From 0bb9115d78aeae4acca4e88dabda0afaedad8ecf Mon Sep 17 00:00:00 2001
From: str4d <str4d@mail.i2p>
Date: Sun, 7 May 2017 06:29:27 +0000
Subject: [PATCH] New translations

---
 i2p2www/translations/pt/LC_MESSAGES/docs.po | 16073 ++++++++++++++++++
 1 file changed, 16073 insertions(+)
 create mode 100644 i2p2www/translations/pt/LC_MESSAGES/docs.po

diff --git a/i2p2www/translations/pt/LC_MESSAGES/docs.po b/i2p2www/translations/pt/LC_MESSAGES/docs.po
new file mode 100644
index 000000000..d6dff8d48
--- /dev/null
+++ b/i2p2www/translations/pt/LC_MESSAGES/docs.po
@@ -0,0 +1,16073 @@
+# Portuguese translations for I2P.
+# Copyright (C) 2017 ORGANIZATION
+# This file is distributed under the same license as the I2P project.
+#
+# Translators:
+# Manuela Silva <manuela.silva@sky.com>, 2017
+# Manuela Silva <manuela.silva@sky.com>, 2016
+msgid ""
+msgstr ""
+"Project-Id-Version:  I2P\n"
+"Report-Msgid-Bugs-To: http://trac.i2p2.de\n"
+"POT-Creation-Date: 2017-04-01 23:55+0000\n"
+"PO-Revision-Date: 2017-05-03 13:11+0000\n"
+"Last-Translator: Manuela Silva <manuela.silva@sky.com>\n"
+"Language-Team: Portuguese (http://www.transifex.com/otf/I2P/language/pt/)"
+"\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 1.3\n"
+
+#: i2p2www/pages/site/docs/index.html:2 i2p2www/pages/site/docs/index.html:23
+msgid "Index to Technical Documentation"
+msgstr "Índex para a Documentação Técnica"
+
+#: i2p2www/pages/site/docs/index.html:3 i2p2www/pages/site/docs/reseed.html:3
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:3
+msgid "January 2016"
+msgstr "Janeiro de 2016"
+
+#: i2p2www/pages/site/docs/index.html:6
+msgid "Following is an index to the technical documentation for I2P."
+msgstr "'Seguir' é um índex para a documentação técnica para o I2P."
+
+#: i2p2www/pages/site/docs/index.html:10
+msgid ""
+"This index is ordered from the highest to lowest layers.\n"
+"The higher layers are for \"clients\" or applications;\n"
+"the lower layers are inside the router itself.\n"
+"The interface between applications and the router is the I2CP (I2P "
+"Control Protocol) API."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:17
+#, python-format
+msgid ""
+"The I2P Project is committed to maintaining accurate, current "
+"documentation.\n"
+"If you find any inaccuracies in the documents linked below, please\n"
+"<a href=\"%(trac)s\">enter a ticket identifying the problem</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:25 i2p2www/pages/site/docs/naming.html:6
+#: i2p2www/pages/site/docs/api/bob.html:42
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:7
+#: i2p2www/pages/site/docs/api/streaming.html:6
+#: i2p2www/pages/site/docs/applications/embedding.html:7
+#: i2p2www/pages/site/docs/applications/managed-clients.html:7
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:6
+#: i2p2www/pages/site/docs/how/network-database.html:6
+#: i2p2www/pages/site/docs/how/peer-selection.html:6
+#: i2p2www/pages/site/docs/how/tech-intro.html:9
+#: i2p2www/pages/site/docs/how/tech-intro.html:93
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:6
+#: i2p2www/pages/site/docs/tunnels/implementation.html:67
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:6
+msgid "Overview"
+msgstr "Sinopse"
+
+#: i2p2www/pages/site/docs/index.html:27
+msgid "Technical Introduction"
+msgstr "Introdução Técnica"
+
+#: i2p2www/pages/site/docs/index.html:28
+msgid "A Less-Technical Introduction"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:29
+msgid "Threat model and analysis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:30
+msgid "Comparisons to other anonymous networks"
+msgstr "Comparações para outras redes anónimas"
+
+#: i2p2www/pages/site/docs/index.html:31
+msgid "Specifications"
+msgstr "Especificações"
+
+#: i2p2www/pages/site/docs/index.html:32
+msgid "Protocol stack chart"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:33
+msgid "Papers on I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:34
+msgid "Presentations, articles, tutorials, videos, and interviews"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:35
+#, python-format
+msgid ""
+"<a href=\"%(pdf)s\">Invisible Internet Project (I2P) Project Overview</a>"
+" August 28, 2003 (pdf)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:38
+msgid "Application-Layer Topics"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:41 i2p2www/pages/site/docs/naming.html:2
+msgid "Naming and Addressbook"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:42
+msgid "Plugins Overview"
+msgstr "Resumo de Plug-ins"
+
+#: i2p2www/pages/site/docs/index.html:43
+msgid "Plugin Specification"
+msgstr "Especificação de Plug-in"
+
+#: i2p2www/pages/site/docs/index.html:44
+#: i2p2www/pages/site/docs/applications/managed-clients.html:2
+#: i2p2www/pages/site/docs/applications/managed-clients.html:20
+msgid "Managed Clients"
+msgstr "Clientes Geridos"
+
+#: i2p2www/pages/site/docs/index.html:45 i2p2www/pages/site/docs/index.html:223
+msgid "Embedding the router in your application"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:46
+#: i2p2www/pages/site/docs/applications/bittorrent.html:2
+msgid "Bittorrent over I2P"
+msgstr "Bittorrent sob I2P"
+
+#: i2p2www/pages/site/docs/index.html:47
+msgid "I2PControl Plugin API"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:48
+msgid "hostsdb.blockfile Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:49 i2p2www/pages/site/docs/index.html:195
+msgid "Configuration File Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:52
+msgid "Application Layer API and Protocols"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:53
+msgid ""
+"High-level, easy-to-use APIs for applications written in any language to "
+"send and receive data."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:55
+msgid "Application Development Overview and Guide"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:59
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:51
+msgid "I2PTunnel Configuration"
+msgstr "Configuração de I2PTunnel"
+
+#: i2p2www/pages/site/docs/index.html:75
+msgid "SAM Protocol"
+msgstr "Protocolo SAM"
+
+#: i2p2www/pages/site/docs/index.html:77
+msgid "SAMv2 Protocol"
+msgstr "Protocolo SAMv2"
+
+#: i2p2www/pages/site/docs/index.html:79
+msgid "SAMv3 Protocol"
+msgstr "Protocolo SAMv3"
+
+#: i2p2www/pages/site/docs/index.html:81
+msgid "BOB Protocol"
+msgstr "Protocolo BOB"
+
+#: i2p2www/pages/site/docs/index.html:84
+msgid "End-to-End Transport API and Protocols"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:85
+msgid ""
+"The end-to-end protocols used by clients for reliable and unreliable "
+"communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:87
+#: i2p2www/pages/site/docs/api/streaming.html:2
+msgid "Streaming Library"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:89
+msgid "Streaming Protocol Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:91
+msgid "Streaming Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:93
+#: i2p2www/pages/site/docs/api/datagrams.html:2
+msgid "Datagrams"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:95
+msgid "Datagram Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:98
+msgid "Client-to-Router Interface API and Protocol"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:99
+msgid ""
+"The lowest-level API used for clients (applications) to send and receive "
+"traffic to a router.\n"
+"Traditionally used only by Java applications and higher-level APIs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:104
+msgid "I2CP - I2P Control Protocol / API overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:106
+msgid "I2CP Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:108
+msgid "I2CP API Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:110
+#: i2p2www/pages/site/docs/index.html:140
+msgid "Common data structures specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:112
+#: i2p2www/pages/site/docs/index.html:142
+msgid "Data Structures Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:115
+msgid "End-to-End Encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:116
+msgid "How client messages are end-to-end encrypted by the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:118
+msgid "ElGamal/AES+SessionTag encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:119
+#: i2p2www/pages/site/docs/index.html:153
+msgid "ElGamal and AES cryptography details"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:122
+#: i2p2www/pages/site/docs/how/tech-intro.html:11
+#: i2p2www/pages/site/docs/how/tech-intro.html:325
+msgid "Network Database"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:123
+msgid ""
+"Distributed storage and retrieval of information about routers and "
+"clients."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:125
+msgid "Network database overview, details, and threat analysis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:126
+msgid "Cryptographic hashes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:127
+msgid "Cryptographic signatures"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:128
+#: i2p2www/pages/site/docs/index.html:187
+msgid "Router reseed specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:131
+msgid "Router Message Protocol"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:132
+msgid ""
+"I2P is a message-oriented router. The messages sent between routers are "
+"defined by the I2NP protocol."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:134
+msgid "I2NP - I2P Network Protocol Overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:136
+msgid "I2NP Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:138
+msgid "I2NP Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:145
+#: i2p2www/pages/site/docs/how/tech-intro.html:10
+#: i2p2www/pages/site/docs/how/tech-intro.html:224
+msgid "Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:146
+msgid ""
+"Selecting peers, requesting tunnels through those peers, and encrypting "
+"and routing messages through these tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:148
+msgid "Peer profiling and selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:149
+msgid "Tunnel routing overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:150
+msgid "Garlic routing and \"garlic\" terminology"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:151
+msgid "Tunnel building and encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:152
+msgid "ElGamal/AES"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:152
+msgid "for build request encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:154
+msgid "Tunnel building specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:155
+msgid "Low-level tunnel message specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:156
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:2
+msgid "Unidirectional Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:157
+#: i2p2www/pages/site/docs/how/peer-selection.html:299
+msgid "Peer Profiling and Selection in the I2P Anonymous Network"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:158
+msgid "2009 paper (pdf), not current but still generally accurate"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:161
+msgid "Transport Layer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:162
+msgid "The protocols for direct (point-to-point) router to router communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:164
+msgid "Transport layer overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:166
+msgid "TCP-based transport overview and specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:168
+msgid "UDP-based transport overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:170
+msgid "SSU specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:172
+msgid "NTCP transport encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:174
+msgid "SSU transport encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:176
+msgid "Transport Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:178
+msgid "NTCP Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:180
+msgid "SSU Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:183
+msgid "Other Router Topics"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:185
+msgid "Router software updates"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:189
+msgid "Native BigInteger Library"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:191
+msgid "Time synchronization and NTP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:193
+msgid "Performance"
+msgstr "Desempenho"
+
+#: i2p2www/pages/site/docs/index.html:200
+msgid "Developer's Guides and Resources"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:202
+msgid "New Developer's Guide"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:204
+msgid "New Translator's Guide"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:206
+msgid "Monotone Guide"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:208
+msgid "Developer Guidelines"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:210
+msgid "Javadocs on the standard internet:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:211
+#: i2p2www/pages/site/docs/index.html:215
+#: i2p2www/pages/site/docs/index.html:216
+#: i2p2www/pages/site/docs/index.html:217
+#, python-format
+msgid "Server %(num)s"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:212
+#: i2p2www/pages/site/docs/index.html:221
+msgid ""
+"Note: always verify that javadocs are current by checking the release "
+"number."
