Update hash and version number for Android downloads

Apps guide

See merge request i2p-hackers/i2p.www!9

i2p2www/pages/downloads/macros

@@ -2,15 +2,15 @@
 {% set i2pinstall_jar_hash     = '3ddf3afb0c06edeed4810c6d1f34d909959dd94640adf7c638781b4a3b282e9e' %}
 {% set i2psource_hash          = 'dbccada6a353b54ceb844fe8cb0912c0363375a2f57214d23fcf463c4e6d2c4f' %}
 {% set i2pupdate_hash          = '328f85ba28ff6f60480aa0dcda88654fabeabcf63b732a770354bff7f134b135' %}
-{% set i2p_android_hash        = 'c4604736ec45f35a1570ace124cc2a111f1c8b2d04972f340752ef4833e9953f' %}
+{% set i2p_android_hash        = 'b35eb467511343a8aecdf6a1f19c0459baac007c99a93e0933ce5ab70b5a7261' %}
 {% set i2p_macnative_hash      = '70447e8a352654afd940cfc6c05f094732de7ab05db7c42c173e49f37259d601' %}
 
 {% set i2p_windows_subver = '' %}
 {% set i2p_macosx_launcher_version = '0.1.8' %}
 
-{% set i2p_android_version = '0.9.47' %}
+{% set i2p_android_version = '0.9.47-1' %}
 {% set i2p_android_version_kytv = '0.9.22' %}
-{% set i2p_android_version_fdroid = '0.9.47' %}
+{% set i2p_android_version_fdroid = '0.9.47-1' %}
 
