21 Feb 2003

need a new file sharing protocol

there's a story on slashdot about universities tapping file sharing connections to find what songs people are trading.

now this is interesting because they offer two arguments why they do it. first is because it costs them heaps of bandwidth and second is that so they can identify who is actually trading copyrighted material. for the moment, according to the story, they can only check FTP and Gnutella connections (good work, but we all know that IRC, Kazaa, iMesh, edonkey, direct connect are the real deals!)

so that means P2P sharing protocols will need to implement two things, one is encryption, via SSL or TLS. that shouldn't be hard in most causes, but in cases where the traffic is UDP, they should offer sufficient public key encryption mechanisms. these are usually during searches where results are sent via UDP to all hosts on the network. of course that would decrease the amount of clients a supernode can serve at one time due to encryption overheads. also i'd like to see more IRC over SSL and DCC over SSL in possible.

second of all, the client should consider using local bandwidth rather than just bllindly selectign the best source. the article says that a single song was traded 180 times through their gateway in an hour. now that is pretty inefficient, because it means that song HAD to be available inside their local network, yet clients still went outside to retrieve it. a more bandwidth friendly p2p client is needed. one that can, at the most basic level, prioritise sources based on subnet masks (much like how code red was initially spread.) so the client would go thru local subnet sources first because they would be FASTER for the user and CHEAPER for the ISP. of course, pirates probably don't care about that, but non-pirates who use P2P for other purposes may do (heh. who are we kidding?)

maybe there is already a protocol that does the first thing, encrypted p2p traffic, but i'm not aware any file sharing protocol is doing the second thing. i'm pretty sure someone would have come up with this idea before, even it might be implemented in some fashion in the only open source protocol, gnutella. i might look into GNUnet bceause i think they already uses encrypted traffic by default.

You can reply to me about this on Twitter: