTunnel, +you can use regular applications without needing to program explicit I2P support. +This is very effective for client-server scenario's, +where you need to connect to a single website. +You can simply create a tunnel using I2PTunnel to connect to that website, as shown in Figure 1. +{%- endtrans %}

+

{% trans -%} +If your application is distributed, it will require connections to a large amount of peers. +Using I2PTunnel, you will need to create a new tunnel for each peer you want to contact, +as shown in Figure 2. +This process can of course be automated, but running a lot of I2PTunnel instances creates a large amount of overhead. +In addition, with many protocols you will need to force everyone to +use the same set of ports for all peers - e.g. if you want to reliably run DCC +chat, everyone needs to agree that port 10001 is Alice, port 10002 is Bob, port +10003 is Charlie, and so on, since the protocol includes TCP/IP specific information +(host and port). +{%- endtrans %}

+

{% trans -%} +General network applications often send a lot of additional data that could be used to identify users. +Hostnames, port numbers, time zones, character sets, etc. are often sent without informing the user. +As such, designing the network protocol specifically with anonymity in mind +can avoid compromising user identities. +{%- endtrans %}

+

{% trans -%} +There are also efficiency considerations to review when determining how to +interact on top of I2P. The streaming library and things built on top of it +operate with handshakes similar to TCP, while the core I2P protocols (I2NP and I2CP) +are strictly message based (like UDP or in some instances raw IP). The important +distinction is that with I2P, communication is operating over a long fat network - +each end to end message will have nontrivial latencies, but may contain payloads +of up to 32KB. An application that needs a simple request and response can get rid +of any state and drop the latency incurred by the startup and teardown handshakes +by using (best effort) datagrams without having to worry about MTU detection or +fragmentation of messages under 32KB. +{%- endtrans %}

- Creating a server-client connection using I2PTunnel only requires creating a single tunnel. + {{ _('Creating a server-client connection using I2PTunnel only requires creating a single tunnel.') }}

- Figure 1: Creating a server-client connection using I2PTunnel only requires creating a single tunnel. + {{ _('Figure 1:') }} {{ _('Creating a server-client connection using I2PTunnel only requires creating a single tunnel.') }}

- Setting up connections for a peer-to-peer applications requires a very large amount of tunnels. + {{ _('Setting up connections for a peer-to-peer applications requires a very large amount of tunnels.') }}

- Figure 2: Setting up connections for a peer-to-peer applications requires a very large amount of tunnels. + {{ _('Figure 2:') }} {{ _('Setting up connections for a peer-to-peer applications requires a very large amount of tunnels.') }}

- In summary, a number of reasons to write I2P-specific code: - +{% trans -%} +In summary, a number of reasons to write I2P-specific code: +{%- endtrans %} + -

- Applications written in Java and accessible/runnable - using an HTML interface via the standard webapps/app.war - may be considered for inclusion in the i2p distribution. -

+

{% trans -%} +Applications written in Java and accessible/runnable +using an HTML interface via the standard webapps/app.war +may be considered for inclusion in the i2p distribution. +{%- endtrans %}

-

Important concepts

+

{{ _('Important concepts') }}

-

There are a few changes that require adjusting to when using I2P:

+

{% trans -%} +There are a few changes that require adjusting to when using I2P: +{%- endtrans %}

-

Destination ~= host+port

+

{{ _('Destination ~= host+port') }}

-

An application running on I2P sends messages from and receives messages to a +

{% trans -%} +An application running on I2P sends messages from and receives messages to a unique cryptographically secure end point - a "destination". In TCP or UDP terms, a destination could (largely) be considered the equivalent of a hostname -plus port number pair, though there are a few differences.

+plus port number pair, though there are a few differences. +{%- endtrans %}

-

Anonymity and confidentiality

+

{{ _('Anonymity and confidentiality') }}

-

A useful thing to remember is that I2P has transparent end to end encryption +

{% trans -%} +A useful thing to remember is that I2P has transparent end to end encryption and authentication for all data passed over the network - if Bob sends to Alice's destination, only Alice's destination can receive it, and if Bob is using the datagrams or streaming -library, Alice knows for certain that Bob's destination is the one who sent the data.

+library, Alice knows for certain that Bob's destination is the one who sent the data. +{%- endtrans %}

-

Of course, another useful thing to remember is that I2P transparently anonymizes the +

{% trans -%} +Of course, another useful thing to remember is that I2P transparently anonymizes the data sent between Alice and Bob, but it does nothing to anonymize the content of what they send. For instance, if Alice sends Bob a form with her full name, government IDs, and credit card numbers, there is nothing I2P can do. As such, protocols and applications should keep in mind what information they are trying to protect and what information they are willing -to expose.

+to expose. +{%- endtrans %}

-

I2P datagrams can be up to 32KB

+

{{ _('I2P datagrams can be up to 32KB') }}

-

Applications that use I2P datagrams (either raw or repliable ones) can essentially be thought +

{% trans -%} +Applications that use I2P datagrams (either raw or repliable ones) can essentially be thought of in terms of UDP - the datagrams are unordered, best effort, and connectionless - but unlike UDP, applications don't need to worry about MTU detection and can simply fire off 32KB datagrams (31KB when using the repliable kind). For many applications, 32KB of data is sufficient for an entire request or response, allowing them to transparently operate in I2P as a UDP-like -application without having to write fragmentation, resends, etc.

+application without having to write fragmentation, resends, etc. +{%- endtrans %}

-

Development options

+

{{ _('Development options') }}

-

There are several means of sending data over I2P, each with their own pros and cons. +

{% trans -%} +There are several means of sending data over I2P, each with their own pros and cons. The streaming lib is the recommended interface, used by the majority of I2P applications. -

+{%- endtrans %}

-

Streaming Lib

-

-The full streaming library is now the standard +

{{ _('Streaming Lib') }}

+

{% trans streaming=site_url('docs/api/streaming') -%} +The full streaming library is now the standard interface. It allows programming using TCP-like sockets, as explained in the Streaming development guide. -

+{%- endtrans %}

BOB

-

BOB is the Basic Open Bridge, +

{% trans bob=site_url('docs/api/bob'), boburl=i2pconv('bob.i2p') -%} +BOB is the Basic Open Bridge, allowing an application in any language to make streaming connections to and from I2P. At this point in time it lacks UDP support, but UDP support is planned in the near future. BOB also contains several tools, such as destination key generation, and verification that an address conforms to I2P specifications. Up to date info and applications that use BOB can be -found at this eepsite.

+found at this eepsite. +{%- endtrans %}

SAM, SAM V2, SAM V3

-

SAM is not recommended. SAM V2 is okay, SAM V3 is beta.

-

SAM is the Simple Anonymous Messaging protocol, allowing an +

{{ _('SAM is not recommended. SAM V2 is okay, SAM V3 is beta.') }}

+

{% trans sam=site_url('docs/api/sam') -%} +SAM is the Simple Anonymous Messaging protocol, allowing an application written in any language to talk to a SAM bridge through a plain TCP socket and have that bridge multiplex all of its I2P traffic, transparently coordinating the encryption/decryption -and event based handling. SAM supports three styles of operation:

+and event based handling. SAM supports three styles of operation: +{%- endtrans %}

-

SAM V3 aims at the same goal as SAM and SAM V2, but does not require +

{% trans -%} +SAM V3 aims at the same goal as SAM and SAM V2, but does not require multiplexing/demultiplexing. Each I2P stream is handled by its own socket between the application and the SAM bridge. Besides, datagrams can be sent and received by the application through datagram communications with the SAM bridge. +{%- endtrans %}

-

- -

-SAM V2 is a new version used by imule -that fixes some of the problems in SAM. +

{% trans sam=site_url('docs/api/sam'), samv2=site_url('docs/api/samv2'), samv3=site_url('docs/api/samv3') -%} +SAM V2 is a new version used by imule +that fixes some of the problems in SAM.
-SAM V3 is used by imule since version 1.4.0. -

+SAM V3 is used by imule since version 1.4.0. +{%- endtrans %}

I2PTunnel

-

The I2PTunnel application allows applications to build specific TCP-like tunnels to peers +

{% trans -%} +The I2PTunnel application allows applications to build specific TCP-like tunnels to peers by creating either I2PTunnel 'client' applications (which listen on a specific port and connect to a specific I2P destination whenever a socket to that port is opened) or I2PTunnel 'server' applications (which listen to a specific I2P destination and whenever it gets a new I2P connection it outproxies to a specific TCP host/port). These streams are 8bit clean and are authenticated and secured through the same streaming library that SAM uses, but there is a nontrivial overhead involved with creating multiple unique I2PTunnel instances, since each have -their own unique I2P destination and their own set of tunnels, keys, etc.

+their own unique I2P destination and their own set of tunnels, keys, etc. +{%- endtrans %}

Ministreaming

-

Not recommended

-

+

{{ _('Not recommended') }}

+

{% trans -%} It was possible to write I2P applications in Java using the ministreaming library. However, the Streaming library has superceded this, and provides better functionality. -

+{%- endtrans %}

-

Datagrams

-

Not recommended

-The Datagram library allows sending UDP-like packets. +

{{ _('Datagrams') }}

+

{{ _('Not recommended') }}

+

{% trans datagrams=site_url('docs/spec/datagrams') -%} +The Datagram library allows sending UDP-like packets. It's possible to use: +{%- endtrans %}

I2CP

-

Not recommended

-

I2CP itself is a language independent protocol, but to implement an I2CP library +

{{ _('Not recommended') }}

+

{% trans i2cp=site_url('docs/protocol/i2cp') -%} +I2CP itself is a language independent protocol, but to implement an I2CP library in something other than Java there is a significant amount of code to be written (encryption routines, object marshalling, asynchronous message handling, etc). While someone could write an I2CP library in C or something else, it would most likely be more useful to use the C SAM library instead. -

+{%- endtrans %}

-

Web Applications

+

{{ _('Web Applications') }}

+

{% trans -%} I2P comes with the Jetty webserver, and configuring to use the Apache server instead is straightforward. Any standard web app technology should work. +{%- endtrans %}

-

Start developing - a simple guide

+

{{ _('Start developing - a simple guide') }}

+

{% trans -%} Developing using I2P requires a working I2P installation and a development environment of your own choice. If you are using Java, you can start development with the streaming library or datagram library. Using another programming language, SAM or BOB can be used. +{%- endtrans %}

-

Developing with the streaming library

+

{{ _('Developing with the streaming library') }}

- Development using the streaming library requires the following libraries in your classpath: - +

{% trans -%} +Development using the streaming library requires the following libraries in your classpath: +{%- endtrans %}

+ -

- Network communication requires the usage of I2P network sockets. - To demonstrate this, we will create an application where a client can send text messages to a server, - who will print the messages and send them back to the client. In other words, the server will function as an echo. -

-

- We will start by initializing the server application. This requires getting an I2PSocketManager - and creating an I2PServerSocket. - In addition, we will ask the I2PSocketManager for an I2PSession, so we can find out the Destination we use. -

+

{% trans -%} +Network communication requires the usage of I2P network sockets. +To demonstrate this, we will create an application where a client can send text messages to a server, +who will print the messages and send them back to the client. In other words, the server will function as an echo. +{%- endtrans %}

+

{% trans -%} +We will start by initializing the server application. This requires getting an I2PSocketManager +and creating an I2PServerSocket. +In addition, we will ask the I2PSocketManager for an I2PSession, so we can find out the Destination we use. +{%- endtrans %}

     package i2p.echoserver;
@@ -286,16 +324,16 @@ Using another programming language, SAM or BOB can be used.
     }


-

Code example 1: initializing the server application.