 
 {% macro package_outer(type, name, icon) -%}

i2p2www/pages/global/nav.html

@@ -4,10 +4,20 @@
   <li class="has-sub"><div class="menuitem"><span>{{ _('About') }}</span></div>
     <ul>
       <li><a href="{{ site_url('about/intro') }}"><div class="menuitem"><span>{{ _('Introduction to I2P') }}</span></div></a></li>
+      <li><a href="{{ site_url('about/software') }}"><div class="menuitem"><span>{{ _('Guide to I2P Software') }}</span></div></a></li>
       <li class="has-sub"><div class="menuitem"><span>{{ _('Help') }}</span></div>
         <ul>
           <li><a href="{{ site_url('faq') }}"><div class="menuitem"><span>{{ _('FAQ') }}</span></div></a></li>
           <li><a href="{{ site_url('about/browser-config') }}"><div class="menuitem"><span>{{ _('How to browse I2P') }}</span></div></a></li>
+          <li class="has-sub"><div class="menuitem"><span>{{ _('Applications') }}</span></div>
+            <ul>
+              <li><a href="{{ site_url('docs/applications/supported') }}"><div class="menuitem"><span>{{ _('Supported applications') }}</span></div></a></li>
+              <li><a href="{{ site_url('docs/applications/bittorrent') }}"><div class="menuitem"><span>{{ _('Bittorrent') }}</span></div></a></li>
+              <li><a href="{{ site_url('docs/applications/gitlab') }}"><div class="menuitem"><span>{{ _('GitLab') }}</span></div></a></li>
+              <li><a href="{{ site_url('docs/applications/git') }}"><div class="menuitem"><span>{{ _('Git') }}</span></div></a></li>
+              <li><a href="{{ site_url('docs/applications/git-bundle') }}"><div class="menuitem"><span>{{ _('git+Bittorrent') }}</span></div></a></li>
+            </ul>
+          </li>
           <li class="has-sub"><div class="menuitem"><span>{{ _('References') }}</span></div>
             <ul>
               <li><a href="{{ site_url('about/glossary') }}"><div class="menuitem"><span>{{ _('Glossary') }}</span></div></a></li>
@@ -21,19 +31,19 @@
               <li><a href="{{ site_url('get-involved/develop/developers-keys') }}"><div class="menuitem"><span>{{ _('Developers keys') }}</span></div></a></li>
             </ul>
           </li>
+          <li class="has-sub"><div class="menuitem"><span>{{ _('Comparisons') }}</span></div>
+            <ul>
+              <li><a href="{{ site_url('comparison') }}"><div class="menuitem"><span>{{ _('Overview of comparisons') }}</span></div></a></li>
+              <li><a href="{{ site_url('comparison/tor') }}"><div class="menuitem"><span>Tor</span></div></a></li>
+              <li><a href="{{ site_url('comparison/freenet') }}"><div class="menuitem"><span>Freenet</span></div></a></li>
+              {#<li><a href="{{ site_url('comparison/gnunet') }}"><div class="menuitem"><span>GNUnet</span></div></a></li> #}
+              <li><a href="{{ site_url('comparison/other-networks') }}"><div class="menuitem"><span>{{ _('Other anonymous networks') }}</span></div></a></li>
+            </ul>
+          </li>
           <li><a href="{{ site_url('contact') }}"><div class="menuitem"><span>{{ _('Contact us') }}</span></div></a></li>
         </ul>
       </li>
       <li><a href="{{ site_url('get-involved') }}"><div class="menuitem"><span>{{ _('Get involved!') }}</span></div></a></li>
-      <li class="has-sub"><div class="menuitem"><span>{{ _('Comparisons') }}</span></div>
-        <ul>
-          <li><a href="{{ site_url('comparison') }}"><div class="menuitem"><span>{{ _('Overview of comparisons') }}</span></div></a></li>
-          <li><a href="{{ site_url('comparison/tor') }}"><div class="menuitem"><span>Tor</span></div></a></li>
-          <li><a href="{{ site_url('comparison/freenet') }}"><div class="menuitem"><span>Freenet</span></div></a></li>
-          {#<li><a href="{{ site_url('comparison/gnunet') }}"><div class="menuitem"><span>GNUnet</span></div></a></li> #}
-          <li><a href="{{ site_url('comparison/other-networks') }}"><div class="menuitem"><span>{{ _('Other anonymous networks') }}</span></div></a></li>
-        </ul>
-      </li>
       <li class="has-sub"><div class="menuitem"><span>{{ _('People') }}</span></div>
         <ul>
           <li><a href="{{ site_url('about/team') }}"><div class="menuitem"><span>{{ _('Team') }}</span></div></a></li>
@@ -100,15 +110,6 @@
                   <li><a href="{{ site_url('docs/api/i2pcontrol') }}"><div class="menuitem"><span>I2PControl</span></div></a></li>
                 </ul>
               </li>
-              <li class="has-sub"><div class="menuitem"><span>{{ _('Applications') }}</span></div>
-                <ul>
-                  <li><a href="{{ site_url('docs/applications/supported') }}"><div class="menuitem"><span>{{ _('Supported applications') }}</span></div></a></li>
-                  <li><a href="{{ site_url('docs/applications/bittorrent') }}"><div class="menuitem"><span>{{ _('Bittorrent') }}</span></div></a></li>
-                  <li><a href="{{ site_url('docs/applications/gitlab') }}"><div class="menuitem"><span>{{ _('GitLab') }}</span></div></a></li>
-                  <li><a href="{{ site_url('docs/applications/git') }}"><div class="menuitem"><span>{{ _('Git') }}</span></div></a></li>
-                  <li><a href="{{ site_url('docs/applications/git-bundle') }}"><div class="menuitem"><span>{{ _('git+Bittorrent') }}</span></div></a></li>
-                </ul>
-              </li>
               <li class="has-sub"><div class="menuitem"><span>{{ _('Protocols') }}</span></div>
                 <ul>
                   <li><a href="{{ site_url('docs/protocol') }}"><div class="menuitem"><span>{{ _('Protocol stack') }}</span></div></a></li>