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:214
+msgid "Javadocs inside I2P:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:225
+msgid "How to Set up a Reseed Server"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:227
+msgid "Ports used by I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:229
+msgid "Automatic updates to development builds inside I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:231
+msgid "Updating the wrapper manually"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:233
+msgid "User forum"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:235
+msgid "Developer forum inside I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:237
+msgid "Bug tracker"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:239
+msgid "Viewmtn inside I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:241
+msgid "I2P Source exported to GitHub"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:243
+msgid "I2P Source Git Repo inside I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:245
+msgid "Source translation at Transifex"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:247
+msgid "Roadmap"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:249
+msgid "To Do List"
+msgstr ""
+
+#: i2p2www/pages/site/docs/index.html:249
+msgid "not current"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:3
+msgid "May 2016"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:8
+msgid ""
+"I2P ships with a generic naming library and a base implementation \n"
+"designed to work off a local name to destination mapping, as well as an\n"
+"add-on application called the <a href=\"#addressbook\">addressbook</a>. \n"
+"I2P also supports <a href=\"#base32\">Base32 hostnames</a> similar to "
+"Tor's .onion addresses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:15
+msgid ""
+"The addressbook is a web-of-trust\n"
+"driven secure, distributed, and human readable naming system, sacrificing"
+" only\n"
+"the call for all human readable names to be globally unique by mandating "
+"only\n"
+"local uniqueness.  While all messages in I2P are cryptographically "
+"addressed\n"
+"by their destination, different people can have local addressbook entries"
+" for\n"
+"\"Alice\" which refer to different destinations.  People can still "
+"discover new\n"
+"names by importing published addressbooks of peers specified in their web"
+" of trust,\n"
+"by adding in the entries provided through a third party, or (if some "
+"people organize\n"
+"a series of published addressbooks using a first come first serve "
+"registration\n"
+"system) people can choose to treat these addressbooks as name servers, "
+"emulating\n"
+"traditional DNS."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:29
+#, python-format
+msgid ""
+"NOTE: For the reasoning behind the I2P naming system, common arguments "
+"against it\n"
+"and possible alternatives see the <a href=\"%(namingdiscussion)s\">naming"
+" discussion</a>\n"
+"page."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:36
+msgid "Naming System Components"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:38
+msgid ""
+"There is no central naming authority in I2P.\n"
+"All hostnames are local."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:43
+msgid ""
+"The naming system is quite simple and most of it is implemented\n"
+"in applications external to the router, but bundled with\n"
+"the I2P distribution.\n"
+"The components are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:51
+msgid ""
+"The local <a href=\"#lookup\">naming service</a> which does lookups\n"
+"and also handles <a href=\"#base32\">Base32 hostnames</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:55
+msgid ""
+"The <a href=\"#httpproxy\">HTTP proxy</a> which asks the router for "
+"lookups and points\n"
+"the user to remote jump services to assist with failed lookups."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:59
+msgid ""
+"HTTP <a href=\"#add-services\">host-add forms</a> which allow users to "
+"add hosts to their local hosts.txt"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:62
+msgid ""
+"HTTP <a href=\"#jump-services\">jump services</a> which provide their own"
+" lookups and redirection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:65
+msgid ""
+"The <a href=\"#addressbook\">addressbook</a> application which merges "
+"external\n"
+"host lists, retrieved via HTTP, with the local list."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:69
+msgid ""
+"The <a href=\"#susidns\">SusiDNS</a> application which is a simple web "
+"front-end\n"
+"for addressbook configuration and viewing of the local host lists."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:76
+msgid "Naming Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:78
+#, python-format
+msgid ""
+"All destinations in I2P are 516-byte (or longer) keys.\n"
+"(To be more precise, it is a 256-byte public key plus a 128-byte signing "
+"key\n"
+"plus a null certificate, which in Base64 representation is 516 bytes.\n"
+"<a href=\"%(namingdiscussion)s#certificates\">Certificates</a> are not "
+"used now,\n"
+"if they are, the keys will be longer.\n"
+"One possible use of certificates is for <a "
+"href=\"%(todo)s#hashcash\">proof of work</a>.)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:87
+msgid ""
+"If an application (i2ptunnel or the HTTP proxy) wishes to access\n"
+"a destination by name, the router does a very simple local lookup\n"
+"to resolve that name."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:93
+msgid "Hosts.txt Naming Service"
+msgstr "Serviço de Nomeação de Hosts.txt"
+
+#: i2p2www/pages/site/docs/naming.html:95
+msgid ""
+"The hosts.txt Naming Service does a simple linear search through\n"
+"text files. This naming service was the default until\n"
+"release 0.8.8 when it was replaced by the Blockfile Naming Service.\n"
+"The hosts.txt format had become too slow after the file grew to thousands"
+" of entries."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:102
+#, python-format
+msgid ""
+"It does a linear search through three local files, in order, to\n"
+"look up host names and convert them to a 516-byte destination key.\n"
+"Each file is in a simple <a href=\"%(configuration)s\">configuration file"
+" format</a>, with hostname=base64, one per line.\n"
+"The files are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:114
+msgid "Blockfile Naming Service"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:116
+msgid ""
+"The Blockfile Naming Service stores multiple \"addressbooks\" in a single"
+"\n"
+"database file named hostsdb.blockfile.\n"
+"This Naming Service is the default since release 0.8.8."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:122
+#, python-format
+msgid ""
+"A blockfile is simply on-disk storage of multiple sorted maps (key-value "
+"pairs),\n"
+"implemented as skiplists.\n"
+"The blockfile format is specified on the <a "
+"href=\"%(blockfile)s\">Blockfile page</a>.\n"
+"It provides fast Destination lookup in a compact format. While the "
+"blockfile overhead is substantial,\n"
+"the destinations are stored in binary rather than in Base 64 as in the "
+"hosts.txt format.\n"
+"In addition, the blockfile provides the capability of arbitrary metadata "
+"storage\n"
+"(such as added date, source, and comments) for each entry to implement "
+"advanced addressbook features.\n"
+"The blockfile storage requirement is a modest increase over the hosts.txt"
+" format, and the blockfile provides\n"
+"approximately 10x reduction in lookup times."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:134
+msgid ""
+"On creation, the naming service imports entries from the three files used"
+" by the hosts.txt Naming Service.\n"
+"The blockfile mimics the previous implementation by maintaining three "
+"maps that\n"
+"are searched in-order, named privatehosts.txt, userhosts.txt, and "
+"hosts.txt.\n"
+"It also maintains a reverse-lookup map to implement rapid reverse lookups."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:141
+msgid "Other Naming Service Facilities"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:143
+#, python-format
+msgid ""
+"The lookup is case-insensitive.\n"
+"The first match is used, and conflicts are not detected.\n"
+"There is no enforcement of naming rules in lookups.\n"
+"Lookups are cached for a few minutes.\n"
+"Base 32 resolution is <a href=\"#base32\">described below</a>.\n"
+"For a full description of the Naming Service API see the\n"
+"<a href=\"%(nsjavadocs)s\">Naming Service Javadocs</a>.\n"
+"This API was significantly expanded in release 0.8.7 to provide\n"
+"adds and removes, storage of arbitrary properties with the hostname,\n"
+"and other features."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:156
+msgid "Alternatives and Experimental Naming Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:158
+#, python-format
+msgid ""
+"The naming service is specified with the configuration property "
+"<tt>i2p.naming.impl=class</tt>.\n"
+"Other implementations are possible. For example,\n"
+"there is an experimental facility for real-time lookups (a la DNS) over "
+"the network within the router.\n"
+"For more information see the <a "
+"href=\"%(namingdiscussion)s#alternatives\">alternatives on the discussion"
+" page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:165
+msgid ""
+"The HTTP proxy does a lookup via the router for all hostnames ending in "
+"'.i2p'.\n"
+"Otherwise, it forwards the request to a configured HTTP outproxy.\n"
+"Thus, in practice, all HTTP (eepsite) hostnames must end in the pseudo-"
+"Top Level Domain '.i2p'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:171
+#, python-format
+msgid ""
+"We have <a href=\"%(i2ptld)s\">applied to reserve the .i2p TLD</a>\n"
+"following the procedures specified in <a href=\"%(rfc6761)s\">RFC "
+"6761</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:177
+msgid ""
+"If the router fails to resolve the hostname, the HTTP proxy returns\n"
+"an error page to the user with links to several \"jump\" services.\n"
+"See below for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:183
+msgid "Addressbook"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:184
+msgid "Incoming Subscriptions and Merging"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:186
+msgid ""
+"The addressbook application periodically\n"
+"retrieves other users' hosts.txt files and merges\n"
+"them with the local hosts.txt, after several checks.\n"
+"Naming conflicts are resolved on a first-come first-served\n"
+"basis."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:194
+msgid ""
+"Subscribing to another user's hosts.txt file involves\n"
+"giving them a certain amount of trust.\n"
+"You do not want them, for example, 'hijacking' a new site\n"
+"by quickly entering in their own key for a new site before\n"
+"passing the new host/key entry to you."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:202
+msgid ""
+"For this reason, the only subscription configured by\n"
+"default is <code>http://i2p-projekt.i2p/hosts.txt "
+"(http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt)</code>,"
+" \n"
+"which contains a copy of the hosts.txt included\n"
+"in the I2P release.\n"
+"Users must configure additional subscriptions in their\n"
+"local addressbook application (via subscriptions.txt or <a "
+"href=\"#susidns\">SusiDNS</a>)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:211
+msgid "Some other public addressbook subscription links:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:218
+msgid ""
+"The operators of these services may have various policies for listing "
+"hosts.\n"
+"Presence on this list does not imply endorsement."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:223
+#: i2p2www/pages/site/docs/naming.html:235
+msgid "Naming Rules"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:224
+msgid ""
+"While there are hopefully not any technical limitations within I2P on "
+"host names,\n"
+"the addressbook enforces several restrictions on host names\n"
+"imported from subscriptions.\n"
+"It does this for basic typographical sanity and compatibility with "
+"browsers,\n"
+"and for security.\n"
+"The rules are essentially the same as those in RFC2396 Section 3.2.2.\n"
+"Any hostnames violating these rules may not be propagated\n"
+"to other routers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:239
+msgid "Names are converted to lower case on import."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:243
+msgid ""
+"Names are checked for conflict with existing names in the existing "
+"userhosts.txt and hosts.txt\n"
+"(but not privatehosts.txt) after conversion to lower case."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:248
+msgid "Must contain only [a-z] [0-9] '.' and '-' after conversion to lower case."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:252
+msgid "Must not start with '.' or '-'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:256
+msgid "Must end with '.i2p'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:260
+msgid "67 characters maximum, including the '.i2p'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:264
+msgid "Must not contain '..'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:268
+msgid "Must not contain '.-' or '-.' (as of 0.6.1.33)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:272
+msgid "Must not contain '--' except in 'xn--' for IDN."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:276
+msgid ""
+"Base32 hostnames (*.b32.i2p) are reserved for base 32 use and so are not "
+"allowed to be imported."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:280
+msgid ""
+"Certain hostnames reserved for project use are not allowed\n"
+"(proxy.i2p, router.i2p, console.i2p, *.proxy.i2p, *.router.i2p, "
+"*.console.i2p, and others)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:285
+msgid "Keys are checked for base64 validity."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:289
+msgid ""
+"Keys are checked for conflict with existing keys in hosts.txt (but not "
+"privatehosts.txt)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:293
+msgid "Minimum key length 516 bytes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:297
+msgid "Maximum key length 616 bytes (to account for certs up to 100 bytes)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:302
+msgid ""
+"Any name received via subscription that passes all the checks is added "
+"via the local naming service."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:306
+msgid ""
+"Note that the '.' symbols in a host name are of no significance,\n"
+"and do not denote any actual naming or trust hierarchy.\n"
+"If the name 'host.i2p' already exists, there is nothing\n"
+"to prevent anybody from adding a name 'a.host.i2p' to their hosts.txt,\n"
+"and this name can be imported by others' addressbook.\n"
+"Methods to deny subdomains to non-domain 'owners' (certificates?),\n"
+"and the desirability and feasibility of these methods,\n"
+"are topics for future discussion."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:317
+msgid ""
+"International Domain Names (IDN) also work in i2p (using punycode 'xn--' "
+"form).\n"
+"To see IDN .i2p domain names rendered correctly in Firefox's location "
+"bar,\n"
+"add 'network.IDN.whitelist.i2p (boolean) = true' in about:config."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:323
+msgid ""
+"As the addressbook application does not use privatehosts.txt at all, in "
+"practice\n"
+"this file is the only place where it is appropriate to place private "
+"aliases or\n"
+"\"pet names\" for sites already in hosts.txt."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:329
+msgid "Advanced Subscription Feed Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:337
+msgid "Outgoing Subscriptions"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:338
+msgid ""
+"Addressbook will publish the merged hosts.txt to a location\n"
+"(traditionally hosts.txt in the local eepsite's home directory) to be "
+"accessed by others\n"
+"for their subscriptions.\n"
+"This step is optional and is disabled by default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:346
+msgid ""
+"The addressbook application, together with eepget, saves the Etag and/or "
+"Last-Modified\n"
+"information returned by the web server of the subscription.\n"
+"This greatly reduces the bandwidth required, as the web server will\n"
+"return a '304 Not Modified' on the next fetch if nothing has changed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:353
+msgid ""
+"However the entire hosts.txt is downloaded if it has changed.\n"
+"See below for discussion on this issue."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:358
+msgid ""
+"Hosts serving a static hosts.txt or an equivalent CGI application\n"
+"are strongly encouraged to deliver\n"
+"a Content-Length header, and either an Etag or Last-Modified header.\n"
+"Also ensure that the server delivers a '304 Not Modified' when "
+"appropriate.\n"
+"This will dramatically reduce the network bandwidth, and\n"
+"reduce chances of corruption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:367
+msgid "Host Add Services"
+msgstr "Serviços de Adição de Anfitrião"
+
+#: i2p2www/pages/site/docs/naming.html:368
+msgid ""
+"A host add service is a simple CGI application that takes a hostname and "
+"a Base64 key as parameters\n"
+"and adds that to its local hosts.txt.\n"
+"If other routers subscribe to that hosts.txt, the new hostname/key\n"
+"will be propagated through the network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:375
+msgid ""
+"It is recommended that host add services impose, at a minimum, the "
+"restrictions imposed by the addressbook application listed above.\n"
+"Host add services may impose additional restrictions on hostnames and "
+"keys, for example:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:380
+msgid "A limit on number of 'subdomains'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:384
+msgid "Authorization for 'subdomains' through various methods."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:388
+msgid "Hashcash or signed certificates."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:392
+msgid "Editorial review of host names and/or content."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:396
+msgid "Categorization of hosts by content."