+

{{ _('Code example 1: initializing the server application.') }}

-

- Once we have an I2PServerSocket, we can create I2PSocket instances to accept connections from clients. - In this example, we will create a single I2PSocket instance, that can only handle one client at a time. - A real server would have to be able to handle multiple clients. - To do this, multiple I2PSocket instances would have to be created, each in separate threads. - Once we have created the I2PSocket instance, we read data, print it and send it back to the client. - The bold code is the new code we add. -

+

{% trans -%} +Once we have an I2PServerSocket, we can create I2PSocket instances to accept connections from clients. +In this example, we will create a single I2PSocket instance, that can only handle one client at a time. +A real server would have to be able to handle multiple clients. +To do this, multiple I2PSocket instances would have to be created, each in separate threads. +Once we have created the I2PSocket instance, we read data, print it and send it back to the client. +The bold code is the new code we add. +{%- endtrans %}

     package i2p.echoserver;
@@ -374,12 +412,14 @@ Using another programming language, SAM or BOB can be used.
     }


-

Code example 2: accepting connections from clients and handling messages.

+

{{ _('Code example 2: accepting connections from clients and handling messages.') }}

- When you run the above server code, it should print something like this (but without the line endings, it should just be - one huge block of characters): +

{% trans -%} +When you run the above server code, it should print something like this (but without the line endings, it should just be +one huge block of characters): +{%- endtrans %} 

     y17s~L3H9q5xuIyyynyWahAuj6Jeg5VC~Klu9YPquQvD4vlgzmxn4yy~5Z0zVvKJiS2Lk
     poPIcB3r9EbFYkz1mzzE3RYY~XFyPTaFQY8omDv49nltI2VCQ5cx7gAt~y4LdWqkyk3au
@@ -390,16 +430,18 @@ Using another programming language, SAM or BOB can be used.
     BOF6kbxV7NPRPnivbNekd1E1GUq08ltDPVMO1pKJuGMsFyZC4Q~osZ8nI59ryouXgn97Q
     5ZDEO8-Iazx50~yUQTRgLMOTC5hqnAAAA
- This is the base64-representation of the server Destination. The client will need this string to reach the server. +{% trans -%} +This is the base64-representation of the server Destination. The client will need this string to reach the server. +{%- endtrans %}

-

- Now, we will create the client application. Again, a number of steps are required for initialization. - Again, we will need to start by getting an I2PSocketManager. - We won't use an I2PSession and an I2PServerSocket this time. - Instead, we will use the server Destination string to start our connection. - We will ask the user for the Destination string, and create an I2PSocket using this string. - Once we have an I2PSocket, we can start sending and receiving data to and from the server. -

+

{% trans -%} +Now, we will create the client application. Again, a number of steps are required for initialization. +Again, we will need to start by getting an I2PSocketManager. +We won't use an I2PSession and an I2PServerSocket this time. +Instead, we will use the server Destination string to start our connection. +We will ask the user for the Destination string, and create an I2PSocket using this string. +Once we have an I2PSocket, we can start sending and receiving data to and from the server. +{%- endtrans %}

     package i2p.echoclient;
@@ -474,20 +516,22 @@ Using another programming language, SAM or BOB can be used.
     }


-

Code example 3: starting the client and connecting it to the server application.

+

{{ _('Code example 3: starting the client and connecting it to the server application.') }}

-

- Finally, you can run both the server and the client application. - First, start the server application. It will print a Destination string (like shown above). - Next, start the client application. When it requests a Destination string, you can enter the string printed by the server. - The client will then send 'Hello I2P!' (along with a newline) to the server, who will print the message and send it back to the client. -

-

- Congratulations, you have successfully communicated over I2P! -

+

{% trans -%} +Finally, you can run both the server and the client application. +First, start the server application. It will print a Destination string (like shown above). +Next, start the client application. When it requests a Destination string, you can enter the string printed by the server. +The client will then send 'Hello I2P!' (along with a newline) to the server, who will print the message and send it back to the client. +{%- endtrans %}

+

{% trans -%} +Congratulations, you have successfully communicated over I2P! +{%- endtrans %}

-

Existing Applications in Development

+

{{ _('Existing Applications in Development') }}

+

{% trans -%} Contact us if you would like to help. +{%- endtrans %}

-

Application Ideas

+

{{ _('Application Ideas') }}

+{%- endtrans %} + {% endblock %} diff --git a/i2p2www/pages/site/get-involved/develop/developers-keys.html b/i2p2www/pages/site/get-involved/develop/developers-keys.html index cb793084..25904253 100644 --- a/i2p2www/pages/site/get-involved/develop/developers-keys.html +++ b/i2p2www/pages/site/get-involved/develop/developers-keys.html @@ -1,17 +1,23 @@ {% extends "global/layout.html" %} -{% block title %}I2P Developer's MTN Keys{% endblock %} +{% block title %}{% trans %}I2P Developer's MTN Keys{% endtrans %}{% endblock %} {% block content %} -

MTN Keys

-

Monotone servers used by the I2P project require two types of keys to be used. +

{{ _('MTN Keys') }}

+

{% trans -%} +Monotone servers used by the I2P project require two types of keys to be used. +{%- endtrans %}

-

Everyone that uses Monotone to checkout the I2P codebase will need to import the -developer commit keys, but only Monotone server operators will need to import the transport keys.

+

{% trans monotone=site_url('get-involved/guides/monotone') -%} +Everyone that uses Monotone to checkout the I2P codebase will need to +import the +developer commit keys, but only Monotone +server operators will need to import the transport keys. +{%- endtrans %}

-

Developer Commit keys

+

{{ _('Developer Commit keys') }}

 [pubkey jrandom@i2p.net]
 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLw05kZbux5KLdp
@@ -223,8 +229,11 @@ rIeB7/2uVOpe+3FrFgUzIiWsx6I2yiNI3TscDvQsa5wG0Z2G4BbHXj
 ONyiUzzO+j2TWPs3x35r2LCy8plRzPAswCF1GaIEjJCce5zwIDAQAB
 [end]
-

Developer Transport Keys

-

Note: Transport keys are only needed for setting up a Monotone server.

+

{{ _('Developer Transport Keys') }}

+

{% trans monotone=site_url('get-involved/guides/monotone') -%} +Note: Transport keys are only needed for setting up a +Monotone server. +{%- endtrans %}

 [pubkey zzz-transport@mail.i2p]
diff --git a/i2p2www/pages/site/get-involved/develop/license-agreements.html b/i2p2www/pages/site/get-involved/develop/license-agreements.html
index 6ecaca74..cbe9f4e5 100644
--- a/i2p2www/pages/site/get-involved/develop/license-agreements.html
+++ b/i2p2www/pages/site/get-involved/develop/license-agreements.html
@@ -1,15 +1,20 @@
 {% extends "global/layout.html" %}
-{% block title %}License Agreements{% endblock %}
+{% block title %}{{ _('License Agreements') }}{% endblock %}
 {% block content %}
 
-
For more information see licenses.html.
-
Following is a monotonerc file defining the current trust list.
+
{% trans licenses=site_url('get-involved/develop/licenses') -%}
+For more information see the licenses page.
+{%- endtrans %}

+
{% trans -%}
+Following is a monotonerc file defining the current trust list.
 Developers must use this file in ~/.monotone/monotonerc or
 _MTN/montonerc in their i2p.i2p workspace.
+{%- endtrans %}
 
 {% include "include/monotonerc.html" %}
 
-
Agreements:
+

+
{{ _('Agreements') }}:
 
 
 Complication:
diff --git a/i2p2www/pages/site/get-involved/develop/licenses.html b/i2p2www/pages/site/get-involved/develop/licenses.html
index fca1bbdf..a009fef5 100644
--- a/i2p2www/pages/site/get-involved/develop/licenses.html
+++ b/i2p2www/pages/site/get-involved/develop/licenses.html
@@ -1,30 +1,34 @@
 {% extends "global/layout.html" %}
-{% block title %}Licenses{% endblock %}
+{% block title %}{{ _('Licenses') }}{% endblock %}
 {% block content %}
-
I2P Software Licenses

-

+
{{ _('I2P Software Licenses') }}

+
{% trans threatmodel=site_url('docs/how/threat-model') -%}
 As required by our
-threat model (among other reasons), the 
+threat model (among other reasons), the 
 software developed to support the anonymous communication 
 network we call I2P must be freely available, open source, 
 and user modifiable.  To meet these criteria, we make use of
 a variety of legal and software engineering techniques so
 as to remove as many barriers to entry for those considering
-making use of or contributing to the I2P effort.