i2p2www/pages/site/about/intro.html

@@ -2,109 +2,41 @@
 {% block title %}{{ _('Intro') }}{% endblock %}
 {% block content %}
 <h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>      
-<p>{% trans ip='http://en.wikipedia.org/wiki/Internet_Protocol',
-tcp='http://en.wikipedia.org/wiki/Transmission_Control_Protocol',
-pke='http://en.wikipedia.org/wiki/Public_key_encryption' -%}
-I2P is an anonymous network, exposing a simple layer that applications can 
-use to anonymously and securely send messages to each other. The network itself is 
-strictly message based (a la <a href="{{ ip }}">IP</a>), but there is a 
-library available to allow reliable streaming communication on top of it (a la 
-<a href="{{ tcp }}">TCP</a>).  
-All communication is end to end encrypted (in total there are four layers of 
-encryption used when sending a message), and even the end points ("destinations") 
-are cryptographic identifiers (essentially a pair of <a href="{{ pke }}">public keys</a>).
+<h2>What is I2P?</h2>
+<p>{% trans %}The Invisible Internet Project (I2P) is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity,
+location and your identity.  The software ships with a router that connects you to the network and applications for sharing, communicating and building. {%- endtrans %}</p>
+
+<h3>I2P Cares About Privacy</h3>
+
+<p>{% trans %}The Invisible Internet values privacy and consent, which can only be achieved with privacy-by-default. It is always your choice to share, your platform to own, and the connections you want to make. It is privacy by design, plain, simple and truly free. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.{%- endtrans %}</p>
+
+
+<p>{% trans %}I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going or what the contents are.
+{%- endtrans %}</p> 
+
+<h3>How to Connect to the I2P Network</h3>
+
+<p>{% trans %}The Invisible Internet Project provides software to download that connects you to the network.In addition to the network  privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your platform that you can add to the I2P directory or only invite your friends. The I2P network functions in the same way the Internet does, just with some extra configuration. The best part is that if you do not find something you want, you can build it. When you download the I2P software, it includes everything you need to connect, share, and create privately. 
 {%- endtrans %}</p>
 
-<h2>{{ _('How does it work?') }}</h2>
+<h3>An Overview of the Network</h3>
 
-<p>{% trans tunnelrouting=site_url('docs/how/tunnel-routing') -%}
-To anonymize the messages sent, each client application has their I2P "router"
-build a few inbound and outbound "<a href="{{ tunnelrouting }}">tunnels</a>" - a 
-sequence of peers that pass messages in one direction (to and from the client, 
-respectively).  In turn, when a client wants to send a message to another client, 
-the client passes that message out one of their outbound tunnels targeting one of the 
-other client's inbound tunnels, eventually reaching the destination.  Every 
-participant in the network chooses the length of these tunnels, and in doing so, 
-makes a tradeoff between anonymity, latency, and throughput according to their 
-own needs.  The result is that the number of peers relaying each end to end 
-message is the absolute minimum necessary to meet both the sender's and the 
-receiver's threat model.
+<p>{% trans %}I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
 {%- endtrans %}</p>
 
-<p>{% trans netdb=site_url('docs/how/network-database'),
-dht='http://en.wikipedia.org/wiki/Distributed_hash_table',
-kad='http://en.wikipedia.org/wiki/Kademlia' -%}
-The first time a client wants to contact another client, they make a query 
-against the fully distributed "<a href="{{ netdb }}">network 
-database</a>" - a custom structured <a href="{{ dht }}">
-distributed hash table (DHT)</a> based off the 
-<a href="{{ kad }}">Kademlia algorithm</a>. This is done 
-to find the other client's inbound tunnels efficiently, but subsequent messages 
-between them usually includes that data so no further network database lookups 
-are required.
+<p>{% trans %}I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
 {%- endtrans %}</p>
 
-<p>{% trans docs=site_url('docs') -%}
-More details about how I2P works are <a href="{{ docs }}">available</a>.
-{%- endtrans %}</p>
+<h3>About Decentralization and I2P</h3>
 
-<h2>{{ _('What can you do with it?') }}</h2>
+<p>{% trans %}The I2P network is almost completely decentralized, with exception to what are what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.{%- endtrans %}</p>
 