+msgstr "Categorização de anfitriões por conteúdo."
+
+#: i2p2www/pages/site/docs/naming.html:400
+msgid "Reservation or rejection of certain host names."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:404
+msgid "Restrictions on the number of names registered in a given time period."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:408
+msgid "Delays between registration and publication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:412
+msgid "Requirement that the host be up for verification."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:416
+msgid "Expiration and/or revocation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:420
+msgid "IDN spoof rejection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:425
+msgid "Jump Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:426
+msgid ""
+"A jump service is a simple CGI application that takes a hostname as a "
+"parameter\n"
+"and returns a 301 redirect to the proper URL with a "
+"<code>?i2paddresshelper=key</code>\n"
+"string appended.\n"
+"The HTTP proxy will interpret the appended string and\n"
+"use that key as the actual destination.\n"
+"In addition, the proxy will cache that key so the\n"
+"address helper is not necessary until restart."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:436
+msgid ""
+"Note that, like with subscriptions, using a jump service\n"
+"implies a certain amount of trust, as a jump service could maliciously\n"
+"redirect a user to an incorrect destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:442
+msgid ""
+"To provide the best service, a jump service should be subscribed to\n"
+"several hosts.txt providers so that its local host list is current."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:448
+msgid ""
+"SusiDNS is simply a web interface front-end to configuring addressbook "
+"subscriptions\n"
+"and accessing the four addressbook files.\n"
+"All the real work is done by the 'addressbook' application."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:454
+msgid ""
+"Currently, there is little enforcement of addressbook naming rules within"
+" SusiDNS,\n"
+"so a user may enter hostnames locally that would be rejected by\n"
+"the addressbook subscription rules."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:460
+msgid "Base32 Names"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:461
+msgid ""
+"I2P supports Base32 hostnames similar to Tor's .onion addresses.\n"
+"Base32 addresses are much shorter and easier to handle than the\n"
+"full 516-character Base64 Destinations or addresshelpers.\n"
+"Example: "
+"<code>ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p</code>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:468
+#, python-format
+msgid ""
+"In Tor, the address is 16 characters (80 bits), or half of the SHA-1 "
+"hash.\n"
+"I2P uses 52 characters (256 bits) to represent the full SHA-256 hash.\n"
+"The form is {52 chars}.b32.i2p.\n"
+"Tor has recently published a\n"
+"<a href=\"https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94"
+"-december-4th-2013\">proposal</a>\n"
+"to convert to an identical format of {52 chars}.onion for their hidden "
+"services.\n"
+"Base32 is implemented in the naming service, which queries the\n"
+"router over I2CP to lookup the LeaseSet to get the full Destination.\n"
+"Base32 lookups will only be successful when the Destination is up and "
+"publishing\n"
+"a LeaseSet.\n"
+"Because resolution may require a network database lookup, it may take "
+"significantly\n"
+"longer than a local address book lookup."
+msgstr ""
+
+#: i2p2www/pages/site/docs/naming.html:483
+msgid ""
+"Base32 addresses can be used in most places where hostnames or full "
+"destinations\n"
+"are used, however there are some exceptions where they may fail if the\n"
+"name does not immediately resolve. I2PTunnel will fail, for example, if\n"
+"the name does not resolve to a destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:2
+msgid "Plugins"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:3
+msgid "June 2012"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:6
+msgid "General Information"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:7
+msgid ""
+"I2P includes a plugin architecture\n"
+"to support easy development and installation of additional software."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:12
+msgid ""
+"There are now plugins available that support distributed email, blogs, "
+"IRC\n"
+"clients, distributed file storage, wikis, and more."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:17
+msgid "Benefits to i2p users and app developers:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:22
+msgid "Easy distribution of applications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:26
+msgid ""
+"Allows innovation and use of additional libraries without worrying about\n"
+"increasing the size of <code>i2pupdate.sud</code>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:31
+msgid ""
+"Support large or special-purpose applications that would never be bundled"
+"\n"
+"with the I2P installation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:36
+msgid "Cryptographically signed and verified applications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:40
+msgid "Automatic updates of applications, just like for the router"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:44
+msgid ""
+"Separate initial install and update packages, if desired, for smaller "
+"update downloads"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:48
+msgid ""
+"One-click installation of applications. No more asking users to modify\n"
+"<code>wrapper.config</code> or <code>clients.config</code>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:53
+msgid "Isolate applications from the base <code>$I2P</code> installation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:57
+msgid ""
+"Automatic compatibility checking for I2P version, Java version, Jetty\n"
+"version, and previous installed application version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:62
+msgid "Automatic link addition in console"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:66
+msgid ""
+"Automatic startup of application, including modifying classpath, without "
+"requiring a restart"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:70
+msgid "Automatic integration and startup of webapps into console Jetty instance"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:74
+#, python-format
+msgid ""
+"Facilitate creation of 'app stores' like the one at\n"
+"<a href=\"http://%(pluginsite)s\">%(pluginsite)s</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:79
+msgid "One-click uninstall"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:83
+msgid "Language and theme packs for the console"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:87
+msgid "Bring detailed application information to the router console"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:91
+msgid "Non-java applications also supported"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:97
+msgid "Required I2P version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:98
+msgid "0.7.12 or newer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:100
+msgid "Installation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:101
+msgid ""
+"To install and start a plugin, copy the <code>.xpi2p</code> install link "
+"to\n"
+"the form at the bottom of\n"
+"<a "
+"href=\"http://127.0.0.1:7657/configclients.jsp#plugin\">configclients.jsp"
+" in\n"
+"your router console</a> and click the \"install plugin\" button.  After a"
+"\n"
+"plugin is installed and started, a link to the plugin will usually appear"
+" at\n"
+"the top of your summary bar."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:110
+msgid ""
+"To update a plugin to the latest version, just click the update button on"
+"\n"
+"<a "
+"href=\"http://127.0.0.1:7657/configclients.jsp#plugin\">configclients.jsp</a>."
+"\n"
+"There is also a button to check if the plugin has a more recent version, "
+"as\n"
+"well as a button to check for updates for all plugins.  Plugins will be "
+"checked\n"
+"for updates automatically when updating to a new I2P release (not "
+"including dev\n"
+"builds)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:120
+msgid "Development"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:121
+#, python-format
+msgid ""
+"See the latest <a href=\"%(pluginspec)s\">plugin specification</a> and "
+"the\n"
+"<a href=\"http://%(zzz)s/forums/16\">plugin forum</a> on %(zzz)s."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:126
+#, python-format
+msgid ""
+"See also the sources for plugins developed by various people.  Some "
+"plugins, such\n"
+"as <a href=\"http://%(pluginsite)s/plugins/snowman\">snowman</a>, were "
+"developed\n"
+"specifically as examples."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:132
+msgid ""
+"<b>Developers wanted!</b> Plugins are a great way to learn more about I2P"
+"\n"
+"or easily add some feature."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:137
+msgid "Getting Started"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:138
+#, python-format
+msgid ""
+"To create a plugin from an existing binary package you will need to get\n"
+"makeplugin.sh from <a href=\"%(url)s\">the i2p.scripts branch in "
+"monotone</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:144
+msgid "Known Issues"
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:145
+msgid ""
+"Note that the router's plugin architecture does <b>NOT</b> currently\n"
+"provide any additional security isolation or sandboxing of plugins."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:151
+msgid ""
+"Updates of a plugin with included jars (not wars) won't be recognized if\n"
+"the plugin was already run, as it requires class loader trickery to flush"
+" the\n"
+"class cache; a full router restart is required."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:157
+msgid "The stop button may be displayed even if there is nothing to stop."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:161
+msgid ""
+"Plugins running in a separate JVM create a <code>logs/</code> directory "
+"in\n"
+"<code>$CWD</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:166
+msgid ""
+"No initial keys are present, except for those of jrandom and zzz (using "
+"the\n"
+"same keys as for router update), so the first key seen for a signer is\n"
+"automatically accepted&mdash;there is no signing key authority."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:172
+msgid ""
+"When deleting a plugin, the directory is not always deleted, especially "
+"on\n"
+"Windows."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:177
+msgid ""
+"Installing a plugin requiring Java 1.6 on a Java 1.5 machine will result "
+"in a\n"
+"\"plugin is corrupt\" message if pack200 compression of the plugin file "
+"is used."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:182
+msgid "Theme and translation plugins are untested."
+msgstr ""
+
+#: i2p2www/pages/site/docs/plugins.html:186
+msgid "Disabling autostart doesn't always work."
+msgstr ""
+
+#: i2p2www/pages/site/docs/ports.html:2
+msgid "Ports Used by I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/ports.html:3
+msgid "December 2015"
+msgstr ""
+
+#: i2p2www/pages/site/docs/ports.html:7
+msgid ""
+"These are the ports used or reserved by I2P, including those for known "
+"plugins,\n"
+"common alternates,\n"
+"and some typical related applications."
+msgstr ""
+
+#: i2p2www/pages/site/docs/ports.html:13
+#, python-format
+msgid ""
+"Note that many of these are not enabled by default.\n"
+"There is more information in <a href=\"%(faq)s#ports\">the FAQ</a>.\n"
+"See also the documentation for individual plugins.\n"
+"Plugin authors please add any ports you use here.\n"
+"For new plugins, we recommend using the next available port\n"
+"in the 766x range."
+msgstr ""
+
+#: i2p2www/pages/site/docs/ports.html:53
+msgid "recommended spot for new plugins/applications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:2
+msgid "Reseed Hosts"
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:8
+msgid "About Reseed hosts"
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:10
+msgid ""
+"Reseed hosts are needed to for bootstrapping, that is, providing the "
+"initial set of I2P nodes for your I2P node to talk to. Depending on the "
+"status of your node it may need to bootstrap every now and then if many "
+"of the nodes it knows of aren't contactable."
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:14
+msgid ""
+"Reseeding is done over an encrypted connection and all of the bootstrap "
+"information is signed by the reseed host you connect to, making it "
+"impossible for an unauthenticated source to provide you with false "
+"information."
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:19
+msgid "Running a Reseed host"
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:21
+msgid ""
+"The more reseed hosts that are run, the more resilient the I2P network "
+"becomes, and the harder it is to prevent users of I2P from connecting to "
+"the network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:25
+msgid ""
+"There have also been cases where the reseed hosts we had, have been under"
+" heavy load due to botnet activities."
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:33
+msgid "Thank you"
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:35
+msgid ""
+"If you are running a reseed server, We would like to thank you for "
+"helping to\n"
+"make the I2P network stronger and more resilient than ever."
+msgstr ""
+
+#: i2p2www/pages/site/docs/reseed.html:41
+msgid "Thank you."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:2
+msgid "BOB - Basic Open Bridge"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:3
+msgid "August 2016"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:12
+msgid "Technical differences from SAM (for the better?)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:14
+msgid ""
+"BOB has separate command and data channels. \n"
+"One, an application command channel socket to router to configure.\n"
+"Two, the application data sockets to/from router that carry only data.\n"
+"The command channel is only needed for making or setting the initial\n"
+"destination key, and to set the destination key to port bindings. \n"
+"All connections run in parallel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:23
+msgid ""
+"SAM has one connection that does everything, and you need to parse every "
+"packet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:27
+msgid ""
+"BOB does not hold keypair values, nor does the router.\n"
+"Your application holds the keypair values. \n"
+"This is to reduce any extra complexity in the router code, it also adds "
+"to\n"
+"your privacy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:34
+msgid "SAM router stores every keypair you ever make."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:38
+msgid "Those are the important differences."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:44
+msgid "<code>KEYS</code> = keypair public+private, these are BASE64"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:47
+msgid "<code>KEY</code> = public key, also BASE64"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:50
+msgid ""
+"<code>ERROR</code> as is implied returns the message <code>\"ERROR "
+"\"+DESCRIPTION+\"\\n\"</code>, where the <code>DESCRIPTION</code> is what"
+" went wrong."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:53
+msgid ""
+"<code>OK</code> returns <code>\"OK\"</code>, and if data is to be "
+"returned, it is on the same line. <code>OK</code> means the command is "
+"finished."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:56
+msgid ""
+"<code>DATA</code> lines contain information that you requested. There may"
+" be multiple <code>DATA</code> lines per request."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:60
+msgid ""
+"<b>NOTE:</b> The help command is the ONLY command that has an exception "
+"to\n"
+"the rules... it can actually return nothing! This is intentional, since\n"
+"help is a HUMAN and not an APPLICATION command."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:66
+msgid "Connection and Version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:68
+msgid ""
+"All BOB status output is by lines. Lines may be \\n or \\r\\n terminated,"
+" depending on the system.\n"
+"On connection, BOB outputs two lines:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:78
+msgid "The current version is:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:82
+msgid ""
+"Note that previous versions used upper-case hex digits and did not "
+"conform to I2P versioning standards.\n"
+"It is recommended that subsequent versions use digits 0-9 only."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:87
+msgid "Version history"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:92
+msgid "Version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:93
+msgid "I2P Router Version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:94
+msgid "Changes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:97
+msgid "current version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:100
+msgid "development versions"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:104
+msgid "Commands"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:106
+msgid ""
+"<b>PLEASE NOTE:</b>\n"
+"For CURRENT details on the commands PLEASE use the built-in help command."