+making use of or contributing to the I2P effort.
+{%- endtrans %}

 
-
While the information below may be more confusing than just simply 
+
{% trans -%}
+While the information below may be more confusing than just simply 
 stating "I2P is BSD", "I2P is GPL", or "I2P is public domain",
-the short answer to the question "How is I2P licensed?" is this:

+the short answer to the question "How is I2P licensed?" is this:
+{%- endtrans %}

 
-
All software bundled in the I2P distributions will allow:

+
{{ _('All software bundled in the I2P distributions will allow:') }}

 
    
- 
  1. use without fee
    2. 
- 
  2. use with no restrictions on how, when, where, why, or by whom is running it
    3. 
- 
  3. access to the source code without fee
    4. 
- 
  4. modifications to the source
    5. 
+ 
  5. {{ _('use without fee') }}
    6. 
+ 
  6. {{ _('use with no restrictions on how, when, where, why, or by whom is running it') }}
    7. 
+ 
  7. {{ _('access to the source code without fee') }}
    8. 
+ 
  8. {{ _('modifications to the source') }}
    9. 
 

 
-
Most of the software guarantees much more - the ability of anyone to 
+
{% trans -%}
+Most of the software guarantees much more - the ability of anyone to 
 distribute the modified source however they choose.  However, not all of the 
 software bundled provides this freedom - the GPL restricts the ability of 
 developers who wish to integrate I2P with their own applications that are not 
@@ -33,26 +37,29 @@ increasing the resources in the commons, I2P is best served by removing any
 barriers that stand in the way of its adoption - if a developer considering whether
 they can integrate I2P with their application has to stop and check with their lawyer,
 or conduct a code audit to make sure their own source can be released as GPL-compatible,
-we lose out.

+we lose out.
+{%- endtrans %}

 
-
Component licenses

-
The I2P distribution contains several resources, reflecting the partitioning of 
+
{{ _('Component licenses') }}

+
{% trans -%}
+The I2P distribution contains several resources, reflecting the partitioning of 
 the source code into components.  Each component has its own license, which all 
 developers who contribute to it agree to - either by explicitly declaring the release
 of code committed under a license compatible with that component, or by implicitly
 releasing the code committed under the component's primary license.  Each of these 
 components has a lead developer who has the final say as to what license is compatible
 with the component's primary license, and the I2P project manager has the final say as
-to what licenses meet the above four guarantees for inclusion in the I2P distribution.

+to what licenses meet the above four guarantees for inclusion in the I2P distribution.
+{%- endtrans %}

 
 
-  
-  
-  
-  
-  
-  
+  
+  
+  
+  
+  
+  
@@ -261,11 +268,13 @@ to what licenses meet the above four guarantees for inclusion in the I2P distrib
  

  
ComponentSource pathResourcePrimary licenseAlternate licensesLead developer{{ _('Component') }}{{ _('Source path') }}{{ _('Resource') }}{{ _('Primary license') }}{{ _('Alternate licenses') }}{{ _('Lead developer') }}
  

  

   I2P SDK

 
 
 
-
GPL + java exception

-
While it may be redundant, just for clarity the
+
{{ _('GPL + java exception') }}

+
{% trans -%}
+While it may be redundant, just for clarity the
 GPL'ed code included within
 I2PTunnel and other apps must be released under the GPL with an additional "exception"
-explicitly authorizing the use of Java's standard libraries:

+explicitly authorizing the use of Java's standard libraries:
+{%- endtrans %}

 
 
In addition, as a special exception, XXXX gives permission to link the
 code of this program with the proprietary Java implementation provided by Sun
@@ -276,36 +285,46 @@ file, you may extend this exception to your version of the file, but you are not
 obligated to do so. If you do not wish to do so, delete this exception statement
 from your version.

 
-
All source code under each component will by default be licensed under the
+
{% trans -%}
+All source code under each component will by default be licensed under the
 primary license, unless marked otherwise in the code.  All of the above is
 summary of the license terms - please see the specific license for the component
 or source code in question for authoritative terms.  Component source locations and
-resource packaging may be changed if the repository is reorganized.

+resource packaging may be changed if the repository is reorganized.
+{%- endtrans %}

 
-
Commit privileges

-

+
{{ _('Commit privileges') }}

+
{% trans monotone=site_url('get-involved/guides/monotone') -%}
 Developers may push changes to a distributed monotone repository if you
 receive permission from the person running that repository.
-See the Monotone Page for details.
-

+See the Monotone Page for details.
+{%- endtrans %}

 
-

+
{% trans -%}
 However, to have changes included in a release, developers
 must be trusted by the release manager (currently zzz).
 In addition, they must explicitly agree with the above terms to be trusted.
-That means that they must send one of the release managers a signed message affirming that:

+That means that they must send one of the release managers a signed message affirming that:
+{%- endtrans %}

 
 
-
If anyone is aware of any instances where the above conditions are not met,
+
{% trans licenseagreements=site_url('get-involved/develop/license-agreements') -%}
+If anyone is aware of any instances where the above conditions are not met,
 please contact the component lead and/or an I2P release manager with further
 information.
-See developers' license agreements.
-

+See developers' license agreements.
+{%- endtrans %}

 {% endblock %}
diff --git a/i2p2www/pages/site/get-involved/develop/release-signing-key.html b/i2p2www/pages/site/get-involved/develop/release-signing-key.html
index bc2b5e5c..aa532823 100644
--- a/i2p2www/pages/site/get-involved/develop/release-signing-key.html
+++ b/i2p2www/pages/site/get-involved/develop/release-signing-key.html
@@ -1,7 +1,9 @@
 {% extends "global/layout.html" %}
-{% block title %}Release Signing Key{% endblock %}
+{% block title %}{{ _('Release Signing Key') }}{% endblock %}
 {% block content %}
+
{% trans -%}
 Releases 0.7.6 and later are signed by zzz. His public key is:
+{%- endtrans %}

 

 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -35,8 +37,9 @@ njMu9ueCFbsjme7nwsz96PdazJcHAKCce17hGI25QNXDZyHohrjha6IxDg==
 -----END PGP PUBLIC KEY BLOCK-----
 
 

-

+
{% trans -%}
 Releases 0.6.1.31 through 0.7.5 were signed by Complication. His public key is:
+{%- endtrans %}

 

 
 -----BEGIN PGP SIGNED MESSAGE-----
diff --git a/i2p2www/pages/site/get-involved/develop/signed-keys.html b/i2p2www/pages/site/get-involved/develop/signed-keys.html
index c33dccce..bbbf0296 100644
--- a/i2p2www/pages/site/get-involved/develop/signed-keys.html
+++ b/i2p2www/pages/site/get-involved/develop/signed-keys.html
@@ -1,22 +1,24 @@
 {% extends "global/layout.html" %}
-{% block title %}Signed Developer Keys{% endblock %}
+{% block title %}{{ _('Signed Developer Keys') }}{% endblock %}
 {% block content %}
-
Keys for zzz, Complication and welterde are provided clearsigned. The key for jrandom must be
-  verified differently, since he's away, and only left a binary detached
-  signature for his key.
+
{% trans -%}
+Keys for zzz, Complication and welterde are provided clearsigned. The key for jrandom must be
+verified differently, since he's away, and only left a binary detached
+signature for his key.
+{%- endtrans %}

   
    
-    
  1. Monotone keys for zzz
    2. 
-            
  2. Monotone keys for welterde
    3. 
-            
  3. Monotone keys for Complication
    4. 
-            
  4. Monotone keys for jrandom
    5. 
-            
  5. Others
    6. 
+    
  6. {{ _('Monotone keys for zzz') }}
    7. 
+            
  7. {{ _('Monotone keys for welterde') }}
    8. 
+            
  8. {{ _('Monotone keys for Complication') }}
    9. 
+            
  9. {{ _('Monotone keys for jrandom') }}
    10. 
+            
  10. {{ _('Others') }}
    11. 
   

-
Monotone keys for zzz

-

-  Tip: To find zzz's GPG key, on his eepsite locate the key `0xA76E0BED`, with
-  the name `zzz@mail.i2p` and the fingerprint `4456 EBBE C805 63FE 57E6 B310 4155
-  76BA A76E 0BED`.
-

+
{{ _('Monotone keys for zzz') }}

+
{% trans -%}
+Tip: To find zzz's GPG key, on his eepsite locate the key `0xA76E0BED`, with
+the name `zzz@mail.i2p` and the fingerprint `4456 EBBE C805 63FE 57E6 B310 4155
+76BA A76E 0BED`.
+{%- endtrans %}

 
 
     -----BEGIN PGP SIGNED MESSAGE-----
@@ -42,13 +44,13 @@
 

 
 
-
Monotone keys for welterde

+
{{ _('Monotone keys for welterde') }}

 
-

-  Tip: To find welterde's GPG key, on public keyservers locate the key
-  `0x62E011A1`, with the name `welterde@arcor.de` and the fingerprint `6720 FD81
-  3872 6DFC 6016 64D1 EBBC 0374 62E0 11A1`.
-

+
{% trans -%}
+Tip: To find welterde's GPG key, on public keyservers locate the key
+`0x62E011A1`, with the name `welterde@arcor.de` and the fingerprint `6720 FD81
+3872 6DFC 6016 64D1 EBBC 0374 62E0 11A1`.
+{%- endtrans %}

 
 
     -----BEGIN PGP SIGNED MESSAGE-----
@@ -74,13 +76,13 @@
 

 
 
-
Monotone keys for Complication

+
{{ _('Monotone keys for Complication') }}

 
-

-  Tip: To find Complication's GPG key, on his eepsite locate the key
-  `0x79FCCE33`, with the name `complication@mail.i2p` and the fingerprint `73CF
-  2862 87A7 E7D2 19FF DB66 FA1D FC6B 79FC CE33`.
-

+
{% trans -%}
+Tip: To find Complication's GPG key, on his eepsite locate the key
+`0x79FCCE33`, with the name `complication@mail.i2p` and the fingerprint `73CF
+2862 87A7 E7D2 19FF DB66 FA1D FC6B 79FC CE33`.
+{%- endtrans %}

 
 
     -----BEGIN PGP SIGNED MESSAGE-----
@@ -109,27 +111,27 @@
     -----END PGP SIGNATURE-----
 

 
-
Monotone keys for jrandom

+
{{ _('Monotone keys for jrandom') }}

 
-

-  Tip: To find jrandom's GPG key for Syndie releases, on public keyservers locate
-  the key `0x393F2DF9`, with the name `syndie-dist-key@i2p.net` and the
-  fingerprint `AE89 D080 0E85 72F0 B777 B2ED C2FA 68C0 393F 2DF9`.
-

