Have there been any words about authentication between clients and servers or even client/client or server/server?
What about something a little nicer than plain passwords? Something like a public key authentication mechanism(RSA or DSA). Obviously, it shouldn't be required, as it makes hosts less anonymous, but still would be very useful for limiting clients in a meaningful way.
I can't think of a meaningful reason to authenticate the tracker, unless your trackers or peers can recommend other trackers. I know there was some talk about load sharing trackers.
The server could also pass public keys with the host list (yes, making it larger) that could be used to authenticate your peers. People could build up trust models with this, as well. Give your friends unlimited access, supposing they can authenticate themselves. People with good reputation on your favorite torrent site might get high priority, since they can be trusted to seed. There's much that can be done with this.
I don't know how much has been said about encryption. A quick search didn't show much. Public key authentication could be done safely across an unencrypted link, since the private key is never passed.
|