-<p>{% trans i2ptunnel=site_url('docs/api/i2ptunnel') -%}
-Within the I2P network, applications are not restricted in how they can 
-communicate - those that typically use UDP can make use of the base I2P 
-functionality, and those that typically use TCP can use the TCP-like streaming
-library.  We have a generic TCP/I2P bridge application 
-("<a href="{{ i2ptunnel }}">I2PTunnel</a>") that enables people to forward TCP streams
-into the I2P network as well as to receive streams out of the network and 
-forward them towards a specific TCP/IP address.
-{%- endtrans %}</p>
+<h3>I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?</h3>
 
-<p>{% trans bittorrent='http://www.bittorrent.com/',
-freenet='https://freenetproject.org/',
-mnet='https://en.wikipedia.org/wiki/Mnet_%28Computer_program%29',
-livejournal='http://www.livejournal.com/' -%}
-I2PTunnel is currently used to let people run their own anonymous website 
-("eepsite") by running a normal webserver and pointing an I2PTunnel 'server' 
-at it, which people can access anonymously over I2P with a normal web browser 
-by running an I2PTunnel HTTP proxy ("eepproxy").  In addition, we use the same 
-technique to run an anonymous IRC network (where the IRC server is hosted 
-anonymously, and standard IRC clients use an I2PTunnel to contact it).  There 
-are other application development efforts going on as well, such as one to 
-build an optimized swarming file transfer application (a la 
-<a href="{{ bittorrent }}">BitTorrent</a>), a 
-distributed data store (a la <a href="{{ freenet }}">Freenet</a> / 
-<a href="{{ mnet }}">MNet</a>), and a blogging system (a fully 
-distributed <a href="{{ livejournal }}">LiveJournal</a>), but those are 
-not ready for use yet.
-{%- endtrans %}</p>
+<p>{% trans %}Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.{%- endtrans %}
 
-<p>{% trans squid='http://www.squid-cache.org/' -%}
-I2P is not inherently an "outproxy" network - the client you send a message 
-to is the cryptographic identifier, not some IP address, so the message must 
-be addressed to someone running I2P.  However, it is possible for that client
-to be an outproxy, allowing you to anonymously make use of their Internet 
-connection.  To demonstrate this, the "eepproxy" will accept normal non-I2P 
-URLs (e.g. "http://www.i2p.net") and forward them to a specific destination
-that runs a <a href="{{ squid }}">squid</a> HTTP proxy, allowing 
-simple anonymous browsing of the normal web.  Simple outproxies like that are 
-not viable in the long run for several reasons (including the cost of running 
-one as well as the anonymity and security issues they introduce), but in 
-certain circumstances the technique could be appropriate.
-{%- endtrans %}</p>
+<h3>What I2P Does Not Do</h3>
+
+<p>{% trans %}The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.{%- endtrans %}</p>
 
-<p>{% trans team=site_url('about/team'), volunteer=site_url('get-involved'),
-licenses=site_url('get-involved/develop/licenses'), sam=site_url('docs/api/sam'),
-roadmap=site_url('get-involved/roadmap') -%}
-The I2P development <a href="{{ team }}">team</a> is an open group, welcome to all 
-who are interested in <a href="{{ volunteer }}">getting involved</a>, and all of 
-the code is <a href="{{ licenses }}">open source</a>.  The core I2P SDK and the 
-current router implementation is done in Java (currently working with both 
-sun and kaffe, gcj support planned for later), and there is a 
-<a href="{{ sam }}">simple socket based API</a> for accessing the network from 
-other languages (with a C library available, and both Python and Perl in 
-development).  The network is actively being developed and has not yet reached 
-the 1.0 release, but the current <a href="{{ roadmap }}">roadmap</a> describes 
-our schedule.
-{%- endtrans %}</p>
 {% endblock %}