+" \n"
+"Just telnet to localhost 2827 and type help and you can get full "
+"documentation on each command."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:112
+msgid ""
+"Commands never get obsoleted or changed, however new commands do get "
+"added from time to time."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:117
+msgid "COMMAND"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:117
+msgid "OPERAND"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:117
+msgid "RETURNS"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:145
+msgid ""
+"Once set up, all TCP sockets can and will block as needed, and there is "
+"no need for any \n"
+"additional messages to/from the command channel. This allows the router "
+"to pace the\n"
+"stream without exploding with OOM like SAM does as it chokes on "
+"attempting to shove \n"
+"many streams in or out one socket -- that can't scale when you have alot "
+"of connections!"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:152
+msgid ""
+"What is also nice about this particular interface is that writing "
+"anything to interface \n"
+"to it, is much much easier than SAM. There is no other processing to do "
+"after the set up.\n"
+"It's configuration is so simple, that very simple tools, such as nc "
+"(netcat) can be used \n"
+"to point to some application. The value there is that one could schedule "
+"up and down times \n"
+"for an application, and not have to change the application to do that, or"
+" to even have \n"
+"to stop that application. Instead, you can literally \"unplug\" the "
+"destination, and \n"
+"\"plug it in\" again. As long as the same IP/port addresses and "
+"destination keys are used \n"
+"when bringing the bridge up, the normal TCP application won't care, and "
+"won't notice.\n"
+"It will simply be fooled -- the destinations are not reachable, and that "
+"nothing is coming in."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:164
+msgid "Examples"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:166
+msgid ""
+"For the following example, we'll setup a very simple local loopback "
+"connection, \n"
+"with two destinations. Destination \"mouth\" will be the CHARGEN service "
+"from \n"
+"the INET superserver daemon. Destination \"ear\" will be a local port "
+"that you\n"
+"can telnet into, and watch the pretty ASCII test puke forth."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:174
+msgid "EXAMPLE SESSION DIALOGUE -- simple telnet 127.0.0.1 2827 works"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:175
+msgid "Application"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:176
+msgid "BOB's Command response."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:178
+#: i2p2www/pages/site/docs/api/bob.html:192
+#: i2p2www/pages/site/docs/api/bob.html:212
+#: i2p2www/pages/site/docs/api/bob.html:322
+#: i2p2www/pages/site/docs/api/bob.html:334
+#: i2p2www/pages/site/docs/api/bob.html:349
+msgid "FROM"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:178
+#: i2p2www/pages/site/docs/api/bob.html:192
+#: i2p2www/pages/site/docs/api/bob.html:212
+#: i2p2www/pages/site/docs/api/bob.html:322
+#: i2p2www/pages/site/docs/api/bob.html:334
+#: i2p2www/pages/site/docs/api/bob.html:349
+msgid "TO"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:178
+#: i2p2www/pages/site/docs/api/bob.html:192
+#: i2p2www/pages/site/docs/api/bob.html:212
+#: i2p2www/pages/site/docs/api/bob.html:322
+#: i2p2www/pages/site/docs/api/bob.html:334
+#: i2p2www/pages/site/docs/api/bob.html:349
+msgid "DIALOGUE"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:187
+msgid "MAKE NOTE OF THE ABOVE DESTINATION KEY, YOURS WILL BE DIFFERENT!"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:201
+msgid ""
+"At this point, there was no error, a destination with a nickname of "
+"\"mouth\" \n"
+"is set up. When you contact the destination provided, you actually "
+"connect \n"
+"to the <code>CHARGEN</code> service on <code>19/TCP</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:207
+msgid "Now for the other half, so that we can actually contact this destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:229
+msgid ""
+"Now all we need to do is telnet into 127.0.0.1, port 37337,\n"
+"send the destination key or host address from addressbook we want to "
+"contact.\n"
+"In this case, we want to contact \"mouth\", all we do is paste in the\n"
+"key and it goes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:236
+msgid ""
+"<b>NOTE:</b> The \"quit\" command in the command channel does NOT "
+"disconnect the tunnels like SAM."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:253
+msgid "After a few virtual miles of this spew, press <code>Control-]</code>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:265
+msgid "Here is what happened..."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:273
+msgid "You can connect to EEPSITES too!"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:306
+msgid ""
+"Pretty cool isn't it? Try some other well known EEPSITES if you like, "
+"nonexistent ones, \n"
+"etc, to get a feel for what kind of output to expect in different "
+"situations. \n"
+"For the most part, it is suggested that you ignore any of the error "
+"messages. \n"
+"They would be meaningless to the application, and are only presented for "
+"human debugging."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:313
+msgid "Let's put down our destinations now that we are all done with them."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:317
+msgid "First, lets see what destination nicknames we have."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:329
+msgid "Alright, there they are. First, let's remove \"mouth\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:343
+msgid ""
+"Now to remove \"ear\", note that this is what happens when you type too "
+"fast,\n"
+"and shows you what typical ERROR messages looks like."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:362
+msgid ""
+"I won't bother to show an example of the receiver end of a bridge\n"
+"because it is very simple. There are two possible settings for it, and\n"
+"it is toggled with the \"quiet\" command."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:368
+msgid ""
+"The default is NOT quiet, and the first data to come into your\n"
+"listening socket is the destination that is making the contact. It is a\n"
+"single line consisting of the BASE64 address followed by a newline.\n"
+"Everything after that is for the application to actually consume."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:375
+msgid ""
+"In quiet mode, think of it as a regular Internet connection. No\n"
+"extra data comes in at all. It's just as if you are plain connected to\n"
+"the regular Internet. This mode allows a form of transparency much like\n"
+"is available on the router console tunnel settings pages, so that you\n"
+"can use BOB to point a destination at a web server, for example, and\n"
+"you would not have to modify the web server at all."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/bob.html:384
+msgid ""
+"The advantage with using BOB for this is as discussed\n"
+"previously. You could schedule random uptimes for the application,\n"
+"redirect to a different machine, etc. One use of this may be something\n"
+"like wanting to try to goof up router-to-destination upness guessing.\n"
+"You could stop and start the destination with a totally different\n"
+"process to make random up and down times on services. That way you\n"
+"would only be stopping the ability to contact such a service, and not\n"
+"have to bother shutting it down and restarting it. You could redirect\n"
+"and point to a different machine on your LAN while you do updates, or\n"
+"point to a set of backup machines depending on what is running, etc,\n"
+"etc. Only your imagination limits what you could do with BOB."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:3
+#: i2p2www/pages/site/docs/protocol/index.html:3
+msgid "August 2010"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:6
+msgid "Datagram Overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:7
+#, python-format
+msgid ""
+"Datagrams build upon the base <a href=\"%(i2cp)s\">I2CP</a> to provide "
+"authenticated\n"
+"and repliable messages in a standard format.  This lets applications "
+"reliably read\n"
+"the \"from\" address out of a datagram and know that the address really "
+"sent the\n"
+"message.  This is necessary for some applications since the base I2P "
+"message is\n"
+"completely raw - it has no \"from\" address (unlike IP packets).  In "
+"addition, the\n"
+"message and sender are authenticated by signing the payload."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:16
+#, python-format
+msgid ""
+"Datagrams, like <a href=\"%(streaming)s\">streaming library packets</a>,\n"
+"are an application-level construct.\n"
+"These protocols are independent of the low-level <a "
+"href=\"%(transports)s\">transports</a>;\n"
+"the protocols are converted to I2NP messages by the router, and\n"
+"either protocol may be carried by either transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:25
+msgid "Application Guide"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:26
+#, python-format
+msgid ""
+"Applications written in Java may use the \n"
+"<a href=\"%(url)s\">datagram API</a>,\n"
+"while applications in other languages \n"
+"can use <a href=\"%(sam)s\">SAM</a>'s datagram support.\n"
+"There is also limited support in i2ptunnel in the <a "
+"href=\"%(socks)s\">SOCKS proxy</a>,\n"
+"the 'streamr' tunnel types, and udpTunnel classes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:37
+msgid "Datagram Length"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:38
+msgid ""
+"The application designer should carefully consider the tradeoff of "
+"repliable vs. non-repliable\n"
+"datagrams. Also, the datagram size will affect reliability, due to tunnel"
+" fragmentation into 1KB\n"
+"tunnel messages. The more message fragments, the more likely that one of "
+"them will be dropped\n"
+"by an intermediate hop. Messages larger than a few KB are not "
+"recommended.\n"
+"Over about 10 KB, the delivery probablility drops dramatically.\n"
+"Messages over 16 KB cannot be delivered over NTCP, dropping delivery "
+"chances even more."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:47
+#, python-format
+msgid ""
+"Also note that the various overheads added by lower layers, in particular"
+" asymmetric\n"
+"<a href=\"%(elgamalaes)s\">ElGamal/AES</a>, place a large burden on "
+"intermittent messages\n"
+"such as used by a Kademlia-over-UDP application. The implementations are "
+"currently tuned\n"
+"for frequent traffic using the streaming library. There are a high number"
+"\n"
+"of session tags delivered, and a short session tag lifetime, for example."
