This extension indends to cover any combination of the following use cases:
1. Verifying that a torrent is published by a trusted source
2. Have a swarm be private and having peers authenticate peers they connect to
3. Allow peers, with prior knowledge about each other's public key, authenticate in order to set up trusted connections to known peers (i.e. "friends")
These building blocks could be used for building a web of trust, private
swarms and trusted sources for content.
torrent file extension
----------------------
A .torrent file may have the following new fields (not inside the info-hash):
"publisher"
containing the RSA public key of the publisher of the torrent. Private counterpart
of this key that has the authority to allow new peers onto the swarm.
"signature"
The RSA signature of the ``info`` dictionary (specifically, the encrypted SHA-1
hash of the ``info`` dictionary).
These fields serve the purpose of satisfying use case (1), allowing downloaders to
verify that the torrent has a trusted source.
extension handshake
-------------------
In order to satisfy use case (2), any peer supporting this extension MUST verify
that each peer on the swarm it connects to and receive an incoming connection from
is authenticated by the publisher's public key, if the torrent is *private*.
A torrent is private if the ``info`` dictionary contains an integer key ``private``
set to 1.
The extension handshake dictionary ("m") SHOULD contain a new extension key "lt_auth".
For private torrents, the extension handshake dictionary
MUST contain the certificate granting this peer access to the torrent. The
certificate is a dictionary ``cert`` containing the ``info-hash``,
``pubkey`` (the peer's public key), ``expiry`` (posix time of when cert expires).
The ``cert`` dictionary MAY be extended with more fields.
Next to the ``cert`` entry is a string ``sig`` being the signature
of the SHA-1 hash of the bencoded representation of the ``cert`` dictionary.
The signature is required for private torrents, but not required for non-private
torrents.
An example extension handshake for a private torrent could look like this::
This certificate would expire at ``Sat Mar 31 18:05:56 PDT 2012``. The values of ``sig``,
``info-hash`` and ``pubkey`` are binary strings, they are printed as hex in this example.
The RSA key size SHOULD be 2048 bits (256 bytes).
Whenconnecting to a peer, or accepting an incoming connection, for a private torrent,
the client MUST verify the validity of the incoming certificate. This is done by:
1. Verifying that the certificate has not expired.
2. Verifying that the ``info-hash`` matches the torrent the peers are connected over
3. Verifying that the signature ``sig``, is a valid signature made by the private counterpart of the public key of the publisher of the torrent (i.e. the ``publisher`` key in the torrent file)
If the certificate fails any one of those checks, the peer MUST be
disconnected without exchanging any more information. As an exception, before
disconnecting, the peer MAY send an ``lt_auto`` message saying the authentication
failed.
An example extension handshake for a non-private torrent could look like this::