i2p2www/pages/site/about/software.html

@@ -0,0 +1,80 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('Intro') }}{% endblock %}
+{% block content %}
+<h1>{{ _('The I2P Software') }} (I2P)</h1>      
+
+<p>{% trans %}When you install the I2P software made available at geti2p.net, you are 
+actually installing an I2P router and an accompanying bundle of basic 
+applications. The I2P Java distribution is the first I2P software gateway and 
+has been actively developed since 2001.{%- endtrans %}</p>
+<p>{% trans %}The applications are made available through a webUI, which listens at 
+127.0.0.1:7657, and the main page of which is called the “Router Console,” 
+where you monitor the health of your connection to the network and access 
+applications to use on the network.{%- endtrans %}</p>
+<h3>{% trans %}What is included:{%- endtrans %}</h3>
+<p>{% trans %}<strong>The Set Up Wizard</strong>: When you download the 
+I2P software, a set up wizard will guide you through a few configuration steps 
+while your router is making its first connections to the network. This happens 
+the same way that your home router connects you to the Internet. During the set 
+up process, you will be given the option to test your bandwidth and set your 
+bandwidth limits in order to ensure a good connection as a network peer.{%- endtrans %}</p>
+<p>{% trans %}<strong>The I2P Router Console</strong>: Here is where you can see your 
+network connections and information about your router. You will be able to see how many peers you 
+have, and other information that will help if you need to troubleshoot. You can 
+stop and start the router as well. You will see the applications that the 
+software includes, as well as links to some community forums and sites on the 
+I2P network. You will receive news when there is a a new software release, and 
+will be able to download the latest version here as well. Additionally, you can 
+find shortcuts to other available applications. The console is customizable and 
+includes a default light theme with a dark theme option.{%- endtrans %}</p>
+<p>{% trans %}<strong>SusiMail</strong>: SusiMail is a secure email client. It is primarily 
+intended for use with Postman’s email servers inside of the I2P network . It 
+is designed to avoid leaking information about email use to other networks. 
+SusiMail is bridged so it can send and receive email from the internet as well. 
+Occasionally you may see some services like Gmail classifying it as spam, which 
+you can correct in your Internet email service providers settings.{%- endtrans %}</p>
+<p>{% trans bittorrent=site_url('docs/applications/bittorrent') -%}<strong><a href="{{ bittorrent }}">I2PSnark</a></strong>: Snark is an I2P network only BitTorrent client. It never makes a connection to a peer over any other network.{%- endtrans %}</p>
+<p>{% trans addressbook=site_url('docs/naming') -%}<strong><a href="{{ addressbook }}">The AddressBook</a></strong>: This is a locally-defined list of 
+human-readable addresses ( ie: i2p-projekt.i2p) and corresponding I2P addresses.(udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p) It integrates with other applications to 
+allow you to use those human-readable addresses in place of those I2P 
+addresses. It is more similar to a hosts file or a contact list than a network 
+database or a DNS service. There is no recognized global namespace, you decide 
+what any given .i2p domain maps to in the end.{%- endtrans %}</p>
+<p><strong>The QR Code Generator</strong>: Besides the Addressbook, I2P 