+"\n"
+"There are currently no configuration parameters available within I2CP to "
+"tune\n"
+"the ElGamal Session Tag parameters."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:57
+msgid "I2CP Protocol Number and Ports"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:58
+msgid ""
+"The standard I2CP protocol number for datagrams is PROTO_DATAGRAM (17).\n"
+"Applications may or may not choose to set the\n"
+"protocol in the I2CP header. It is not set by default.\n"
+"It must be set to demultiplex datagram and streaming traffic received on "
+"the same Destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:65
+#, python-format
+msgid ""
+"As datagrams are not connection-oriented, the application may require\n"
+"port numbers to correlate datagrams with particular peers or "
+"communications sessions,\n"
+"as is traditional with UDP over IP.\n"
+"Applications may add 'from' and 'to' ports to the I2CP (gzip) header as "
+"described in\n"
+"the <a href=\"%(i2cp)s#format\">I2CP page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:73
+#, python-format
+msgid ""
+"There is no method within the datagram API to specify whether it is non-"
+"repliable (raw)\n"
+"or repliable. The application should be designed to expect the "
+"appropriate type.\n"
+"The I2CP protocol number or port should be used by the application to\n"
+"indicate datagram type.\n"
+"The I2CP protocol numbers PROTO_DATAGRAM (signed) and PROTO_DATAGRAM_RAW "
+"are defined in the\n"
+"<a href=\"%(i2psession)s\">I2PSession API</a>\n"
+"for this purpose. A common design pattern in client/server datagram "
+"applications is to\n"
+"use signed datagrams for a request which includes a nonce, and use a raw "
+"datagram\n"
+"for the reply, returning the nonce from the request."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:85
+#, python-format
+msgid ""
+"The protocols and ports may be set in I2CP's\n"
+"<a href=\"%(i2psession)s\">I2PSession API</a>,\n"
+"as implemented in\n"
+"<a href=\"%(i2psessionmuxed)s\">I2PSessionMuxedImpl</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:93
+#: i2p2www/pages/site/docs/api/streaming.html:404
+msgid "Data Integrity"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:94
+#, python-format
+msgid ""
+"Data integrity is assured by the gzip CRC-32 checksum implemented in\n"
+"<a href=\"%(i2cp)s#format\">the I2CP layer</a>.\n"
+"There is no checksum field in the datagram protocol."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:100
+#: i2p2www/pages/site/docs/api/streaming.html:412
+msgid "Packet Encapsulation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:101
+#, python-format
+msgid ""
+"Each datagram is sent through I2P as a single message (or as an "
+"individual clove in a\n"
+"<a href=\"%(garlicrouting)s\">Garlic Message</a>).\n"
+"Message encapsulation is implemented in the underlying\n"
+"<a href=\"%(i2cp)s\">I2CP</a>,\n"
+"<a href=\"%(i2np)s\">I2NP</a>, and\n"
+"<a href=\"%(tunnelmessage)s\">tunnel message</a> layers.\n"
+"There is no packet delimiter mechanism or length field in the datagram "
+"protocol."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:114
+#: i2p2www/pages/site/docs/transport/ssu.html:638
+msgid "Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/datagrams.html:116
+msgid "See the Datagrams Specification page."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:2
+msgid "I2PControl - Remote Control Service"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:4
+#, python-format
+msgid ""
+"I2P enables a <a href=\"http://en.wikipedia.org/wiki/JSON-"
+"RPC\">JSONRPC2</a> interface via the plugin <a "
+"href=\"%(itoopie)s\">I2PControl</a>.\n"
+"The aim of the interface is to provide simple way to interface with a "
+"running I2P node. A client, itoopie, has been developed in parallel.\n"
+"The JSONRPC2 implementation for the client as well as the plugin is "
+"provided by the java libraries <a href=\"http://software.dzhuvinov.com"
+"/json-rpc-2.0.html\">JSON-RPC 2.0</a>.  \n"
+"A list of implementations of JSON-RPC for various languages can be found "
+"at <a href=\"http://json-rpc.org/wiki/implementations\">the JSON-RPC "
+"wiki</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:11
+msgid "I2PControl is by default listening on https://localhost:7650"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:13
+msgid "API, version 1."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:14
+msgid "Parameters are only provided in a named way (maps)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:18
+msgid "JSON-RPC 2 format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:19
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:44
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:57
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:67
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:76
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:86
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:101
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:154
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:175
+msgid "Request:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:32
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:49
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:61
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:71
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:81
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:92
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:118
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:164
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:190
+msgid "Response:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:43
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:45
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:46
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:50
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:51
+#: i2p2www/pages/site/docs/protocol/i2cp.html:108
+#: i2p2www/pages/site/docs/protocol/i2cp.html:483
+msgid "Description"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:47
+msgid ""
+"Token used for authenticating every request (excluding the 'Authenticate'"
+" RPC method)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:55
+msgid "Implemented methods"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:56
+msgid ""
+"Creates and returns an authentication token used for further "
+"communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:58
+msgid "The version of the I2PControl API used by the client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:59
+msgid "The password used for authenticating against the remote server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:62
+msgid "The primary I2PControl API version implemented by the server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:63
+msgid "The token used for further communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:66
+msgid "Echoes the value of the echo key, used for debugging and testing."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:68
+msgid "Value will be returned in response."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:69
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:79
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:90
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:116
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:162
+msgid ""
+"Token used for authenticating the client. Is provided by the server via "
+"the 'Authenticate' RPC method."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:72
+msgid "Value of the key 'echo' in the request."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:75
+msgid ""
+"Fetches rateStat from router statManager. Creates stat if not already "
+"created."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:77
+#, python-format
+msgid ""
+"Determines which rateStat to fetch, see <a "
+"href=\"%(ratestats)s\">ratestats</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:78
+msgid "Determines which period a stat is fetched for. Measured in ms."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:82
+msgid "Returns the average value for the reuested rateStat and period."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:85
+msgid "Manages I2PControl. Ports, passwords and the like."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:87
+msgid ""
+"Sets a new listen address for I2PControl (only 127.0.0.1 and 0.0.0.0 are "
+"implemented in I2PControl currently)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:88
+msgid ""
+"Sets a new password for I2PControl, all Authentication tokens will be "
+"revoked."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:89
+msgid "Switches which port I2PControl will listen for connections on."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:93
+msgid "Returned if address was changed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:94
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:95
+msgid "Returned if setting was changed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:96
+msgid "Returns true if any changes were made."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:97
+msgid "Returns true if any changes requiring a restart to take effect were made."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:100
+msgid "Fetches basic information about the I2P router. Uptime, version etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:119
+msgid "What the status of the router is."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:120
+msgid "What the uptime of the router is in ms."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:121
+msgid "What version of I2P the router is running."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:122
+msgid "The 1 second average inbound bandwidth in Bps."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:123
+msgid "The 15 second average inbound bandwidth in Bps."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:124
+msgid "The 1 second average outbound bandwidth in Bps."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:125
+msgid "The 15 second average outbound bandwidth in Bps."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:126
+msgid "What the current network status is. According to the below enum:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:145
+msgid "How many tunnels on the I2P net are we participating in."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:146
+msgid "How many peers have we communicated with recently."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:147
+msgid "How many peers are considered 'fast'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:148
+msgid "How many peers are considered 'high capacity'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:149
+msgid "Is the router reseeding hosts to its NetDB?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:150
+msgid "How many peers are known to us (listed in our NetDB)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:153
+msgid "Manages I2P router restart/shutdown."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:155
+msgid "<b>Blocking</b>. Initiates a search for signed updates."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:156
+msgid ""
+"Initiates a router reseed, fetching peers into our NetDB from a remote "
+"host."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:157
+msgid "Restarts the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:158
+msgid ""
+"Restarts the router gracefully (waits for participating tunnels to "
+"expire)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:159
+msgid "Shuts down the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:160
+msgid ""
+"Shuts down the router gracefully (waits for participating tunnels to "
+"expire)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:161
+msgid "Initiates a router update from signed sources."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:165
+msgid "<b>Blocking</b>. Returns true iff a signed update has been found."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:166
+msgid "If requested, verifies that a reseed has been initiated."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:167
+msgid "If requested, verifies that a restart has been initiated."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:168
+msgid "If requested, verifies that a graceful restart has been initiated."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:169
+msgid "If requested, verifies that a shutdown has been initiated"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:170
+msgid "If requested, verifies that a graceful shutdown has been initiated"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:171
+msgid "<b>Blocking</b>. If requested, returns the status of the the update"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:174
+msgid "Fetches or sets various network related settings. Ports, addresses etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:176
+msgid ""
+"What port is used for the TCP transport. If null is submitted, current "
+"setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:177
+msgid ""
+"What hostname is used for the TCP transport. If null is submitted, "
+"current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:178
+msgid ""
+"Use automatically detected ip for TCP transport. If null is submitted, "
+"current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:179
+msgid ""
+"What port is used for the UDP transport. If null is submitted, current "
+"setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:180
+msgid ""
+"What hostname is used for the UDP transport. If null is submitted, "
+"current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:181
+msgid ""
+"Which methods should be used for detecting the ip address of the UDP "
+"transport. If null is submitted, current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:182
+msgid "What ip has been detected by the UDP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:183
+msgid "Is UPnP enabled. If null is submitted, current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:184
+msgid ""
+"How many percent of bandwidth is usable for participating tunnels. If "
+"null is submitted, current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:185
+msgid ""
+"How many KB/s of inbound bandwidth is allowed. If null is submitted, "
+"current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:186
+msgid ""
+"How many KB/s of outbound bandwidth is allowed. If null is submitted, "
+"current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:187
+msgid ""
+"Is laptop mode enabled (change router identity and UDP port when IP "
+"changes ). If null is submitted, current setting will be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:188
+msgid ""
+"Token used for authenticating the client. Is provided by the server via "
+"the 'Authenticate' RPC method. If null is submitted, current setting will"
+" be returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:191
+msgid "If requested, returns the port used for the TCP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:192
+msgid "If requested, returns the hostname used for the TCP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:193
+msgid ""
+"If requested, returns the method used for automatically detecting ip for "
+"the TCP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:194
+msgid "If requested, returns the port used for the UDP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:195
+msgid "If requested, returns the hostname used for the UDP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:196
+msgid ""
+"If requested, returns methods used for detecting the ip address of the "
+"UDP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:197
+msgid "If requested, returns what ip has been detected by the UDP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:198
+msgid "If requested, returns the UPNP setting."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:199
+msgid ""
+"If requested, returns how many percent of bandwidth is usable for "
+"participating tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:200
+msgid "If requested, returns how many KB/s of inbound bandwidth is allowed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:201
+msgid "If requested, returns how many KB/s of outbound bandwidth is allowed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:202
+msgid "If requested, returns the laptop mode."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:203
+msgid "Have the provided settings been saved."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:204
+msgid "Is a restart needed for the new settings to be used."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:207
+msgid "Allows for manipulation of advanced i2p settings"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:208
+msgid "Set:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:208
+msgid "Set the sent key-value pairs"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:211
+msgid "SetAll:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:211
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:214
+msgid "Set the sent key-value pairs, remove everything else"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:214
+msgid "Get:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:217