+
{% trans -%}
+Tip: To find jrandom's GPG key for Syndie releases, on public keyservers locate
+the key `0x393F2DF9`, with the name `syndie-dist-key@i2p.net` and the
+fingerprint `AE89 D080 0E85 72F0 B777 B2ED C2FA 68C0 393F 2DF9`.
+{%- endtrans %}

 
-

-  Jrandom had to leave unexpectedly in the end of 2007. His commit key was
-  deployed in the Syndie Monotone repository, in a file named `mtn-committers`.
-  That file also had a GPG signature, `mtn-committers.sig`, but it was a binary
-  detached signature. I am going to supply both files in GPG ASCII-armoured form
-  below.
-

+
{% trans -%}
+Jrandom had to leave unexpectedly in the end of 2007. His commit key was
+deployed in the Syndie Monotone repository, in a file named `mtn-committers`.
+That file also had a GPG signature, `mtn-committers.sig`, but it was a binary
+detached signature. I am going to supply both files in GPG ASCII-armoured form
+below.
+{%- endtrans %}

 
-

-  First, the file `mtn-committers` containing jrandom's Monotone key. Save as
-  `mtn-committers.asc` and unpack it using `gpg --output mtn-committers --dearmor
-  mtn-committers.asc`:
-

+
{% trans -%}
+First, the file `mtn-committers` containing jrandom's Monotone key. Save as
+`mtn-committers.asc` and unpack it using `gpg --output mtn-committers --dearmor
+mtn-committers.asc`:
+{%- endtrans %}

 
 
     -----BEGIN PGP ARMORED FILE-----
@@ -146,12 +148,12 @@
     -----END PGP ARMORED FILE-----
 

 
-

-  Now the file `mtn-committers.sig`, containing the GPG signature. Save as
-  `mtn-committers.sig.asc` and unpack it using `gpg --output mtn-committers.sig
-  --dearmor mtn-committers.sig.asc`. Use it to verify the above supplied
-  `mtn-committers` file:
-

+
{% trans -%}
+Now the file `mtn-committers.sig`, containing the GPG signature. Save as
+`mtn-committers.sig.asc` and unpack it using `gpg --output mtn-committers.sig
+--dearmor mtn-committers.sig.asc`. Use it to verify the above supplied
+`mtn-committers` file:
+{%- endtrans %}

 
 
     -----BEGIN PGP ARMORED FILE-----
@@ -164,8 +166,10 @@
     -----END PGP ARMORED FILE-----
 

 
-
Others

-Some of the developers have included their Monotone keys in their signed license agreement.
+
{{ _('Others') }}

+
{% trans licenseagreements=site_url('get-involved/develop/license-agreements') -%}
+Some of the developers have included their Monotone keys in their signed license agreement.
+{%- endtrans %}

 
 {% endblock %}
 
diff --git a/i2p2www/pages/site/get-involved/donate.html b/i2p2www/pages/site/get-involved/donate.html
index 34af00ca..546a1f8f 100644
--- a/i2p2www/pages/site/get-involved/donate.html
+++ b/i2p2www/pages/site/get-involved/donate.html
@@ -1,17 +1,22 @@
 {% extends "global/layout.html" %}
-{% block title %}Donate{% endblock %}
-{% block content %}
Thank you for your interest in contributing to I2P!
+{% block title %}{{ _('Donate') }}{% endblock %}
+{% block content %}
+
{% trans -%}
+Thank you for your interest in contributing to I2P!
 The details of how you
-can make your contribution are provided below.

+can make your contribution are provided below.
+{%- endtrans %}

 
 
 
PayPal

 

-You can donate direct via PayPal to the account "echelon@i2pmail.org".

+{% trans account='echelon@i2pmail.org' -%}
+You can donate direct via PayPal to the account "{{ account }}".
+{%- endtrans %}

 

 
-
+
-
+
-
+
-
+
-
+
@@ -78,18 +83,26 @@ You can donate direct via PayPal to the account "echelon@i2pmail.org".

Flattr

-Flattr this
+{{ _('Flattr this') }}

Bitcoin

-
As of December 2010, eche|on has been running a Bitcoin account for the I2P project. 
+
{% trans account='1HkJCceXf7of1sTNRVJbXiZHfDTLL71Siy' -%}
+As of December 2010, eche|on has been running a Bitcoin account for the I2P project. 
 If you'd like to donate using Bitcoin, just transfer your desired amount of coins to the account 
-1HkJCceXf7of1sTNRVJbXiZHfDTLL71Siy and leave eche|on a note if you'd like your donation to be mentioned on the I2P webpage.

-

-
If you want to keep more or less anonymous, the option to send money via mail is also available. But it is less secure
-as the envelope can be lost on the way to us. 

-
If you'd like to donate via  snail mail, send an email to echelon@i2pmail.org
- and you'll receive an email with instructions detailing how to proceed.

+{{ account }} and leave eche|on a note if you'd like your donation to be mentioned on the I2P webpage.
+{%- endtrans %}

+
{% trans -%}
+If you want to keep more or less anonymous, the option to send money via mail is also available. But it is less secure
+as the envelope can be lost on the way to us.
+{%- endtrans %}

+
{% trans email='echelon@i2pmail.org' -%}
+If you'd like to donate via  snail mail, send an email to {{ email }}
+ and you'll receive an email with instructions detailing how to proceed.
+{%- endtrans %}

 
-
In the meantime, feel free to take a look at the generous donations that have been given in support of the I2P Project at the hall of fame.

+
{% trans halloffame=site_url('about/hall-of-fame') -%}
+In the meantime, feel free to take a look at the generous donations that have been
+given in support of the I2P Project at the hall of fame.
+{%- endtrans %}

 {% endblock %}
diff --git a/i2p2www/pages/site/get-involved/index.html b/i2p2www/pages/site/get-involved/index.html
index 09e9eff0..e73b584e 100644
--- a/i2p2www/pages/site/get-involved/index.html
+++ b/i2p2www/pages/site/get-involved/index.html
@@ -1,52 +1,77 @@
 {% extends "global/layout.html" %}
-{% block title %}Get Involved!{% endblock %}
+{% block title %}{% trans %}Get Involved!{% endtrans %}{% endblock %}
 {% block content %}
-
We need your help!

-
To get involved, please feel free to join us on the #i2p IRC channel (on
-irc.freenode.net, or within I2P on irc.freshcoffee.i2p or irc.postman.i2p).

-
If you're interested in joining our team, please get in
-touch as we're always looking for eager contributors!
    
-

+
{% trans %}We need your help!{% endtrans %}

+
{% trans -%}
+To get involved, please feel free to join us on the #i2p IRC channel (on
+irc.freenode.net, or within I2P on irc.freshcoffee.i2p or irc.postman.i2p).
+{%- endtrans %}

+
{% trans team=site_url('about/team') -%}
+If you're interested in joining our team, please get in
+touch as we're always looking for eager contributors!
+{%- endtrans %}
    
+
{% trans -%}
 We need help in many areas, and you don't need to know Java to contribute!
-Here's a list to help you get started!

+Here's a list to help you get started!
+{%- endtrans %}
    
-
  • Spread the Word! —
+
  • {% trans %}Spread the Word!{% endtrans %} —
+{% trans -%}
 Tell people about I2P on forums, blogs, and comments to articles.
 Fix up the Wikipedia article about I2P in your language.
 Tell your friends.
-
  • Testing —
-Run the latest builds from monotone
-and report results on #i2p or as bugs on Trac.
-
  • Documentation —
+{%- endtrans %}
+
  • {{ _('Testing') }} —
+{% trans monotone=site_url('get-involved/guides/monotone'), trac=i2pconv('trac.i2p2.i2p') -%}
+Run the latest builds from monotone
+and report results on #i2p or as bugs on Trac.
+{%- endtrans %}
+
  • {{ _('Documentation') }} —
+{% trans -%}
 Help fix the parts of the website that are outdated or incomplete.
 Translate pages into other languages.
-
  • Pictures —
+{%- endtrans %}
+
  • {{ _('Pictures') }} —
+{% trans -%}
 Make some more pictures, fix the old ones on the website
-
  • Content —
+{%- endtrans %}
+
  • {{ _('Content') }} —
+{% trans -%}
 Make an eepsite! Add some content! Contribute to the community!
-
  • Services —
+{%- endtrans %}
+
  • {{ _('Services') }} —
+{% trans -%}
 Run a service on an eepsite. It could be a proxy, a forum, a tracker,
 a naming service, a search engine, an eepsite monitor... many of these
 aren't that hard.
-
  • Applications —
+{%- endtrans %}
+
  • {{ _('Applications') }} —
+{% trans apps=site_url('get-involved/develop/applications') -%}
 Write or port applications for I2P! There's some guidelines and
-a list of ideas on the applications page.
-
  • Coding —
+a list of ideas on the applications page.
+{%- endtrans %}
+
  • {{ _('Coding') }} —
+{% trans trac=i2pconv('trac.i2p2.i2p'), zzz=i2pconv('zzz.i2p'), newdevs=site_url('get-involved/guides/new-developers') -%}
 There's plenty to do if you know Java or are ready to learn.
-Check for open tickets on Trac
-or the TODO list on zzz.i2p for
+Check for open tickets on Trac
+or the TODO list on {{ zzz }} for
 some ideas on where to start.
-See the new developer's guide for details.
-
  • Translation —
+See the new developer's guide for details.
+{%- endtrans %}
+
  • {{ _('Translation') }} —
+{% trans newtrans=site_url('get-involved/guides/new-translators') -%}
 Help translate the website and the software into your language.
-See the new translator's guide for details.
-
  • Analysis —
+See the new translator's guide for details.
+{%- endtrans %}
+
  • {{ _('Analysis') }} —
+{% trans threatmodel=site_url('docs/how/threat-model') -%}
 Study or test the code to look for vulnerabilities.
 Both anonymity vulnerabilities from the various
-threat models,
+threat models,
 and DOS and other weaknesses due to securities holes,
 need researching.
-
  • Donate
+{%- endtrans %}
+
  • {{ _('Donate') }}
 