+addresses can be shared by converting them into QR codes and scanning them with 
+a camera. This is especially useful for Android devices.</p>
+<p>{% trans i2ptunnel=site_url('docs/api/i2ptunnel') -%}<strong><a href="{{ i2ptunnel }}">I2P Hidden Services Manager</a></strong> This is a general-purpose 
+adapter for forwarding services ( ie SSH ) into I2P and proxying client 
+requests to and from I2P. It provides a variety of “Tunnel Types” which are 
+able able to do advance filtering of traffic before it reaches I2P.{%- endtrans %}</p>
+<h3>{% trans %}Applications Outside I2P to use with I2P{%- endtrans %}</h3>
+<p>{% trans browser=site_url('about/browser-config') %}<strong><a href="{{ browser }}">Mozilla Firefox</a></strong>: A web browser with advanced privacy and 
+security features, this is the best browser to configure to browse I2P 
+sites.{%- endtrans %}</p>
+<p>{% trans browser=site_url('about/browser-config') %}<strong><a href="{{ browser }}">Chromium</a></strong>: A web browser developed by Google that is the 
+Open-Source base of Google Chrome, this is sometimes used as an alternative to 
+Firefox.{%- endtrans %}</p>
+<p>{% trans %}<strong><a href="https://biglybt.com">BiglyBT</a></strong>: A Feature-Rich bittorrent client including I2P 
+support and the unique ability to “Bridge” regular torrents in-to I2P so 
+people can download them anonymously.{%- endtrans %}</p>
+<p>{% trans ssh=site_url('blog/post/2019/06/15/i2p-i2pd-ssh-config') %}<strong><a href="https://openssh.com">OpenSSH</a></strong>: OpenSSH is a popular program used by systems administrators to <a href="{{ ssh }}">remotely administer a server</a>, or to provide “Shell” accounts for users on the server.{%- endtrans %}</p>
+<p>{% trans git=site_url('docs/applications/git'), gitlab=site_url('docs/applications/gitlab') %}<strong><a href="{{ git }}">Git</a>/<a href="{{ gitlab}}">Gitlab</a></strong>: Git is a source-code control tool which is 
+distributed, and often recommends a fork-first workflow. Hosting source code on 
+I2P is an important activity, so Gitlab-specific instructions are available for 
+all to use.{%- endtrans %}</p>
+<p>{% trans %}<strong><a href="https://debian.org">Debian</a> and <a href="https://ubuntu.com">Ubuntu</a> GNU/Linux</strong>: It is possible to obtain 
+packages for Debian and Ubuntu GNU/Linux over I2P using <a href="https://i2pgit.org/idk/apt-transport-i2p">apt-transport-i2p</a> and 
+<a href="https://i2pgit.org/idk/apt-transport-i2phttp">apt-transport-i2phttp</a>. In the future, a bittorrent-based transport may also be 
+developed. {%- endtrans %}</p>
+<h3>{% trans %} Applications for Developers to create new things{%- endtrans %}</h3>
+<p>{% trans sam=site_url('docs/api/sam') %}<strong><a href="{{ sam }}">The SAM API Bridge</a></strong>: The SAM API is a language-independent 
+API for writing applications that are I2P-native by communicating with the 
+local I2P router. It can provide Streaming-like capabilities, Anonymous 
+Datagrams, or Repliable Datagrams.{%- endtrans %}</p>
+<p>{% trans bob=site_url('docs/api/bob') %}<strong><a href="{{ bob }}">The BOB API Bridge</a></strong>: This is a deprecated technology, BOB 
+users should migrate to SAM if it is possible for them to do so.{%- endtrans %}</p>
+<p>{% trans i2cp=site_url('docs/protocol/i2cp') %}<strong><a href="{{ i2cp }}">The I2CP API</a></strong>: Not strictly an application, this is how Java 
+applications communicate with the I2P router to set up tunnels, generate and 
+manage keys, and communicate with other peers on the network.{%- endtrans %}</p>
+
+{% endblock %}

