the forums at degreez.net

Have there been any words about authentication between clients and servers or even client/client or server/server?

What about something a little nicer than plain passwords? Something like a public key authentication mechanism(RSA or DSA). Obviously, it shouldn't be required, as it makes hosts less anonymous, but still would be very useful for limiting clients in a meaningful way.

I can't think of a meaningful reason to authenticate the tracker, unless your trackers or peers can recommend other trackers. I know there was some talk about load sharing trackers.

The server could also pass public keys with the host list (yes, making it larger) that could be used to authenticate your peers. People could build up trust models with this, as well. Give your friends unlimited access, supposing they can authenticate themselves. People with good reputation on your favorite torrent site might get high priority, since they can be trusted to seed. There's much that can be done with this.

I don't know how much has been said about encryption. A quick search didn't show much. Public key authentication could be done safely across an unencrypted link, since the private key is never passed.

So after thinking about someone else's post, I realized that the tracker doesn't need to do anything about the authentication, though it could be very useful for private trackers.

If clients could authenticate to each other, then they could store up some sort of history/reputation. You could record the amount of data the tracker reports a peer has transferred and how much they actually transfer to you.

This could go pretty far. If someone uploads enough to you, you might trust what they have to say about other peers' uploading behavior.

The goal of this would be to create healthy swarms in which uploading is encouraged and rewarded. Without uploading, a leech could only get as good as resetting their reputation (changing IP and authentication).

This could also be done to the clients optionally. If another peer didn't support it, it wouldn't be required, but it would help those who did.

I'm so inspired that I'm going to write up a draft for this in a few days.