 

 {% endblock %}
diff --git a/i2p2www/pages/site/get-involved/roadmap.html b/i2p2www/pages/site/get-involved/roadmap.html
index 8a9e6880..55b4b758 100644
--- a/i2p2www/pages/site/get-involved/roadmap.html
+++ b/i2p2www/pages/site/get-involved/roadmap.html
@@ -1,34 +1,42 @@
 {% extends "global/layout.html" %}
-{% block title %}Roadmap{% endblock %}
+{% block title %}{{ _('Roadmap') }}{% endblock %}
 {% block content %}
 
 
0.9
    
-
  • Include some seed data in the distribution so a central reseed location isn't required?
    • 
-
  • Reachability Mapping / handle peers partially reachable / enhanced restricted routes
    • 
-
  • Improve help pages and website
    • 
-
  • More translations
    • 
-
  • SSU disconnect message
    • 
-
  • Iterative floodfill lookups
    • 
+
  • {% trans -%}
+Include some seed data in the distribution so a central reseed location isn't required?
+{%- endtrans %}
    • 
+
  • {% trans todo=site_url('get-involved/todo') -%}
+Reachability Mapping / handle peers partially reachable / enhanced restricted routes
+{%- endtrans %}
    • 
+
  • {% trans %}Improve help pages and website{% endtrans %}
    • 
+
  • {% trans %}More translations{% endtrans %}
    • 
+
  • {% trans %}SSU disconnect message{% endtrans %}
    • 
+
  • {% trans %}Iterative floodfill lookups{% endtrans %}
    • 
 
1.0
    
-
  • Full review of anonymity issues and other vulnerabilities
    • 
-
  • Reduce memory usage, remove debugging overhead, make it run better on slow and embedded machines
    • 
-
  • Docs
    • 
+
  • {% trans %}Full review of anonymity issues and other vulnerabilities{% endtrans %}
    • 
+
  • {% trans -%}
+Reduce memory usage, remove debugging overhead, make it run better on slow and embedded machines
+{%- endtrans %}
    • 
+
  • {{ _('Docs') }}
    • 
 
2.0
    
-
  • Full restricted routes
    • 
+
  • {% trans %}Full restricted routes{% endtrans %}
    • 
 
3.0
    
-
  • Tunnel mixing and padding
    • 
-
  • User defined message delays
    • 
+
  • {% trans %}Tunnel mixing and padding{% endtrans %}
    • 
+
  • {% trans %}User defined message delays{% endtrans %}
    • 
 

 
-
Please see the TODO list for more detailed info about some of these tasks.

+
{% trans todo=site_url('get-involved/todo') -%}
+Please see the TODO list for more detailed info about some of these tasks.
+{%- endtrans %}

 {% endblock %}
diff --git a/i2p2www/pages/site/get-involved/todo.html b/i2p2www/pages/site/get-involved/todo.html
index c0a17db8..4d988452 100644
--- a/i2p2www/pages/site/get-involved/todo.html
+++ b/i2p2www/pages/site/get-involved/todo.html
@@ -1,349 +1,461 @@
 {% extends "global/layout.html" %}
-{% block title %}To Do List{% endblock %}
+{% block title %}{{ _('To Do List') }}{% endblock %}
 {% block content %}
-  
I2P Project Targets

-  
Below is a more detailed (yet still incomplete) discussion of the major areas 
-    of future development on the core I2P network, spanning the plausibly planned 
-    releases. This does not include stego transports, porting to wireless devices, 
-    or tools to secure the local machine, nor does it include client applications 
-    that will be essential in I2P's success. There are probably other things that 
-    will come up, especially as I2P gets more peer review, but these are the main 
-    'big things'. See also the roadmap. Want to help? 
-    Get involved! 

-  

-  
Core functionality [link]

+
{{ _('I2P Project Targets') }}

+
{% trans roadmap=site_url('get-involved/roadmap'), volunteer=site_url('get-involved') -%}
+Below is a more detailed (yet still incomplete) discussion of the major areas
+of future development on the core I2P network, spanning the plausibly planned
+releases. This does not include stego transports, porting to wireless devices,
+or tools to secure the local machine, nor does it include client applications
+that will be essential in I2P's success. There are probably other things that
+will come up, especially as I2P gets more peer review, but these are the main
+'big things'. See also the roadmap. Want to help?
+Get involved!
+{%- endtrans %}

+
+
{{ _('Core functionality') }} [{{ _('link') }}]

-  
Security / anonymity [link]

+
{{ _('Security / anonymity') }} [{{ _('link') }}]

-  
Performance [link]

-  
Core functionality

+
{{ _('Performance') }} [{{ _('link') }}]

+
+  
{{ _('Core functionality') }}
    
     
  •  
-      
    NAT/Firewall bridging via 1-hop restricted routes
    
+      
    {% trans -%}
+NAT/Firewall bridging via 1-hop restricted routes
+{%- endtrans %}
    
     
    • 
     
-    Implemented in I2P 0.6.0.6 
-    
    The functionality of allowing routers to fully participate within the network 
-      while behind firewalls and NATs that they do not control requires some basic 
-      restricted route operation (since those peers will not be able to receive 
-      inbound connections). To do this successfully, you consider peers one of 
-      two ways:
    
+    {{ _('Implemented in I2P 0.6.0.6') }}
+
    {% trans -%}
+The functionality of allowing routers to fully participate within the network 
+while behind firewalls and NATs that they do not control requires some basic 
+restricted route operation (since those peers will not be able to receive 
+inbound connections). To do this successfully, you consider peers one of 
+two ways:
+{%- endtrans %}
    
       
   
    
-    
  • Peers who have reachable interfaces - these peers do not need to 
-      do anything special
    • 
-    
  • Peers who do not have reachable interfaces - these peers must build 
-      a tunnel pointing at them where the gateway is one of the peers they have 
-      established a connection with who has both a publicly reachable interface 
-      and who has agreed to serve as their 'introducer'.
    • 
+    
  • {% trans -%}
+Peers who have reachable interfaces - these peers do not need to 
+do anything special
+{%- endtrans %}
    • 
+    
  • {% trans -%}
+Peers who do not have reachable interfaces - these peers must build 
+a tunnel pointing at them where the gateway is one of the peers they have 
+established a connection with who has both a publicly reachable interface 
+and who has agreed to serve as their 'introducer'.
+{%- endtrans %}
    • 
   

-    
To do this, peers who have no IP address simply connect to a few peers, 
-      build a tunnel through them, and publish a reference to those tunnels within 
-      their RouterInfo structure in the network database.

-    
When someone wants to contact any particular router, they first must get 
-      its RouterInfo from the network database, which will tell them whether they 
-      can connect directly (e.g. the peer has a publicly reachable interface) 
-      or whether they need to contact them indirectly. Direct connections occur 
-      as normal, while indirect connections are done through one of the published 
-      tunnels.

-    
When a router just wants to get a message or two to a specific hidden peer, 
-      they can just use the indirect tunnel for sending the payload. However, 
-      if the router wants to talk to the hidden peer often (for instance, as part 
-      of a tunnel), they will send a garlic routed message through the indirect 
-      tunnel to that hidden peer which unwraps to contain a message which should 
-      be sent to the originating router. That hidden peer then establishes an 
-      outbound connection to the originating router and from then on, those two 
-      routers can talk to each other directly over that newly established direct 
-      connection.

-    
Of course, that only works if the originating peer can receive connections 
-      (they aren't also hidden). However, if the originating peer is hidden, they 
-      can simply direct the garlic routed message to come back to the originating 
-      peer's inbound tunnel.

-    
This is not meant to provide a way for a peer's IP address to be concealed, 
-      merely as a way to let people behind firewalls and NATs fully operate within 
-      the network. Concealing the peer's IP address adds a little more work, as 
-      described below.

-    
With this technique, any router can participate as any part of a tunnel. 
-      For efficiency purposes, a hidden peer would be a bad choice for an inbound 
-      gateway, and within any given tunnel, two neighboring peers wouldn't want 
-      to be hidden. But that is not technically necessary.

+
{% trans -%}
+To do this, peers who have no IP address simply connect to a few peers, 
+build a tunnel through them, and publish a reference to those tunnels within 
+their RouterInfo structure in the network database.
+{%- endtrans %}

+
{% trans -%}
+When someone wants to contact any particular router, they first must get 
+its RouterInfo from the network database, which will tell them whether they 
+can connect directly (e.g. the peer has a publicly reachable interface) 
+or whether they need to contact them indirectly. Direct connections occur 
+as normal, while indirect connections are done through one of the published 
+tunnels.
+{%- endtrans %}

+
{% trans -%}
+When a router just wants to get a message or two to a specific hidden peer, 
+they can just use the indirect tunnel for sending the payload. However, 
+if the router wants to talk to the hidden peer often (for instance, as part 
+of a tunnel), they will send a garlic routed message through the indirect 
+tunnel to that hidden peer which unwraps to contain a message which should 
+be sent to the originating router. That hidden peer then establishes an 
+outbound connection to the originating router and from then on, those two 
+routers can talk to each other directly over that newly established direct 
+connection.
+{%- endtrans %}

+
{% trans -%}
+Of course, that only works if the originating peer can receive connections 
+(they aren't also hidden). However, if the originating peer is hidden, they 
+can simply direct the garlic routed message to come back to the originating 
+peer's inbound tunnel.
+{%- endtrans %}

+
{% trans -%}
+This is not meant to provide a way for a peer's IP address to be concealed, 
+merely as a way to let people behind firewalls and NATs fully operate within 
+the network. Concealing the peer's IP address adds a little more work, as 
+described below.
+{%- endtrans %}

+
{% trans -%}
+With this technique, any router can participate as any part of a tunnel. 
+For efficiency purposes, a hidden peer would be a bad choice for an inbound 
+gateway, and within any given tunnel, two neighboring peers wouldn't want 
+to be hidden. But that is not technically necessary.
+{%- endtrans %}

   
    
     
  •  
-      
    High degree transport layer with UDP, NBIO, or NIO
    
-      Both UDP and NIO have been Implemented in I2P 
-      
    Standard TCP communication in Java generally requires blocking socket 
-        calls, and to keep a blocked socket from hanging the entire system, those 
-        blocking calls are done on their own threads. Our current TCP transport 
-        is implemented in a naive fashion - for each peer we are talking to, we 
-        have one thread reading and one thread writing. The reader thread simply 
-        loops a bunch of read() calls, building I2NP messages and adding them 
-        to our internal inbound message queue, and the writer thread pulls messages 
-        off a per-connection outbound message queue and shoves the data through 
-        write() calls.
    