i2p2www/pages/site/docs/api/samv3.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}SAM V3{% endblock %}
-{% block lastupdated %}July 2020{% endblock %}
-{% block accuratefor %}0.9.47{% endblock %}
+{% block lastupdated %}2020-10{% endblock %}
+{% block accuratefor %}0.9.48{% endblock %}
 {% block content %}
 <p>Specified below is a simple client protocol for interacting with I2P.
 </p>
@@ -838,8 +838,8 @@ $port is the port number of the socket server to which SAM will
 forward connection requests. It is mandatory.
 
 </p><p>
-When a connection request arrives from I2P, the SAM bridge requests a
-socket connection from $host:$port. If it is accepted after no more
+When a connection request arrives from I2P, the SAM bridge opens a
+socket connection to $host:$port. If it is accepted in less
 than 3 seconds, SAM will accept the connection from I2P, and then:
 
 </p><p>

i2p2www/spec/proposals/152-ecies-tunnels.rst

@@ -6,7 +6,7 @@ ECIES Tunnels
     :author: chisana, zzz, orignal
     :created: 2019-07-04
     :thread: http://zzz.i2p/topics/2737
-    :lastupdated: 2020-10-09
+    :lastupdated: 2020-10-26
     :status: Open
     :target: 0.9.51
 
@@ -31,6 +31,9 @@ follow this spec for creating tunnels containing ECIES hops.
 This proposal specifies changes needed for ECIES-X25519 Tunnel Building.
 For an overview of all changes required for ECIES routers, see proposal 156 [Prop156]_.
 
+This proposal maintains the same size for tunnel build records,
+as required for compatibility. Smaller build records and messages will be
+implemented later - see [Prop157]_.
 
 
 Cryptographic Primitives
@@ -343,7 +346,7 @@ Summary of changes:
 - Unencrypted record is longer because there is less encryption overhead
 
 
-The request record does not contain any explicit tunnel or reply keys.
+The request record does not contain any ChaCha reply keys.
 Those keys are derived from a KDF. See below.
 
 All fields are big-endian.
@@ -384,6 +387,9 @@ Bit 7 indicates that the hop will be an inbound gateway (IBGW).  Bit 6
 indicates that the hop will be an outbound endpoint (OBEP).  If neither bit is
 set, the hop will be an intermediate participant.  Both cannot be set at once.
 
+The request exipration is for future variable tunnel duration.
+For now, the only supported value is 600 (10 minutes).
+
 The tunnel build options is a Mapping structure as defined in [Common]_.
 This is for future use. No options are currently defined.
 If the Mapping structure is empty, this is two bytes 0x00 0x00.
@@ -586,7 +592,8 @@ Request Record Keys (ECIES)
 -----------------------------------------------------------------------
 
 These keys are explicitly included in ElGamal BuildRequestRecords.
-For ECIES BuildRequestRecords, these keys are derived from the DH exchange.
+For ECIES BuildRequestRecords, the tunnel keys and AES reply keys are included,
+but the ChaCha reply keys are derived from the DH exchange.
 See [Prop156]_ for details of the router static ECIES keys.
 
 Below is a description of how to derive the keys previously transmitted in request records.
@@ -661,6 +668,9 @@ Failing to use unique keys opens an attack vector for colluding hops to confirm
   sesk = GENERATE_PRIVATE()
   sepk = DERIVE_PUBLIC(sesk)
 
+  // MixHash(sepk)
+  h = SHA256(h || sepk);
+
   End of "e" message pattern.
 
   This is the "es" message pattern:
@@ -766,35 +776,15 @@ This design minimizes risk.
 Implementation Notes
 =====================
 
-
+* Older routers do not check the encryption type of the hop and will send ElGamal-encrypted
+  records. Some recent routers are buggy and will send various types of malformed records.
+  Implementers should detect and reject these records prior to the DH operation
+  if possible, to reduce CPU usage.
 
 
 Issues
 ======
 
-* Is an HKDF required for the keys, what's the advantage of doing that vs.
-  just including them in the build record as before?
-
-* Make KDFs be similar to those in Noise (NTCP2) and Ratchet
-
-* HKDF output no more than 64 bytes preferred
-
-* In the current Java implementation, the full router hash field in the build
-  request record at bytes 4-35 is not checked and does not appear to be necessary.
-
-* Each record is CBC encrypted with the same AES reply key and IV, as with the current design.
-  Is this a problem? Can it be fixed?
-
-* In the current Java implementation, the originator leaves one record empty
-  for itself. Thus a message of n records can only build a tunnel of n-1 hops.
-  This is necessary for inbound tunnels (where the next-to-last hop
-  can see the hash prefix for the next hop), but not for outbound tunnels.
-  However, if the build message length is different for inbound and outbound
-  tunnels, this would allow hops to determine which direction the tunnel was.
-
-* Should we define new, smaller VTBM/VTBRM I2NP messages for all-ECIES tunnels
-  now instead of waiting for the rollout?
-
 
