J-WASTE

Alice wants to communicate with Carol, who is perhaps
behind a firewall. Bob can communicate directly with
both Alice and Carol. Alice and Carol can not
communicate directly.

(Bob)
/ \
(Alice) (Carol)


(How Alice knows of Carol is not part of this discussion)

-- Current Routing Model --

Alice establishes a secure session with Bob. Carol
establishes a secure session with Bob. Bob acts as a
relaying agent, forwarding data between Alice and
Carol, decrypting and reencrypting as necessary to
maintain the two independent secure sessions.


-- New Routing Model --

Alice establishes a secure session with Bob and
requests a routed connection to Carol. Bob establishes
a secure session with Carol and tells Carol that Alice
wants a routed connection. Alice establishes a secure
connection with Carol, routed by Bob. Since Alice and
Carol have established a secure session, Bob can see
the traffic but will not know the contents of the
traffic. One way of doing this is that during the
negotiation of the routed connection between Bob and
each of Alice and Carol, Bob tells them to use a
different port than the one used for the negotiation.
Then Bob changes packet headers as necessary for
forwarding. While this isn't necessary, it simplifies
the routing of Alice's and Carol's packets by Bob. It
also simplifies Bob's work since he does not have to
decrypt and reencrypt all of the traffic between Alice
and Carol.

-- Discussion --

The current trust model has it that any node trusted by
one node in the mesh is by design trusted by all nodes
in the mesh. Each routing node decrypts any traffic
and relays it to any other trusted node. There have
been some complaints on the sf waste forum about this
model. It was expressed to be undesirable that User_A,
whose public key User_B has not accepted, should have
unfettered access to User_B's shared data.

The new routing model allows direct access only between
nodes having mutual trust. However, it will always be
possible for a trusted though unscrupulous user to
reveal trusted information. Nonetheless, the new model
helps in this regard for clients using protocol
conforming software.

The primary advantage to the new routing model is the
reduction in workload required by routers; they no
longer need to decrypt and reencrypt forwarded traffic
but merely change the IPs in the forwarded packets.