-      
    We do this fairly efficiently, from a CPU perspective - at any time, 
-        almost all of these threads are sitting idle, blocked waiting for something 
-        to do. However, each thread consumes real resources (on older Linux kernels, 
-        for instance, each thread would often be implemented as a fork()'ed process). 
-        As the network grows, the number of peers each router will want to talk 
-        with will increase (remember, I2P is fully connected, meaning that any 
-        given peer should know how to get a message to any other peer, and restricted 
-        route support will probably not significantly reduce the number of connections 
-        necessary). This means that with a 100,000 router network, each router 
-        will have up to 199,998 threads just to deal with the TCP connections!
    
-      
    Obviously, that just won't work. We need to use a transport layer that 
-        can scale. In Java, we have two main camps:
    
+      
    {% trans -%}
+High degree transport layer with UDP, NBIO, or NIO
+{%- endtrans %}
    
+      {{ _('Both UDP and NIO have been Implemented in I2P') }} 
+
    {% trans -%}
+Standard TCP communication in Java generally requires blocking socket 
+calls, and to keep a blocked socket from hanging the entire system, those 
+blocking calls are done on their own threads. Our current TCP transport 
+is implemented in a naive fashion - for each peer we are talking to, we 
+have one thread reading and one thread writing. The reader thread simply 
+loops a bunch of read() calls, building I2NP messages and adding them 
+to our internal inbound message queue, and the writer thread pulls messages 
+off a per-connection outbound message queue and shoves the data through 
+write() calls.
+{%- endtrans %}
    
+
    {% trans -%}
+We do this fairly efficiently, from a CPU perspective - at any time, 
+almost all of these threads are sitting idle, blocked waiting for something 
+to do. However, each thread consumes real resources (on older Linux kernels, 
+for instance, each thread would often be implemented as a fork()'ed process). 
+As the network grows, the number of peers each router will want to talk 
+with will increase (remember, I2P is fully connected, meaning that any 
+given peer should know how to get a message to any other peer, and restricted 
+route support will probably not significantly reduce the number of connections 
+necessary). This means that with a 100,000 router network, each router 
+will have up to 199,998 threads just to deal with the TCP connections!
+{%- endtrans %}
    
+
    {% trans -%}
+Obviously, that just won't work. We need to use a transport layer that 
+can scale. In Java, we have two main camps:
+{%- endtrans %}
    
       
    UDP
    
-      Implemented in I2P 0.6 ("SSU") as documented elsewhere 
-      
    Sending and receiving UDP datagrams is a connectionless operation - if 
-        we are communicating with 100,000 peers, we simply stick the UDP packets 
-        in a queue and have a single thread pulling them off the queue and shoving 
-        them out the pipe (and to receive, have a single thread pulling in any 
-        UDP packets received and adding them to an inbound queue).
    
-      
    However, moving to UDP means losing the benefits of TCP's ordering, congestion 
-        control, MTU discovery, etc. Implementing that code will take significant 
-        work, however I2P doesn't need it to be as strong as TCP. Specifically, 
-        a while ago I was taking some measurements in the simulator and on the 
-        live net, and the vast majority of messages transferred would fit easily 
-        within a single unfragmented UDP packet, and the largest of the messages 
-        would fit within 20-30 packets. As mule pointed out, TCP adds a significant 
-        overhead when dealing with so many small packets, as the ACKs are within 
-        an order of magnitude in size. With UDP, we can optimize the transport 
-        for both efficiency and resilience by taking into account I2P's particular 
-        needs.
    
-      
    It will be a lot of work though.
    
-      
    NIO or NBIO
    
-      NIO Implemented in I2P 0.6.1.22 ("NTCP") 
-      
    In Java 1.4, a set of "New I/O" packages was introduced, allowing Java 
-        developers to take advantage of the operating system's nonblocking IO 
-        capabilities - allowing you to maintain a large number of concurrent IO 
-        operations without requiring a separate thread for each. There is much 
-        promise with this approach, as we can scalable handle a large number of 
-        concurrent connections and we don't have to write a mini-TCP stack with 
-        UDP. However, the NIO packages have not proven themselves to be battle-ready, 
-        as the Freenet developer's found. In addition, requiring NIO support would 
-        mean we can't run on any of the open source JVMs like Kaffe, 
-        as GNU/Classpath has only limited 
-        support for NIO. (note: this may not be the case anymore, as there 
-        has been some progress on Classpath's NIO, but it is an unknown quantity)
    
-      
    Another alternative along the same lines is the Non 
-        Blocking I/O package - essentially a cleanroom NIO implementation 
-        (written before NIO was around). It works by using some native OS code 
-        to do the nonblocking IO, passing off events through Java. It seems to 
-        be working with Kaffe, though there doesn't seem to be much development 
-        activity on it lately (likely due to 1.4's NIO deployment).
    
+      {% trans ssu=site_url('docs/transport/ssu') -%}
+Implemented in I2P 0.6 ("SSU") as documented elsewhere
+{%- endtrans %} 
+
    {% trans -%}
+Sending and receiving UDP datagrams is a connectionless operation - if 
+we are communicating with 100,000 peers, we simply stick the UDP packets 
+in a queue and have a single thread pulling them off the queue and shoving 
+them out the pipe (and to receive, have a single thread pulling in any 
+UDP packets received and adding them to an inbound queue).
+{%- endtrans %}
    
+
    {% trans -%}
+However, moving to UDP means losing the benefits of TCP's ordering, congestion 
+control, MTU discovery, etc. Implementing that code will take significant 
+work, however I2P doesn't need it to be as strong as TCP. Specifically, 
+a while ago I was taking some measurements in the simulator and on the 
+live net, and the vast majority of messages transferred would fit easily 
+within a single unfragmented UDP packet, and the largest of the messages 
+would fit within 20-30 packets. As mule pointed out, TCP adds a significant 
+overhead when dealing with so many small packets, as the ACKs are within 
+an order of magnitude in size. With UDP, we can optimize the transport 
+for both efficiency and resilience by taking into account I2P's particular 
+needs.
+{%- endtrans %}
    
+
    {% trans -%}
+It will be a lot of work though.
+{%- endtrans %}
    
+      
    {{ _('NIO or NBIO') }}
    
+      {% trans -%}
+NIO Implemented in I2P 0.6.1.22 ("NTCP")
+{%- endtrans %} 
+
    {% trans -%}
+In Java 1.4, a set of "New I/O" packages was introduced, allowing Java 
+developers to take advantage of the operating system's nonblocking IO 
+capabilities - allowing you to maintain a large number of concurrent IO 
+operations without requiring a separate thread for each. There is much 
+promise with this approach, as we can scalable handle a large number of 
+concurrent connections and we don't have to write a mini-TCP stack with 
+UDP. However, the NIO packages have not proven themselves to be battle-ready, 
+as the Freenet developer's found. In addition, requiring NIO support would 
+mean we can't run on any of the open source JVMs like Kaffe, 
+as GNU/Classpath has only limited 
+support for NIO. (note: this may not be the case anymore, as there 
+has been some progress on Classpath's NIO, but it is an unknown quantity)
+{%- endtrans %}
    
+
    {% trans link='http://www.eecs.harvard.edu/~mdw/proj/java-nbio/' -%}
+Another alternative along the same lines is the Non 
+Blocking I/O package - essentially a cleanroom NIO implementation 
+(written before NIO was around). It works by using some native OS code 
+to do the nonblocking IO, passing off events through Java. It seems to 
+be working with Kaffe, though there doesn't seem to be much development 
+activity on it lately (likely due to 1.4's NIO deployment).
+{%- endtrans %}
    
     
    • 
   
    
     
  •  
-      
    NetworkDB and profile tuning and ejection policy for large 
-        nets
    
-      
    Within the current network database and profile management implementation, 
-        we have taken the liberty of some practical shortcuts. For instance, we 
-        don't have the code to drop peer references from the K-buckets, as we 
-        don't have enough peers to even plausibly fill any of them, so instead, 
-        we just keep the peers in whatever bucket is appropriate. Another example 
-        deals with the peer profiles - the memory required to maintain each peer's 
-        profile is small enough that we can keep thousands of full blown profiles 
-        in memory without problems. While we have the capacity to use trimmed 
-        down profiles (which we can maintain 100s of thousands in memory), we 
-        don't have any code to deal with moving a profile from a "minimal profile" 
-        to a "full profile", a "full profile" to a "minimal profile", or to simply 
-        eject a profile altogether. It just wouldn't be practical to write that 
-        code yet, since we aren't going to need it for a while.
    
-      
    That said, as the network grows we are going to want to keep these considerations 
-        in mind. We will have some work to do, but we can put it off for later.
    