+msgid "GetAall:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:220
+msgid "denotes an optional value."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:221
+msgid "denotes a possibly occuring return value"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:223
+msgid "Error codes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:224
+msgid "Standard JSON-RPC2 error codes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:225
+msgid "JSON parse error."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:226
+msgid "Invalid request."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:227
+msgid "Method not found."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:228
+msgid "Invalid parameters."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:229
+msgid "Internal error."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:231
+msgid "I2PControl specific error codes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:232
+msgid "Invalid password provided."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:233
+msgid "No authentication token presented."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:234
+msgid "Authentication token doesn't exist."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:235
+msgid "The provided authentication token was expired and will be removed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:236
+msgid ""
+"The version of the I2PControl API used wasn't specified, but is required "
+"to be specified."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2pcontrol.html:237
+msgid ""
+"The version of the I2PControl API specified is not supported by "
+"I2PControl."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:8
+#, python-format
+msgid ""
+"I2PTunnel is a tool for interfacing with and providing services on I2P.\n"
+"Destination of an I2PTunnel can be defined using a <a "
+"href=\"%(naming)s\">hostname</a>,\n"
+"<a href=\"%(naming)s#base32\">Base32</a>, or a full 516-byte destination "
+"key.\n"
+"An established I2PTunnel will be available on your client machine as "
+"localhost:port.\n"
+"If you wish to provide a service on I2P network, you simply create "
+"I2PTunnel to the\n"
+"appropriate ip_address:port. A corresponding 516-byte destination key "
+"will be generated\n"
+"for the service and it will become avaliable throughout I2P.\n"
+"A web interface for I2PTunnel management is avaliable on\n"
+"<a "
+"href=\"http://localhost:7657/i2ptunnel/\">localhost:7657/i2ptunnel/</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:20
+msgid "Default Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:21
+msgid "Server tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:23
+msgid ""
+"<b>I2P Webserver</b> - A tunnel pointed to a Jetty webserver run\n"
+"on <a href=\"http://localhost:7658\">localhost:7658</a> for convenient "
+"and quick hosting on I2P.\n"
+"<br>The document root is:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:31
+msgid "Client tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:33
+msgid ""
+"A HTTP proxy used for browsing I2P and the regular internet anonymously "
+"through I2P. \n"
+"Browsing internet through I2P uses a random proxy specified by the "
+"\"Outproxies:\" option."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:37
+msgid "An IRC tunnel to the default anonymous IRC network, Irc2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:38
+#, python-format
+msgid ""
+"The anonymous <a href=\"%(monotone)s\">monotone</a>\n"
+"sourcecode repository for I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:42
+#, python-format
+msgid ""
+"A SMTP service provided by postman at <a "
+"href=\"http://%(postman)s/?page_id=16\">%(postman)s</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:45
+#, python-format
+msgid ""
+"The accompanying POP sevice of postman at <a "
+"href=\"http://%(postman)s/?page_id=16\">%(postman)s</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:50
+msgid "Configuration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:54
+msgid "Client Modes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:55
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:165
+msgid "Standard"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:56
+msgid ""
+"Opens a local TCP port that connects to a service (like HTTP, FTP or "
+"SMTP) on a destination inside of I2P.\n"
+"The tunnel is directed to a random host from the comma seperated (\", \")"
+" list of destinations."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:62
+msgid ""
+"A HTTP-client tunnel. The tunnel connects to the destination specified by"
+" the URL\n"
+"in a HTTP request. Supports proxying onto internet if an outproxy is "
+"provided. Strips HTTP connections of the following headers:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:67
+msgid ""
+"<b>Accept, Accept-Charset, Accept-Language\n"
+" and Accept-Ranges</b> as they vary greatly between browsers and can be "
+"used as an identifier."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:90
+msgid ""
+"Depending on if the tunnel is using an outproxy or not it will append the"
+" following User-Agent:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:94
+msgid "Outproxy:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:95
+msgid "Internal I2P use:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:100
+msgid ""
+"Creates a connection to a random IRC server specified by the comma "
+"seprated (\", \") \n"
+"list of destinations. Only a whitelisted subset of IRC commands are "
+"allowed due to anonymity concerns."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:105
+msgid "Whitelist:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:139
+msgid "Enables using the I2P router as a SOCKS proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:144
+msgid ""
+"Enables using the I2P router as a SOCKS proxy with the command whitelist "
+"specified by\n"
+"<a href=\"#client-mode-irc\">IRC</a> client mode."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:150
+msgid ""
+"Creates a HTTP tunnel and uses the HTTP request method \"CONNECT\" \n"
+"to build a TCP tunnel that usually is used for SSL and HTTPS."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:156
+msgid ""
+"Creates a UDP-server attached to a Streamr client I2PTunnel. The streamr "
+"client tunnel will \n"
+"subscribe to a streamr server tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:164
+msgid "Server Modes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:166
+msgid "Creates a destination to a local ip:port with an open TCP port."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:171
+msgid ""
+"Creates a destination to a local HTTP server ip:port. Supports gzip for "
+"requests with \n"
+"Accept-encoding: x-i2p-gzip, replies with Content-encoding: x-i2p-gzip in"
+" such a request."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:177
+msgid ""
+"Functions as both a I2PTunnel HTTP Server, and a I2PTunnel HTTP client "
+"with no outproxying\n"
+"capabilities. An example application would be a web application that does"
+" client-type\n"
+"requests, or loopback-testing an eepsite as a diagnostic tool."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:184
+msgid ""
+"Creates a destination that filters the reqistration sequence of a client "
+"and passes \n"
+"the clients destination key as a hostname to the IRC-server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/i2ptunnel.html:190
+msgid ""
+"A UDP-client that connects to a media server is created. The UDP-Client "
+"is coupled with a Streamr server I2PTunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:2
+#: i2p2www/pages/site/docs/api/ministreaming.html:17
+msgid "Ministreaming Library"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:5
+msgid "Note"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:7
+#, python-format
+msgid ""
+"The ministreaming library has been enhanced and extended by the\n"
+"\"full\" <a href=\"%(streaming)s\">streaming library</a>.\n"
+"Ministreaming is deprecated and is incompatible with today's "
+"applications.\n"
+"The following documentation is old.\n"
+"Also note that streaming extends ministreaming in the same Java package "
+"(net.i2p.client.streaming),\n"
+"so the current <a href=\"%(api)s\">API documentation</a> contains both.\n"
+"Obsolete ministreaming classes and methods are clearly marked as "
+"deprecated in the Javadocs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:19
+#, python-format
+msgid ""
+"\n"
+"The ministreaming library is a layer on top of the core \n"
+"<a href=\"%(i2cp)s\">I2CP</a> that allows reliable, in order, and "
+"authenticated streams\n"
+"of messages to operate across an unreliable, unordered, and "
+"unauthenticated \n"
+"message layer.  Just like the TCP to IP relationship, this streaming \n"
+"functionality has a whole series of tradeoffs and optimizations "
+"available, but\n"
+"rather than embed that functionality into the base I2P code, it has been "
+"factored\n"
+"off into its own library both to keep the TCP-esque complexities separate"
+" and to\n"
+"allow alternative optimized implementations."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:30
+#, python-format
+msgid ""
+"The ministreaming library was written by mihi as a part of his \n"
+"<a href=\"%(i2ptunnel)s\">I2PTunnel</a> application and then factored out"
+" and released\n"
+"under the BSD license.  It is called the \"mini\"streaming library "
+"because it makes\n"
+"some simplifications in the implementation, while a more robust streaming"
+" library\n"
+"could be further optimized for operation over I2P.  The two main issues "
+"with \n"
+"the ministreaming library are its use of the traditional TCP two phase \n"
+"establishment protocol and the current fixed window size of 1.  The "
+"establishment\n"
+"issue is minor for long lived streams, but for short ones, such as quick "
+"HTTP\n"
+"requests, the impact can be <a href=\"%(minwww)s\">significant</a>.  As "
+"for the window\n"
+"size, the ministreaming library doesn't maintain any ID or ordering "
+"within the \n"
+"messages sent (or include any application level ACK or SACK), so it must "
+"wait \n"
+"on average twice the time it takes to send a message before sending "
+"another."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/ministreaming.html:45
+#, python-format
+msgid ""
+"Even with those issues, the ministreaming library performs quite well in "
+"many\n"
+"situations, and its <a href=\"%(api)s\">API</a>\n"
+"is both quite simple and capable of remaining unchanged as different "
+"streaming\n"
+"implementations are introduced.  The library is deployed in its own \n"
+"ministreaming.jar.\n"
+"Developers in Java who would like to use it can\n"
+"access the API directly, while developers in other languages can use it "
+"through\n"
+"<a href=\"%(samv3)s\">SAM</a>'s streaming support."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:4
+msgid "SOCKS and SOCKS proxies"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:5
+msgid ""
+"\n"
+"The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are "
+"supported.\n"
+"Enable SOCKS by creating a SOCKS client tunnel in i2ptunnel.\n"
+"Both shared-clients and non-shared are supported.\n"
+"There is no SOCKS outproxy so it is of limited use."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:12
+#, python-format
+msgid ""
+"\n"
+"As it says on the <a href=\"%(faq)s#socks\">FAQ</a>:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:15
+msgid ""
+"Many applications leak sensitive\n"
+"information that could identify you on the Internet. I2P only filters\n"
+"connection data, but if the program you intend to run sends this\n"
+"information as content, I2P has no way to protect your anonymity.  For\n"
+"example, some mail applications will send the IP address of the machine\n"
+"they are running on to a mail server. There is no way for I2P to filter\n"
+"this, thus using I2P to 'socksify' existing applications is possible, but"
+"\n"
+"extremely dangerous."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:25
+msgid "And quoting from a 2005 email:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:28
+msgid ""
+"... there is a reason why human and\n"
+"others have both built and abandoned the SOCKS proxies.  Forwarding\n"
+"arbitrary traffic is just plain unsafe, and it behooves us as\n"
+"developers of anonymity and security software to have the safety of\n"
+"our end users foremost in our minds."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:36
+msgid ""
+"Hoping that we can simply strap an arbitrary client on top of I2P\n"
+"without auditing both its behavior and its exposed protocols for\n"
+"security and anonymity is naive.  Pretty much *every* application\n"
+"and protocol violates anonymity, unless it was designed for it\n"
+"specifically, and even then, most of those do too.  That's the\n"
+"reality.  End users are better served with systems designed for\n"
+"anonymity and security.  Modifying existing systems to work in\n"
+"anonymous environments is no small feat, orders of magnitude more\n"
+"work that simply using the existing I2P APIs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:48
+msgid ""
+"The SOCKS proxy\n"
+"supports standard addressbook names, but not Base64 destinations.\n"
+"Base32 hashes should work as of release 0.7.\n"
+"It supports outgoing connections only, i.e. an I2PTunnel Client.\n"
+"UDP support is stubbed out but not working yet.\n"
+"Outproxy selection by port number is stubbed out."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:57
+#: i2p2www/pages/site/docs/how/network-database.html:183
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:281
+msgid "See Also"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:59
+#, python-format
+msgid ""
+"The notes for <a href=\"%(meeting81)s\">Meeting 81</a> and\n"
+"<a href=\"%(meeting82)s\">Meeting 82</a> in March 2004."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:69
+msgid "If You Do Get Something Working"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/socks.html:70
+msgid ""
+"Please let us know. And please provide substantial warnings about the\n"
+"risks of socks proxies."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:3
+msgid "February 2017"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:8
+#, python-format
+msgid ""
+"The streaming library is technically part of the \"application\" layer,\n"
+"as it is not a core router function.\n"
+"In practice, however, it provides a vital function for almost all\n"
+"existing I2P applications, by providing a TCP-like\n"
+"streams over I2P, and allowing existing apps to be easily ported to I2P.\n"
+"The other end-to-end transport library for client communication is the\n"
+"<a href=\"%(datagrams)s\">datagram library</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:18
+#, python-format
+msgid ""
+"The streaming library is a layer on top of the core \n"
+"<a href=\"%(i2cp)s\">I2CP API</a> that allows reliable, in-order, and "
+"authenticated streams\n"
+"of messages to operate across an unreliable, unordered, and "
+"unauthenticated \n"
+"message layer.  Just like the TCP to IP relationship, this streaming \n"
+"functionality has a whole series of tradeoffs and optimizations "
+"available, but\n"
+"rather than embed that functionality into the base I2P code, it has been "
+"factored\n"
+"off into its own library both to keep the TCP-esque complexities separate"
+" and to\n"
+"allow alternative optimized implementations."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:29
+msgid ""
+"In consideration of the relatively high cost of messages, \n"
+"the streaming library's protocol for scheduling and delivering those "
+"messages has been optimized to\n"
+"allow individual messages passed to contain as much information as is "
+"available.\n"
+"For instance, a small HTTP transaction proxied through the streaming "
+"library can\n"
+"be completed in a single round trip - the first messages bundle a SYN, "
+"FIN, and\n"
+"the small HTTP request payload, and the reply bundles the SYN,\n"
+"FIN, ACK, and the HTTP response payload.  While an additional\n"
+"ACK must be transmitted to tell the HTTP server that the SYN/FIN/ACK has "
+"been\n"
+"received, the local HTTP proxy can often deliver the full response to the"
+" browser \n"
+"immediately."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:42
+msgid ""
+"The streaming library bears much resemblance to an \n"
+"abstraction of TCP, with its sliding windows, congestion control "
+"algorithms\n"
+"(both slow start and congestion avoidance), and general packet behavior "
+"(ACK,\n"
+"SYN, FIN, RST, rto calculation, etc)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:49
+msgid ""
+"The streaming library is\n"
+"a robust library\n"
+"which is optimized for operation over I2P.\n"
+"It has a one-phase setup, and\n"
+"it contains a full windowing implementation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:58
+msgid "API"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:60
+#, python-format
+msgid ""
+"The streaming library API provides a standard socket paradigm to Java "
+"applications.\n"
+"The lower-level <a href=\"%(i2cp)s\">I2CP</a> API is completely hidden, "
+"except that\n"
+"applications may pass <a href=\"%(i2cp)s#options\">I2CP parameters</a> "