 
 Migration

i2p2www/spec/proposals/156-ecies-routers.rst

@@ -5,7 +5,7 @@ ECIES Routers
     :author: zzz, orignal
     :created: 2020-09-01
     :thread: http://zzz.i2p/topics/2950
-    :lastupdated: 2020-10-09
+    :lastupdated: 2020-10-19
     :status: Open
     :target: 0.9.51
 
@@ -204,13 +204,23 @@ by mid-2019 in reaction to unfinished proposal 145 [Prop145]_.
 Ensure there's nothing in the code bases
 that prevents point-to-point connections to non-ElGamal routers.
 
+Code correctness checks:
+
+- Ensure that ElGamal routers do not request AEAD-encrypted replies to DatabaseLookup messages
+  (when the reply comes back through an exploratory tunnel to the router)
+- Ensure that ECIES routers do not request AES-encrypted replies to DatabaseLookup messages
+  (when the reply comes back through an exploratory tunnel to the router)
+
 Until later phases, when specifications and implementations are complete:
 
 - Ensure that tunnel builds are not attempted by ElGamal routers through ECIES routers.
 - Ensure that encrypted ElGamal messages are not sent by ElGamal routers to ECIES floodfill routers.
+  (DatabaseLookups and DatabaseStores)
 - Ensure that encrypted ECIES messages are not sent by ECIES routers to ElGamal floodfill routers.
+  (DatabaseLookups and DatabaseStores)
 - Ensure that ECIES routers do not automatically become floodfill.
 
+No changes should be required.
 Target release, if changes required: 0.9.48
 
 
@@ -223,6 +233,7 @@ by mid-2019 in reaction to unfinished proposal 145 [Prop145]_.
 Ensure there's nothing in the code bases
 that prevents storage of non-ElGamal RouterInfos in the network database.
 
+No changes should be required.
 Target release, if changes required: 0.9.48
 
 
@@ -236,19 +247,25 @@ use its own build request record for an inbound tunnel to test and debug.
 Then test and support ECIES routers building tunnels with a mix of
 ElGamal and ECIES hops.
 
-Then enable tunnel building through ECIES routers with a minimum version TBD.
+Then enable tunnel building through ECIES routers.
+No minimum version check should be necessary unless incompatible changes
+to proposal 152 are made after a release.
 
-Target release: 0.9.49 or 0.9.50, early-mid 2021
+Target release: 0.9.48, late 2020
 
 
 Ratchet messages to ECIES floodfills
 ----------------------------------------
 
 Implement and test reception of ECIES messages (with zero static key) by ECIES floodfills.
-Enable auto-floodfill by ECIES routers.
-Then enable sending ECIES messages to ECIES routers with a minimum version TBD.
+Implement ant test reception of AEAD replies to DatabaseLookup messages by ECIES routers.
 
-Target release: 0.9.49 or 0.9.50, early-mid 2021
+Enable auto-floodfill by ECIES routers.
+Then enable sending ECIES messages to ECIES routers.
+No minimum version check should be necessary unless incompatible changes
+to proposal 152 are made after a release.
+
+Target release: 0.9.49, early 2021
 
 
 Rekeying
@@ -268,7 +285,7 @@ Target release: TBD
 New Tunnel Build Message
 --------------------------
 
-Implement and test the new Tunnel Build Message.
+Implement and test the new Tunnel Build Message as defined in proposal 157 [Prop157]_.
 Roll the support out in a release.
 Do additional testing, then enable it in the next release.
 

site-updater-docker.sh

@@ -1,4 +1,4 @@
-#! /usr/bin/env sh
+#! /usr/bin/env bash
 
 ## Set additional docker run arguments by changing the variable
 ## i2p_www_docker_run_args