+      
    {% trans -%}
+NetworkDB and profile tuning and ejection policy for large nets
+{%- endtrans %}
    
+
    {% trans -%}
+Within the current network database and profile management implementation, 
+we have taken the liberty of some practical shortcuts. For instance, we 
+don't have the code to drop peer references from the K-buckets, as we 
+don't have enough peers to even plausibly fill any of them, so instead, 
+we just keep the peers in whatever bucket is appropriate. Another example 
+deals with the peer profiles - the memory required to maintain each peer's 
+profile is small enough that we can keep thousands of full blown profiles 
+in memory without problems. While we have the capacity to use trimmed 
+down profiles (which we can maintain 100s of thousands in memory), we 
+don't have any code to deal with moving a profile from a "minimal profile" 
+to a "full profile", a "full profile" to a "minimal profile", or to simply 
+eject a profile altogether. It just wouldn't be practical to write that 
+code yet, since we aren't going to need it for a while.
+{%- endtrans %}
    
+
    {% trans -%}
+That said, as the network grows we are going to want to keep these considerations 
+in mind. We will have some work to do, but we can put it off for later.
+{%- endtrans %}
    
     
    • 
   

-  
Security / anonymity

+  
{{ _('Security / anonymity') }}
    
     
  •  
-      
    Per-hop tunnel id & new permuted TunnelVerificationStructure 
-        encryption
    
-      Addressed in I2P 0.5 as documented elsewhere 
-      
    Right now, if Alice builds a four hop inbound tunnel starting at Elvis, 
-        going to Dave, then to Charlie, then Bob, and finally Alice (A<--B<--C<--D<--E), 
-        all five of them will know they are participating in tunnel "123", as 
-        the messages are tagged as such. What we want to do is give each hop their 
-        own unique tunnel hop ID - Charlie will receive messages on tunnel 234 
-        and forward them to tunnel 876 on Bob. The intent is to prevent Bob or 
-        Charlie from knowing that they are in Alice's tunnel, as if each hop in 
-        the tunnel had the same tunnel ID, collusion attacks aren't much work. 
-      
    
-      
    Adding a unique tunnel ID per hop isn't hard, but by itself, insufficient. 
-        If Dave and Bob are under the control of the same attacker, they wouldn't 
-        be able to tell they are in the same tunnel due to the tunnel ID, but 
-        would be able to tell by the message bodies and verification structures 
-        by simply comparing them. To prevent that, the tunnel must use layered 
-        encryption along the path, both on the payload of the tunneled message 
-        and on the verification structure (used to prevent simple tagging attacks). 
-        This requires some simple modifications to the TunnelMessage, as well 
-        as the inclusion of per-hop secret keys delivered during tunnel creation 
-        and given to the tunnel's gateway. We must fix a maximum tunnel length 
-        (e.g. 16 hops) and instruct the gateway to encrypt the message to each 
-        of the 16 delivered secret keys, in reverse order, and to encrypt the 
-        signature of the hash of the (encrypted) payload at each step. The gateway 
-        then sends that 16-step encrypted message, along with a 16-step and 16-wide 
-        encrypted mapping to the first hop, which then decrypts the mapping and 
-        the payload with their secret key, looking in the 16-wide mapping for 
-        the entry associated with their own hop (keyed by the per-hop tunnel ID) 
-        and verifying the payload by checking it against the associated signed 
-        hash.
    
-      
    The tunnel gateway does still have more information than the other peers 
-        in the tunnel, and compromising both the gateway and a tunnel participant 
-        would allow those peers to collude, exposing the fact that they are both 
-        in the same tunnel. In addition, neighboring peers know that they are 
-        in the same tunnel anyway, as they know who they send the message to (and 
-        with IP-based transports without restricted routes, they know who they 
-        got it from). However, the above two techniques significantly increase 
-        the cost of gaining meaningful samples when dealing with longer tunnels.
    
+      
    {% trans -%}
+Per-hop tunnel id & new permuted TunnelVerificationStructure encryption
+{%- endtrans %}
    
+      {% trans tunnelimpl=site_url('docs/tunnels/implementation') -%}
+Addressed in I2P 0.5 as documented elsewhere
+{%- endtrans %} 
+
    {% trans -%}
+Right now, if Alice builds a four hop inbound tunnel starting at Elvis, 
+going to Dave, then to Charlie, then Bob, and finally Alice (A<--B<--C<--D<--E), 
+all five of them will know they are participating in tunnel "123", as 
+the messages are tagged as such. What we want to do is give each hop their 
+own unique tunnel hop ID - Charlie will receive messages on tunnel 234 
+and forward them to tunnel 876 on Bob. The intent is to prevent Bob or 
+Charlie from knowing that they are in Alice's tunnel, as if each hop in 
+the tunnel had the same tunnel ID, collusion attacks aren't much work. 
+{%- endtrans %}
    
+
    {% trans -%}
+Adding a unique tunnel ID per hop isn't hard, but by itself, insufficient. 
+If Dave and Bob are under the control of the same attacker, they wouldn't 
+be able to tell they are in the same tunnel due to the tunnel ID, but 
+would be able to tell by the message bodies and verification structures 
+by simply comparing them. To prevent that, the tunnel must use layered 
+encryption along the path, both on the payload of the tunneled message 
+and on the verification structure (used to prevent simple tagging attacks). 
+This requires some simple modifications to the TunnelMessage, as well 
+as the inclusion of per-hop secret keys delivered during tunnel creation 
+and given to the tunnel's gateway. We must fix a maximum tunnel length 
+(e.g. 16 hops) and instruct the gateway to encrypt the message to each 
+of the 16 delivered secret keys, in reverse order, and to encrypt the 
+signature of the hash of the (encrypted) payload at each step. The gateway 
+then sends that 16-step encrypted message, along with a 16-step and 16-wide 
+encrypted mapping to the first hop, which then decrypts the mapping and 
+the payload with their secret key, looking in the 16-wide mapping for 
+the entry associated with their own hop (keyed by the per-hop tunnel ID) 
+and verifying the payload by checking it against the associated signed 
+hash.
+{%- endtrans %}
    
+
    {% trans -%}
+The tunnel gateway does still have more information than the other peers 
+in the tunnel, and compromising both the gateway and a tunnel participant 
+would allow those peers to collude, exposing the fact that they are both 
+in the same tunnel. In addition, neighboring peers know that they are 
+in the same tunnel anyway, as they know who they send the message to (and 
+with IP-based transports without restricted routes, they know who they 
+got it from). However, the above two techniques significantly increase 
+the cost of gaining meaningful samples when dealing with longer tunnels.
+{%- endtrans %}
    
     
    
       
  •  
-        
    Strict ordering of participants within tunnels
    
-        Implemented in release 0.6.2
    • 
+        
    {% trans -%}
+Strict ordering of participants within tunnels
+{%- endtrans %}
    
+        {{ _('Implemented in release 0.6.2') }}
     

-      
As Connelly proposed 
-        to deal with the predecessor 
-        attack (2008 
-        update), keeping the order of peers within our tunnels consistent 
-        (aka whenever Alice creates a tunnel with both Bob and Charlie in it, 
-        Bob's next hop is always Charlie), we address the issue as Bob doesn't 
-        get to substantially sample Alice's peer selection group. We may even 
-        want to explicitly allow Bob to participate in Alice's tunnels in only 
-        one way - receiving a message from Dave and sending it to Charlie - and 
-        if any of those peers are not available to participate in the tunnel (due 
-        to overload, network disconnection, etc), avoid asking Bob to participate 
-        in any tunnels until they are back online.

-      
More analysis is necessary for revising the tunnel creation - at the 
-        moment, we simply select and order randomly within the peer's top tier 
-        of peers (ones with fast + high capacity).

-      
Adding a strict ordering to peers in a tunnel also improves the anonymity 
-        of peers with 0-hop tunnels, as otherwise the fact that a peer's gateway 
-        is always the same would be particularly damning. However, peers with 
-        0-hop tunnels may want to periodically use a 1-hop tunnel to simulate 
-        the failure of a normally reliable gateway peer (so every MTBF*(tunnel 
-        duration) minutes, use a 1-hop tunnel).

+
{% trans link='http://article.gmane.org/gmane.network.i2p/22/',
+pdf1='http://prisms.cs.umass.edu/brian/pubs/wright-tissec.pdf',
+pdf2='http://prisms.cs.umass.edu/brian/pubs/wright.tissec.2008.pdf' -%}
+As Connelly proposed to deal with the
+predecessor attack (2008
+update), keeping the order of peers within our tunnels consistent 
+(aka whenever Alice creates a tunnel with both Bob and Charlie in it, 
+Bob's next hop is always Charlie), we address the issue as Bob doesn't 
+get to substantially sample Alice's peer selection group. We may even 
+want to explicitly allow Bob to participate in Alice's tunnels in only 
+one way - receiving a message from Dave and sending it to Charlie - and 
+if any of those peers are not available to participate in the tunnel (due 
+to overload, network disconnection, etc), avoid asking Bob to participate 
+in any tunnels until they are back online.
+{%- endtrans %}

+
{% trans -%}
+More analysis is necessary for revising the tunnel creation - at the 
+moment, we simply select and order randomly within the peer's top tier 
+of peers (ones with fast + high capacity).
+{%- endtrans %}

+
{% trans -%}
+Adding a strict ordering to peers in a tunnel also improves the anonymity 
+of peers with 0-hop tunnels, as otherwise the fact that a peer's gateway 
+is always the same would be particularly damning. However, peers with 
+0-hop tunnels may want to periodically use a 1-hop tunnel to simulate 
+the failure of a normally reliable gateway peer (so every MTBF*(tunnel 
+duration) minutes, use a 1-hop tunnel).
+{%- endtrans %}

     
  •  
       
    Randomly permuted tunnel lengths
    
-      Addressed in I2P 0.5 as documented elsewhere
    • 
+      {% trans tunnelimpl=site_url('docs/tunnels/implementation') -%}
+Addressed in I2P 0.5 as documented elsewhere
+{%- endtrans %}
   
    
     
-    
    Without tunnel length permutation, if someone were to somehow detect that 
-      a destination had a particular number of hops, it might be able to use that 
-      information to identify the router the destination is located on, per the 
-      predecessor attack. For instance, if everyone has 2-hop tunnels, if Bob 
-      receives a tunnel message from Charlie and forwards it to Alice, Bob knows 
-      Alice is the final router in the tunnel. If Bob were to identify what destination 
-      that tunnel served (by means of colluding with the gateway and harvesting 
-      the network database for all of the LeaseSets), he would know the router 
-      on which that destination is located (and without restricted routes, that 
-      would mean what IP address the destination is on).
    
-    
    It is to counter user behavior that tunnel lengths should be permuted, 
-      using algorithms based on the length requested (for example, the 1/MTBF 
-      length change for 0-hop tunnels outlined above).
    