+"through the\n"
+"streaming library, to be interpreted by I2CP."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:67
+#, python-format
+msgid ""
+"The standard interface to the streaming lib is for the application to use"
+" the\n"
+"<a href=\"%(i2psktmf)s\">I2PSocketManagerFactory</a> to create an\n"
+"<a href=\"%(i2psktm)s\">I2PSocketManager</a>. The application then asks "
+"the\n"
+"socket manager for an <a href=\"%(i2psess)s\">I2PSession</a>, which will "
+"cause\n"
+"a connection to the router via <a href=\"%(i2cp)s\">I2CP</a>. The "
+"application\n"
+"can then setup connections with an <a href=\"%(i2pskt)s\">I2PSocket</a> "
+"or\n"
+"receive connections with an <a href=\"%(i2psskt)s\">I2PServerSocket</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:82
+#, python-format
+msgid "Here are the <a href=\"%(url)s\">full streaming library Javadocs</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:86
+msgid "For a good example of usage, see the i2psnark code."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:91
+msgid "Options and Defaults"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:92
+#, python-format
+msgid ""
+"The options and current default values are listed below.\n"
+"Options are case-sensitive and may be set for the whole router, for a "
+"particular client, or for an individual socket on a\n"
+"per-connection basis.\n"
+"Many values are tuned for HTTP performance over typical I2P conditions. "
+"Other applications such\n"
+"as peer-to-peer services are strongly encouraged to\n"
+"modify as necessary, by setting the options and passing them via the call"
+" to\n"
+"<a "
+"href=\"%(i2psktmf)s\">I2PSocketManagerFactory</a>.createManager(_i2cpHost,"
+" _i2cpPort, opts).\n"
+"Time values are in ms."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:103
+#, python-format
+msgid ""
+"Note that higher-layer APIs, such as <a href=\"%(samv3)s\">SAM</a>,\n"
+"<a href=\"%(bob)s\">BOB</a>, and <a href=\"%(i2ptunnel)s\">I2PTunnel</a>,"
+"\n"
+"may override these defaults with their own defaults.\n"
+"Also note that many options only apply to servers listening for incoming "
+"connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:110
+msgid ""
+"As of release 0.9.1, most, but not all, options may be changed on an "
+"active socket manager or session.\n"
+"See the javadocs for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:117
+#: i2p2www/pages/site/docs/protocol/i2cp.html:103
+#: i2p2www/pages/site/docs/protocol/i2cp.html:478
+msgid "Option"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:117
+#: i2p2www/pages/site/docs/protocol/i2cp.html:107
+#: i2p2www/pages/site/docs/protocol/i2cp.html:482
+msgid "Default"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:117
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:264
+#: i2p2www/pages/site/docs/how/peer-selection.html:282
+msgid "Notes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:119
+msgid ""
+"Comma- or space-separated list of Base64 peer Hashes used for either "
+"access list or blacklist."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:121
+#: i2p2www/pages/site/docs/api/streaming.html:129
+#: i2p2www/pages/site/docs/api/streaming.html:135
+#: i2p2www/pages/site/docs/api/streaming.html:141
+#: i2p2www/pages/site/docs/api/streaming.html:148
+#: i2p2www/pages/site/docs/api/streaming.html:160
+#: i2p2www/pages/site/docs/api/streaming.html:171
+#: i2p2www/pages/site/docs/api/streaming.html:200
+#: i2p2www/pages/site/docs/api/streaming.html:212
+#: i2p2www/pages/site/docs/api/streaming.html:220
+#: i2p2www/pages/site/docs/api/streaming.html:243
+#: i2p2www/pages/site/docs/api/streaming.html:260
+#: i2p2www/pages/site/docs/api/streaming.html:272
+#: i2p2www/pages/site/docs/api/streaming.html:278
+#: i2p2www/pages/site/docs/api/streaming.html:284
+#: i2p2www/pages/site/docs/api/streaming.html:298
+#: i2p2www/pages/site/docs/api/streaming.html:305
+#: i2p2www/pages/site/docs/api/streaming.html:312
+#: i2p2www/pages/site/docs/api/streaming.html:337
+#: i2p2www/pages/site/docs/api/streaming.html:344
+#: i2p2www/pages/site/docs/api/streaming.html:351
+#, python-format
+msgid "As of release %(release)s."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:125
+#: i2p2www/pages/site/docs/api/streaming.html:133
+msgid "Use the access list as a whitelist for incoming connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:127
+msgid "The name or number of the signature type for a transient destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:139
+msgid "Use the access list as a blacklist for incoming connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:153
+msgid "Whether to respond to incoming pings"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:165
+msgid ""
+"Comma- or space-separated list of Base64 peer Hashes to be\n"
+"blacklisted for incoming connections to ALL destinations in the context.\n"
+"This option must be set in the context properties, NOT in the "
+"createManager() options argument.\n"
+"Note that setting this in the router context will not affect clients "
+"outside the\n"
+"router in a separate JVM and context."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:175
+msgid ""
+"How much transmit data (in bytes) will be accepted that hasn't been "
+"written out yet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:179
+msgid ""
+"When we're in congestion avoidance, we grow the window size at the rate\n"
+"of <code>1/(windowSize*factor)</code>.  In standard TCP, window sizes are"
+" in bytes,\n"
+"while in I2P, window sizes are in messages.\n"
+"A higher number means slower growth."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:186
+msgid ""
+"How long to wait after instantiating a new con \n"
+"before actually attempting to connect.  If this is\n"
+"&lt;= 0, connect immediately with no initial data.  If greater than 0, "
+"wait\n"
+"until the output stream is flushed, the buffer fills, \n"
+"or that many milliseconds pass, and include any initial data with the SYN."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:194
+msgid ""
+"How long to block on connect, in milliseconds. Negative means "
+"indefinitely. Default is 5 minutes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:198
+msgid ""
+"Whether to disable warnings in the logs when an incoming connection is "
+"rejected due to connection limits."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:204
+msgid ""
+"Comma- or space-separated list of Base64 peer Hashes or host names to be\n"
+"contacted using an alternate DSA destination.\n"
+"Only applies if multisession is enabled and the primary session is non-"
+"DSA\n"
+"(generally for shared clients only).\n"
+"This option must be set in the context properties, NOT in the "
+"createManager() options argument.\n"
+"Note that setting this in the router context will not affect clients "
+"outside the\n"
+"router in a separate JVM and context."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:216
+msgid ""
+"Whether to listen only for the streaming protocol.\n"
+"Setting to true will prohibit communication with Destinations earlier "
+"than release 0.7.1\n"
+"(released March 2009). Set to true if running multiple protocols on this "
+"Destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:224
+msgid ""
+"(0=noop, 1=disconnect)\n"
+"What to do on an inactivity timeout - do nothing, disconnect, or send a "
+"duplicate ack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:230
+msgid "Idle time before sending a keepalive"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:233
+msgid "Delay before sending an ack"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:235
+msgid ""
+"The initial value of the resend delay field in the packet header, times "
+"1000.\n"
+"Not fully implemented; see below."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:240
+msgid ""
+"Initial timeout\n"
+"(if no <a href=\"#sharing\">sharing data</a> available)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:247
+msgid ""
+"Initial round trip time estimate\n"
+"(if no <a href=\"#sharing\">sharing data</a> available).\n"
+"Disabled as of release 0.9.8; uses actual RTT."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:253
+msgid "if no <a href=\"#sharing\">sharing data</a> available"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:253
+msgid ""
+"In standard TCP, window sizes are in bytes, while in I2P, window sizes "
+"are in messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:265
+msgid ""
+"(0 or negative value means unlimited)\n"
+"This is a total limit for incoming and outgoing combined."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:270
+msgid "Incoming connection limit (per peer; 0 means disabled)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:276
+#: i2p2www/pages/site/docs/api/streaming.html:282
+msgid "(per peer; 0 means disabled)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:288
+msgid "The MTU in bytes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:292
+msgid "Maximum number of retransmissions before failure."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:296
+msgid "Incoming connection limit (all peers; 0 means disabled)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:302
+#: i2p2www/pages/site/docs/api/streaming.html:309
+msgid ""
+"(all peers; 0 means disabled)\n"
+"Use with caution as exceeding this will disable a server for a long time."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:318
+msgid ""
+"(2=interactive not supported)\n"
+"This doesn't currently do anything, but setting it to a value other than "
+"1 will cause an error."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:323
+msgid "How long to block on read, in milliseconds. Negative means indefinitely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:327
+msgid ""
+"When we're in slow start, we grow the window size at the rate\n"
+"of 1/(factor).  In standard TCP, window sizes are in bytes,\n"
+"while in I2P, window sizes are in messages.\n"
+"A higher number means slower growth."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:334
+#: i2p2www/pages/site/docs/api/streaming.html:341
+#: i2p2www/pages/site/docs/api/streaming.html:348
+msgid ""
+"Ref: RFC 2140. Floating point value.\n"
+"May be set only via context properties, not connection options."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:355
+msgid ""
+"How long to block on write/flush, in milliseconds. Negative means "
+"indefinitely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:363
+msgid "Protocol Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:365
+msgid "See the Streaming Library Specification page."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:369
+msgid "Implementation Details"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:371
+msgid "Setup"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:372
+msgid ""
+"The initiator sends a packet with the SYNCHRONIZE flag set. This packet "
+"may contain the initial data as well.\n"
+"The peer replies with a packet with the SYNCHRONIZE flag set. This packet"
+" may contain the initial response data as well."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:377
+msgid ""
+"The initiator may send additional data packets, up to the initial window "
+"size, before receiving the SYNCHRONIZE response.\n"
+"These packets will also have the send Stream ID field set to 0.\n"
+"Recipients must buffer packets received on unknown streams for a short "
+"period of time, as they may\n"
+"arrive out of order, in advance of the SYNCHRONIZE packet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:384
+msgid "MTU Selection and Negotiation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:385
+msgid ""
+"The maximum message size (also called the MTU / MRU) is negotiated to the"
+" lower value supported by\n"
+"the two peers. As tunnel messages are padded to 1KB, a poor MTU selection"
+" will lead to\n"
+"a large amount of overhead.\n"
+"The MTU is specified by the option i2p.streaming.maxMessageSize.\n"
+"The current default MTU of 1730 was chosen to fit precisely into two 1K "
+"I2NP tunnel messages,\n"
+"including overhead for the typical case."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:394
+msgid ""
+"The first message in a connection includes a 387 byte (typical) "
+"Destination added by the streaming layer,\n"
+"and usually a 898 byte (typical) LeaseSet, and Session keys, bundled in "
+"the Garlic message by the router.\n"
+"(The LeaseSet and Session Keys will not be bundled if an ElGamal Session "
+"was previously established).\n"
+"Therefore, the goal of fitting a complete HTTP request in a single 1KB "
+"I2NP message is not always attainable.\n"
+"However, the selection of the MTU, together with careful implementation "
+"of fragmentation\n"
+"and batching strategies in the tunnel gateway processor, are important "
+"factors in network bandwidth,\n"
+"latency, reliability, and efficiency, especially for long-lived "
+"connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:405
+#, python-format
+msgid ""
+"Data integrity is assured by the gzip CRC-32 checksum implemented in\n"
+"<a href=\"%(i2cp)s#format\">the I2CP layer</a>.\n"
+"There is no checksum field in the streaming protocol."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:413
+#, python-format
+msgid ""
+"Each packet is sent through I2P as a single message (or as an individual "
+"clove in a\n"
+"<a href=\"%(garlicrouting)s\">Garlic Message</a>). Message encapsulation "
+"is implemented\n"
+"in the underlying <a href=\"%(i2cp)s\">I2CP</a>, <a "
+"href=\"%(i2np)s\">I2NP</a>, and\n"
+"<a href=\"%(tunnelmessage)s\">tunnel message</a> layers. There is no "
+"packet delimiter\n"
+"mechanism or payload length field in the streaming protocol."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:423
+msgid "Optional Delay"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:424
+msgid ""
+"Data packets may include an optional delay field specifying the requested"
+" delay,\n"
+"in ms, before the receiver should ack the packet.\n"
+"Valid values are 0 to 60000 inclusive.\n"
+"A value of 0 requests an immediate ack.\n"
+"This is advisory only, and receivers should delay slightly so that\n"
+"additional packets may be acknowledged with a single ack.\n"
+"Some implementations may include an advisory value of (measured RTT / 2) "
+"in this field.\n"
+"For nonzero optional delay values, receivers should limit the maximum "
+"delay\n"
+"before sending an ack to a few seconds at most.\n"
+"Optional delay values greater than 60000 indicate choking, see below."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:438
+msgid "Receive Window and Choking"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:439
+msgid ""
+"TCP headers include the receive window in bytes.\n"
+"The streaming protocol does not contain a receive window, it uses only a "
+"simple choke/unchoke indication.\n"
+"Each endpoint must maintain its own estimate of the far-end receive "
+"window, in either bytes or packets.\n"
+"The recommended minimum buffer size for receiver implementations is 128 "
+"packets or 217 KB (approximately 128x1730).\n"
+"Because of I2P netowrk latency, packet drops, and the resulting "
+"congestion control,\n"
+"a buffer of this size is rarely filled.\n"
+"Overflow is, however, likely to occur on high-bandwidth \"local "
+"loopback\" (same-router) connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:448
+msgid ""
+"To quickly indicate and smoothly recover from overflow conditions,\n"
+"there is a simple mechanism for pushback in the streaming protocol.\n"
+"If a packet is received with an optional delay field of value of 60001 or"
+" higher,\n"
+"that indicates \"choking\" or a receive window of zero.\n"
+"A packet with an optional delay field of value of 60000 or less indicates"
+" \"unchoking\".\n"
+"Packets without an optional delay field do not affect the choke/unchoke "
+"state."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:456
+msgid ""
+"After being choked, no more packets with data should be sent until the "
+"transmitter is unchoked,\n"
+"except for occasional \"probe\" data packets to compensate for possible "
+"lost unchoke packets.\n"
+"The choked endpoint should start a \"persist timer\" to control the "
+"probing, as in TCP.\n"
+"The unchoking endpoint should send several packets with this field set,\n"
+"or continue sending them periodically until data packets are received "
+"again.\n"
+"Maximum time to wait for unchoking is implementation-dependent.\n"
+"Transmitter window size and congestion control strategy after being "
+"unchoked is implementation-dependent."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:467
+msgid "Congestion Control"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:468
+msgid ""
+"The streaming lib uses standard slow-start (exponential window growth) "
+"and congestion avoidance (linear window growth)\n"
+"phases, with exponential backoff.\n"
+"Windowing and acknowledgments use packet count, not byte count."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:475
+msgid "Close"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:476
+msgid ""
+"Any packet, including one with the SYNCHRONIZE flag set, may have the "
+"CLOSE flag sent as well.\n"
+"The connection is not closed until the peer responds with the CLOSE flag."
