[p2p-hackers] Ideas for an opensource Skype lookalike

[Greg Bildson]

Enzo,

I like your analysis and I don't disagree with what you say.  However, I do want to stop one popular fallacy from repeating ad infinitum.  While I agree that a Gnutella based network would not be appropriate for your lookup, searches are no longer based on pure flooding in Gnutella.  Newer popular clients (LimeWire and BearShare anyways - not Morpheus or Gnucleus) use dynamic querying, high outdegree and last hop routing, which vastly reduces query traffic.  Queries are now more targeted and sent selectively on connections.  All the "experts" that continue to refer to Gnutella as using flooding are in fact discussing a historical artifact.

Your line of discussion is interesting even if we won't be allocating developer resources towards it in the short-term.

Thanks
-greg

---------- Original Message ----------------------------------
From: "Enzo Michelangeli" <em at em.no-ip.com>
Reply-To: "Peer-to-peer development." <p2p-hackers at zgp.org>
Date: Sat, 13 Mar 2004 19:03:17 +0800

>Hello everybody,
>
>I just joined this list after lurking for a while on its archive at
>http://zgp.org/pipermail/p2p-hackers/.
>
>I'd like to gather opinions about using P2P techniques to support a type
>of application that never managed to become really popular: a secure
>internet phone. I have recently begun to monitor the development of
>Speakfreely on Sourceforge (http://speak-freely.sourceforge.net/ ) after
>its creator John Walker decided that the future of Internet was an
>inhospitable environment for it and abandoned further development
>(http://www.fourmilab.ch/speakfree/ ). I think that John overlooked the
>possibilities offered by P2P architectures, in two critical areas:
>
>- Directories for location and presence. Nothing fancy here, already done
>before for P2P chat systems.
>- Working around NAT routers. John says of implementing third-party
>reflectors:
>
>    "[...] no non-commercial site like mine could possibly
>    afford the unlimited demands on bandwidth that would
>    require. It's one thing to provide a central meeting
>    point like a Look Who's Listening server, which handles
>    a packet every five minutes or so from connected sites,
>    but a server that's required to forward audio in
>    real-time between potentially any number of
>    simultaneously connected users is a bandwidth killer."
>
>However, what a centralized system can't do, is a piece of cake for a
>distributed system ("_One_ can't, perhaps," said Humpty Dumpty, "but two
>can.[...]"). The fact that something like Skype does exist, works, and may
>claim an average of more than 150,000 users online at any given time,
>looks like a proof of feasibility to me!
>
>Unfortunately, Skype is closed-source (which is a showstopper for a crypto
>application), and Windows-only to boot. However, nothing prevents
>borrowing some ideas at http://www.skype.com/skype_p2pexplained.html for
>an opensource alternative.
>
>Speakfreely might not represent the best starting point, but it usually
>works out of the box (which is more than can be said for most other
>Internet phones), it's multi-platform, and already contains an RTP stack
>and bulk encryption code.  As an alternative to Speakfreely's code, one
>could assemble together an RTP stack such as oRTP
>(http://www.linphone.org/ortp/), a bulk encryption and authentication
>layer such as SRTP (http://srtp.sourceforge.net/srtp.html), a portable
>audio abstraction layer such as Portaudio (www.portaudio.com) and an
>unencumbered codec such as Speex (www.speex.org). It would be nice if all
>the components were or could be ported to WinCE, for use on wireless
>PDA's.
>
>What Speakfreely sorely lacks is a sensible session initiation protocol,
>and access to non-NATted reflectors to help NATted peers to find each
>other and exchange UDP traffic. That's where a P2P network (especially one
>supporting the concept of non-NATted "ultrapeers") can save the day.
>
>In my opinion, traditional server-based (i.e., non-P2P) session initiation
>protocols like SIP -not to mention H.323- represent a poor choice for a
>consumer-friendly application: they require an arsenal of infrastructural
>applications (directories, proxies, gatekeepers etc.) which make them
>attractive only to telcos and hardware vendors (hence Cisco's support for
>SIP, and the venom liberally spilled on Skype at
>http://www.voxilla.com/modules.php?op=modload&name=News&file=article&sid=18&mode=thread).
>Besides, as I wrote on speak-freely-devel at lists.sourceforge.net, "the
>mechanisms that SIP/SDP use for session key negotiation range from the
>pathetic (key sent in cleartext!!) to the impractical (S/MIME CMS, which
>is a monster built on the clay feet of a PKI that isn't quite there)".
>Skype claims to use RSA-based key exchange, which is good for multi-party
>conferencing but does not preserve forward secrecy. Maybe some variant of
>ephemeral D-H authenticated by RSA signatures, with transparent
>renegotiation every time someone joins the conference, could do the job
>better.
>
>But the thing I particularly would like to discuss here is if, and how, to
>leverage on existing P2P networks. One could always implement a brand new
>network, using Distributed Hash Table algorithms such as Chord or
>Kademlia, but it would be much easier to rely from the very beginning upon
>a large number of nodes (at least for directory and presence
>functionality, if not for the reflectors which require specific UDP code).
>That would somehow repeat the approach initially adopted by Vocaltec when,
>in 1995, they launched their Iphone making use of IRC servers to publish
>dynamic IP addresses. Incidentally, the IRC users community didn't
>particularly appreciate ;-), triggering the Great Iphone War, which
>quickly led Vocaltec to set up its own dedicated IRC servers.
>
>>From what I see, Gnutella is pretty hopeless for that purpose because
>searches are only based on flooding, and therefore full-network searches
>are nearly impossible; on the other hand, Overnet (which relies upon the
>Kademlia algorithm) could perhaps be used as a sort of distributed
>presence/location "server", and also key server (perhaps it would be wise
>to use an OpenPGP key format to enjoy WoT features from day one). The
>Overnet protocol is unpublished, but it's been reverse-engineered at least
>in part by the mldonkey team.  Alternatively, Freenet or Entropy could
>perhaps provide similar services, but with a large code overhead (I'd like
>to keep the code small enough to be ported, one day, to a PDA) and perhaps
>slower propagation (?).
>
>Comments, as I said, are much welcome.
>
>Enzo
>
>_______________________________________________
>p2p-hackers mailing list
>p2p-hackers at zgp.org
>http://zgp.org/mailman/listinfo/p2p-hackers
>_______________________________________________
>Here is a web page listing P2P Conferences:
>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>