+
    {% trans -%}
+Without tunnel length permutation, if someone were to somehow detect that 
+a destination had a particular number of hops, it might be able to use that 
+information to identify the router the destination is located on, per the 
+predecessor attack. For instance, if everyone has 2-hop tunnels, if Bob 
+receives a tunnel message from Charlie and forwards it to Alice, Bob knows 
+Alice is the final router in the tunnel. If Bob were to identify what destination 
+that tunnel served (by means of colluding with the gateway and harvesting 
+the network database for all of the LeaseSets), he would know the router 
+on which that destination is located (and without restricted routes, that 
+would mean what IP address the destination is on).
+{%- endtrans %}
    
+
    {% trans -%}
+It is to counter user behavior that tunnel lengths should be permuted, 
+using algorithms based on the length requested (for example, the 1/MTBF 
+length change for 0-hop tunnels outlined above).
+{%- endtrans %}
    
       
     
  •  
-      
    Full blown n-hop restricted routes with optional 
-        trusted links
    
-      
    The restricted route functionality described before was simply a functional 
-        issue - how to let peers who would not otherwise be able to communicate 
-        do so. However, the concept of allowing restricted routes includes additional 
-        capabilities. For instance, if a router absolutely cannot risk communicating 
-        directly with any untrusted peers, they can set up trusted links through 
-        those peers, using them to both send and receive all of its messages. 
-        Those hidden peers who want to be completely isolated would also refuse 
-        to connect to peers who attempt to get them to (as demonstrated by the 
-        garlic routing technique outlined before) - they can simply take the garlic 
-        clove that has a request for delivery to a particular peer and tunnel 
-        route that message out one of the hidden peer's trusted links with instructions 
-        to forward it as requested.
    
+      
    {% trans -%}
+Full blown n-hop restricted routes with optional trusted links
+{%- endtrans %}
    
+
    {% trans -%}
+The restricted route functionality described before was simply a functional 
+issue - how to let peers who would not otherwise be able to communicate 
+do so. However, the concept of allowing restricted routes includes additional 
+capabilities. For instance, if a router absolutely cannot risk communicating 
+directly with any untrusted peers, they can set up trusted links through 
+those peers, using them to both send and receive all of its messages. 
+Those hidden peers who want to be completely isolated would also refuse 
+to connect to peers who attempt to get them to (as demonstrated by the 
+garlic routing technique outlined before) - they can simply take the garlic 
+clove that has a request for delivery to a particular peer and tunnel 
+route that message out one of the hidden peer's trusted links with instructions 
+to forward it as requested.
+{%- endtrans %}
    
     
    • 
     
  •  
-      
    Hashcash for routerIdentity, destination, and tunnel request
    
-      
    Within the network, we will want some way to deter people from consuming 
-        too many resources or from creating so many peers to mount a Sybil 
-        attack. Traditional techniques such as having a peer see who is requesting 
-        a resource or running a peer aren't appropriate for use within I2P, as 
-        doing so would compromise the anonymity of the system. Instead, we want 
-        to make certain requests "expensive".
    
-      
    Hashcash is one technique that 
-        we can use to anonymously increase the "cost" of doing certain activities, 
-        such as creating a new router identity (done only once on installation), 
-        creating a new destination (done only once when creating a service), or 
-        requesting that a peer participate in a tunnel (done often, perhaps 2-300 
-        times per hour). We don't know the "correct" cost of each type of certificate 
-        yet, but with some research and experimentation, we could set a base level 
-        that is sufficiently expensive while not an excessive burden for people 
-        with few resources.
    
-      
    There are a few other algorithms that we can explore for making those 
-        requests for resources "nonfree", and further research on that front is 
-        appropriate.
    
+      
    {% trans -%}
+Hashcash for routerIdentity, destination, and tunnel request
+{%- endtrans %}
    
+
    {% trans link='http://citeseer.ist.psu.edu/douceur02sybil.html' -%}
+Within the network, we will want some way to deter people from consuming 
+too many resources or from creating so many peers to mount a Sybil 
+attack. Traditional techniques such as having a peer see who is requesting 
+a resource or running a peer aren't appropriate for use within I2P, as 
+doing so would compromise the anonymity of the system. Instead, we want 
+to make certain requests "expensive".
+{%- endtrans %}
    
+
    {% trans -%}
+Hashcash is one technique that 
+we can use to anonymously increase the "cost" of doing certain activities, 
+such as creating a new router identity (done only once on installation), 
+creating a new destination (done only once when creating a service), or 
+requesting that a peer participate in a tunnel (done often, perhaps 2-300 
+times per hour). We don't know the "correct" cost of each type of certificate 
+yet, but with some research and experimentation, we could set a base level 
+that is sufficiently expensive while not an excessive burden for people 
+with few resources.
+{%- endtrans %}
    
+
    {% trans -%}
+There are a few other algorithms that we can explore for making those 
+requests for resources "nonfree", and further research on that front is 
+appropriate.
+{%- endtrans %}
    
     
    • 
     
  •  
-      
    Advanced tunnel operation (batching/mixing/throttling/padding)
    
-      
    To powerful passive external observers as well as large colluding internal 
-        observers, standard tunnel routing is vulnerable to traffic analysis attacks 
-        - simply watching the size and frequency of messages being passed between 
-        routers. To defend against these, we will want to essentially turn some 
-        of the tunnels into its own mix cascade - delaying messages received at 
-        the gateway and passing them in batches, reordering them as necessary, 
-        and injecting dummy messages (indistinguishable from other "real" tunnel 
-        messages by peers in the path). There has been a significant amount of 
-        research 
-        on these algorithms that we can lean on prior to implementing the various 
-        tunnel mixing strategies.
    
-      
    In addition to the anonymity aspects of more varied tunnel operation, 
-        there is a functional dimension as well. Each peer only has a certain 
-        amount of data they can route for the network, and to keep any particular 
-        tunnel from consuming an unreasonable portion of that bandwidth, they 
-        will want to include some throttles on the tunnel. For instance, a tunnel 
-        may be configured to throttle itself after passing 600 messages (1 per 
-        second), 2.4MB (4KBps), or exceeding some moving average (8KBps for the 
-        last minute). Excess messages may be delayed or summarily dropped. With 
-        this sort of throttling, peers can provide ATM-like QoS support for their 
-        tunnels, refusing to agree to allocate more bandwidth than the peer has 
-        available.
    
-      
    In addition, we may want to implement code to dynamically reroute tunnels 
-        to avoid failed peers or to inject additional hops into the path. This 
-        can be done by garlic routing a message to any particular peer in a tunnel 
-        with instructions to redefine the next-hop in the tunnel.
    
+      
    {% trans -%}
+Advanced tunnel operation (batching/mixing/throttling/padding)
+{%- endtrans %}
    
+
    {% trans pdf='http://freehaven.net/doc/sync-batching/sync-batching.pdf' -%}
+To powerful passive external observers as well as large colluding internal 
+observers, standard tunnel routing is vulnerable to traffic analysis attacks 
+- simply watching the size and frequency of messages being passed between 
+routers. To defend against these, we will want to essentially turn some 
+of the tunnels into its own mix cascade - delaying messages received at 
+the gateway and passing them in batches, reordering them as necessary, 
+and injecting dummy messages (indistinguishable from other "real" tunnel 
+messages by peers in the path). There has been a significant amount of 
+research 
+on these algorithms that we can lean on prior to implementing the various 
+tunnel mixing strategies.
+{%- endtrans %}
    
+
    {% trans -%}
+In addition to the anonymity aspects of more varied tunnel operation, 
+there is a functional dimension as well. Each peer only has a certain 
+amount of data they can route for the network, and to keep any particular 
+tunnel from consuming an unreasonable portion of that bandwidth, they 
+will want to include some throttles on the tunnel. For instance, a tunnel 
+may be configured to throttle itself after passing 600 messages (1 per 
+second), 2.4MB (4KBps), or exceeding some moving average (8KBps for the 
+last minute). Excess messages may be delayed or summarily dropped. With 
+this sort of throttling, peers can provide ATM-like QoS support for their 
+tunnels, refusing to agree to allocate more bandwidth than the peer has 
+available.
+{%- endtrans %}
    
+
    {% trans -%}
+In addition, we may want to implement code to dynamically reroute tunnels 
+to avoid failed peers or to inject additional hops into the path. This 
+can be done by garlic routing a message to any particular peer in a tunnel 
+with instructions to redefine the next-hop in the tunnel.
+{%- endtrans %}
    
     
    • 
     
  •  
-      
    Stop & go mix w/ garlics & tunnels
    
-      
    Beyond the per-tunnel batching and mixing strategy, there are further 
-        capabilities for protecting against powerful attackers, such as allowing 
-        each step in a garlic routed path to define a delay or window in which 
-        it should be forwarded on. This would enable protections against the long 
-        term intersection attack, as a peer could send a message that looks perfectly 
-        standard to most peers that pass it along, except at any peers where the 
-        clove exposed includes delay instructions.
    
+      
    {% trans -%}
+Stop & go mix w/ garlics & tunnels
+{%- endtrans %}
    
+
    {% trans -%}
+Beyond the per-tunnel batching and mixing strategy, there are further 
+capabilities for protecting against powerful attackers, such as allowing 
+each step in a garlic routed path to define a delay or window in which 
+it should be forwarded on. This would enable protections against the long 
+term intersection attack, as a peer could send a message that looks perfectly 
+standard to most peers that pass it along, except at any peers where the 
+clove exposed includes delay instructions.
+{%- endtrans %}
    
     
    • 
   

-  
Performance

-  

-  Performance related improvements are listed on the
-  Performance page.
-  

+  
{{ _('Performance') }}

+
{% trans futureperf=site_url('about/performance/future') -%}
+Performance related improvements are listed on the
+Performance page.
+{%- endtrans %}

 {% endblock %}


 
One time donation:{{ _('One time donation:') }}
 
 

 
@@ -25,7 +30,7 @@ You can donate direct via PayPal to the account "echelon@i2pmail.org".

 

 
 
Donate 10 €/month for 12 months: {{ _('Donate 10 €/month for 12 months:') }}
 
 
 

@@ -33,43 +38,43 @@ You can donate direct via PayPal to the account "echelon@i2pmail.org".

 
 
 
-
+
 

 
 		
 

 
Donate 20 €/month for 12 months: {{ _('Donate 20 €/month for 12 months:') }}
 
 

 

 
 
-
+
 

 

 		
 

 
Donate 30 €/month for 12 months: {{ _('Donate 30 €/month for 12 months:') }}
 
 

 

 
 
-
+
 

 

 		
 

 
Donate 50 €/month for 12 months: {{ _('Donate 50 €/month for 12 months:') }}
 
 

 

 
 
-
+