+"\n"
+"CLOSE packets may contain data as well."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:484
+msgid ""
+"There is no ping function at the I2CP layer (equivalent to ICMP echo) or "
+"in datagrams.\n"
+"This function is provided in streaming.\n"
+"Pings and pongs may not be combined with a standard streaming packet;\n"
+"if the ECHO option is set, then\n"
+"most other flags, options, ackThrough, sequenceNum, NACKs, etc. are "
+"ignored."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:492
+msgid ""
+"A ping packet must have the ECHO, SIGNATURE_INCLUDED, and FROM_INCLUDED "
+"flags set.\n"
+"The sendStreamId must be greater than zero, and the receiveStreamId is "
+"ignored.\n"
+"The sendStreamId may or may not correspond to an existing connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:498
+msgid ""
+"A pong packet must have the ECHO flag set.\n"
+"The sendStreamId must be zero, and the receiveStreamId is the "
+"sendStreamId from the ping.\n"
+"Prior to release 0.9.18, the pong packet does not include any payload "
+"that was contained in the ping."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:504
+msgid ""
+"As of release 0.9.18, pings and pongs may contain a payload.\n"
+"The payload in the ping, up to a maximum of 32 bytes, is returned in the "
+"pong."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:509
+msgid ""
+"Streaming may be configured to disable sending pongs with the "
+"configuration i2p.streaming.answerPings=false."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:514
+msgid "Control Block Sharing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:515
+msgid ""
+"The streaming lib supports \"TCP\" Control Block sharing.\n"
+"This shares three important streaming lib parameters\n"
+"(window size, round trip time, round trip time variance)\n"
+"across connections to the same remote peer.\n"
+"This is used for \"temporal\" sharing at connection open/close time,\n"
+"not \"ensemble\" sharing during a connection (See\n"
+"<a href=\"http://www.ietf.org/rfc/rfc2140.txt\">RFC 2140</a>).\n"
+"There is a separate share per ConnectionManager (i.e. per local "
+"Destination)\n"
+"so that there is no information leakage to other Destinations on the\n"
+"same router.\n"
+"The share data for a given peer expires after a few minutes.\n"
+"The following Control Block Sharing parameters can be set per router:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:536
+msgid "Other Parameters"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:537
+msgid ""
+"The following parameters are hardcoded, but may be of interest for "
+"analysis:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:556
+#: i2p2www/pages/site/docs/how/network-database.html:897
+msgid "History"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:557
+msgid ""
+"The streaming library has grown organically for I2P - first mihi "
+"implemented the\n"
+"\"mini streaming library\" as part of I2PTunnel, which was limited to a "
+"window\n"
+"size of 1 message (requiring an ACK before sending the next one), and "
+"then it was\n"
+"refactored out into a generic streaming interface (mirroring TCP sockets)"
+" and the\n"
+"full streaming implementation was deployed with a sliding window protocol"
+" and \n"
+"optimizations to take into account the high bandwidth x delay product.  "
+"Individual\n"
+"streams may adjust the maximum packet size and other options. The default"
+"\n"
+"message size is selected to fit precisely in two 1K I2NP tunnel messages,"
+"\n"
+"and is a reasonable tradeoff between the bandwidth costs of \n"
+"retransmitting lost messages, and the latency and overhead of multiple "
+"messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:571
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:344
+#: i2p2www/pages/site/docs/how/garlic-routing.html:251
+#: i2p2www/pages/site/docs/how/network-database.html:902
+#: i2p2www/pages/site/docs/how/peer-selection.html:265
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:255
+#: i2p2www/pages/site/docs/protocol/i2cp.html:723
+#: i2p2www/pages/site/docs/protocol/i2np.html:226
+#: i2p2www/pages/site/docs/transport/ntcp.html:544
+#: i2p2www/pages/site/docs/transport/ssu.html:573
+#: i2p2www/pages/site/docs/tunnels/implementation.html:506
+msgid "Future Work"
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:572
+msgid ""
+"The behavior of the streaming library has a profound impact on\n"
+"application-level performance, and as such, is an important\n"
+"area for further analysis."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:578
+msgid "Additional tuning of the streaming lib parameters may be necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:581
+#, python-format
+msgid ""
+"Another area for research is the interaction of the streaming lib with "
+"the\n"
+"NTCP and SSU transport layers.\n"
+"See <a href=\"%(ntcpdisc)s\">the NTCP discussion page</a> for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:586
+msgid ""
+"The interaction of the routing algorithms with the streaming lib strongly"
+" affects performance.\n"
+"In particular, random distribution of messages to multiple tunnels in a "
+"pool\n"
+"leads to a high degree of out-of-order delivery which results in smaller "
+"window\n"
+"sizes than would otherwise be the case. The router currently routes \n"
+"messages for a single from/to destination pair through a consistent set \n"
+"of tunnels, until tunnel expiration or delivery failure. The router's \n"
+"failure and tunnel selection algorithms should be reviewed for possible \n"
+"improvements."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:596
+msgid "The data in the first SYN packet may exceed the receiver's MTU."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:599
+msgid "The DELAY_REQUESTED field could be used more."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:602
+msgid ""
+"Duplicate initial SYNCHRONIZE packets on short-lived streams may not be "
+"recognized and removed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:605
+msgid "Don't send the MTU in a retransmission."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:608
+msgid ""
+"Data is sent along unless the outbound window is full.\n"
+"(i.e. no-Nagle or TCP_NODELAY)\n"
+"Probably should have a configuration option for this."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:613
+msgid ""
+"zzz has added debug code to the streaming library to log packets in a "
+"wireshark-compatible\n"
+"(pcap) format; Use this to further analyze performance.\n"
+"The format may require enhancement to map more streaming lib parameters "
+"to TCP fields."
+msgstr ""
+
+#: i2p2www/pages/site/docs/api/streaming.html:618
+msgid ""
+"There are proposals to replace the streaming lib with standard TCP\n"
+"(or perhaps a null layer together with raw sockets).\n"
+"This would unfortunately be incompatible with the streaming lib\n"
+"but it would be good to compare the performance of the two."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:3
+msgid "January 2017"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:7
+msgid ""
+"There are several bittorrent clients and trackers on I2P.\n"
+"As I2P addressing uses a Destination instead of an IP and port, minor\n"
+"changes are required to tracker and client software for operation on I2P."
+"\n"
+"These changes are specified below.\n"
+"Note carefully the guidelines for compatibility with older I2P clients "
+"and trackers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:15
+msgid ""
+"This page specifies protocol details common to all clients and trackers.\n"
+"Specific clients and trackers may implement other unique features or "
+"protocols."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:20
+msgid "We welcome additional ports of client and tracker software to I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:26
+msgid "Announces"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:27
+msgid ""
+"Clients generally include a fake port=6881 parameter in the announce, for"
+" compatibility with older trackers.\n"
+"Trackers may ignore the port parameter, and should not require it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:32
+#, python-format
+msgid ""
+"The ip parameter is the base 64 of the client's\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>,\n"
+"using the I2P Base 64 alphabet [A-Z][a-z][0-9]-~.\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
+"are 387+ bytes, so the Base 64 is 516+ bytes.\n"
+"Clients generally append \".i2p\" to the Base 64 Destination for "
+"compatibility with older trackers.\n"
+"Trackers should not require an appended \".i2p\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:42
+msgid "Other parameters are the same as in standard bittorrent."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:46
+msgid ""
+"Current Destinations for clients are 387 or more bytes (516 or more in "
+"Base 64 encoding).\n"
+"A reasonable maximum to assume, for now, is 475 bytes.\n"
+"As the tracker must decode the Base64 to deliver compact responses (see "
+"below),\n"
+"the tracker should probably decode and reject bad Base64 when announced."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:53
+msgid ""
+"The default response type is non-compact. Clients may request a compact "
+"response with\n"
+"the parameter compact=1. A tracker may, but is not required to, return\n"
+"a compact response when requested."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:59
+msgid ""
+"Developers of new I2P clients\n"
+"are strongly encouraged to implemenent announces over their own tunnel "
+"rather than\n"
+"the HTTP client proxy at port 4444. Doing so is both more efficient and "
+"it allows\n"
+"destination enforcement by the tracker (see below)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:66
+msgid ""
+"There are no known I2P clients or trackers that currently support UDP "
+"announce/responses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:71
+msgid "Non-Compact Tracker Responses"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:72
+msgid ""
+"The non-compact response is just as in standard bittorrent, with an I2P "
+"\"ip\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:76
+msgid ""
+"Trackers generally include a fake port key, or use the port from the "
+"announce, for compatibility with older clients.\n"
+"Clients must ignore the port parameter, and should not require it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:81
+#, python-format
+msgid ""
+"The value of the ip key is the base 64 of the client's\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>, as "
+"described above.\n"
+"Trackers generally append \".i2p\" to the Base 64 Destination if it "
+"wasn't in the announce ip, for compatibility with older clients.\n"
+"Clients should not require an appended \".i2p\" in the responses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:88
+msgid "Other response keys and values are the same as in standard bittorrent."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:94
+msgid "Compact Tracker Responses"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:95
+#, python-format
+msgid ""
+"In the compact response, the value of the \"peers\" dictionary key is a "
+"single byte string,\n"
+"whose length is a multiple of 32 bytes.\n"
+"This string contains the concatenated\n"
+"<a href=\"%(commonstructures)s#type_Hash\">32-byte SHA-256 Hashes</a>\n"
+"of the binary\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
+"of the peers.\n"
+"This hash must be computed by the tracker, unless destination enforcement"
+"\n"
+"(see below) is used, in which case the hash delivered in the X-I2P-"
+"DestHash\n"
+"or X-I2P-DestB32 HTTP headers may be converted to binary and stored.\n"
+"The peers key may be absent, or the peers value may be zero-length."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:109
+msgid ""
+"While compact response support is optional for both clients and trackers,"
+" it is highly\n"
+"recommended as it reduces the nominal response size by over 90&#37;."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:116
+msgid "Destination Enforcement"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:117
+#, python-format
+msgid ""
+"Some, but not all, I2P bittorrent clients announce over their own "
+"tunnels.\n"
+"Trackers may choose to prevent spoofing by requiring this, and verifying "
+"the\n"
+"client's\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>\n"
+"using HTTP headers added by the I2PTunnel HTTP Server tunnel.\n"
+"The headers are X-I2P-DestHash, X-I2P-DestB64, and X-I2P-DestB32, which "
+"are\n"
+"different formats for the same information.\n"
+"These headers cannot be spoofed by the client.\n"
+"A tracker enforcing destinations need not require the ip announce "
+"parameter at all."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:129
+msgid ""
+"As several clients use the HTTP proxy instead of their own tunnel for "
+"announces,\n"
+"destination enforcement will prevent usage by those clients unless or "
+"until\n"
+"those clients are converted to announcing over their own tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:135
+msgid ""
+"Unfortunately, as the network grows, so will the amount of maliciousness,"
+"\n"
+"so we expect that all trackers will eventually enforce destinations.\n"
+"Both tracker and client developers should anticipate it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:143
+msgid "Announce Host Names"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:144
+#, python-format
+msgid ""
+"Announce URL host names in torrent files generally follow the\n"
+"<a href=\"%(naming)s\">I2P naming standards</a>.\n"
+"In addition to host names from address books and \".b32.i2p\" Base 32 "
+"hostnames,\n"
+"the full Base 64 Destination (with [or without?] \".i2p\" appended) "
+"should be supported.\n"
+"Non-open trackers should recognize their own host name in any of these "
+"formats."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:152
+msgid ""
+"To preserve anonymity,\n"
+"clients should generally ignore non-I2P announce URLs in torrent files."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:159
+msgid "Client Connections"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:160
+msgid ""
+"Client-to-client connections use the standard protocol over TCP.\n"
+"There are no known I2P clients that currently support uTP communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:165
+#, python-format
+msgid ""
+"I2P uses 387+ byte <a "
+"href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
+"for addresses, as explained above."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:170
+msgid ""
+"If the client has only the hash of the destination (such as from a "
+"compact response or PEX), it must perform a lookup\n"
+"by encoding it with Base 32, appending \".b32.i2p\", and querying the "
+"Naming Service,\n"
+"which will return the full Destination if available."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:176
+msgid ""
+"If the client has a peer's full Destination it received in a non-compact "
+"response, it should use it\n"
+"directly in the connection setup.\n"
+"Do not convert a Destination back to a Base 32 hash for lookup, this is "
+"quite inefficient."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:183
+msgid "Cross-Network Prevention"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:184
+msgid ""
+"To preserve anonymity,\n"
+"I2P bittorrent clients generally do not support non-I2P announces or peer"
+" connections.\n"
+"I2P HTTP outproxies often block announces.\n"
+"There are no known SOCKS outproxies supporting bittorrent traffic."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:191
+msgid ""
+"To prevent usage by non-I2P clients via an HTTP inproxy, I2P trackers "
+"often\n"
+"block accesses or announces that contain an X-Forwarded-For HTTP header.\n"
+"Trackers should reject standard network announces with IPv4 or IPv6 IPs, "
+"and not deliver them in responses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:200
+#, python-format
+msgid ""
+"I2P PEX is based on ut_pex.\n"
+"As there does not appear to be a formal specification of ut_pex "
+"available,\n"
+"it may be necessary to review the libtorrent source for assistance.\n"
+"It is an extension message, identified as \"i2p_pex\" in\n"
+"<a href=\"http://www.bittorrent.org/beps/bep_0010.html\">the extension "
+"handshake</a>.\n"
+"It contains a bencoded dictionary with up to 3 keys, \"added\", "
+"\"added.f\", and \"dropped\".\n"
+"The added and dropped values are each a single byte string, whose length "
+"is a multiple of 32 bytes.\n"
+"These byte strings are the concatenated SHA-256 Hashes of the binary\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>\n"
+"of the peers.\n"
+"This is the same format as the peers dictionary value in the i2p compact "
+"response format specified above.\n"
+"The added.f value, if present, is the same as in ut_pex."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:218
+msgid ""
+"DHT support is included in the i2psnark client as of version 0.9.2.\n"
+"Preliminary differences from\n"
+"<a href=\"http://www.bittorrent.org/beps/bep_0005.html\">BEP 5</a>\n"
+"are described below, and are subject to change.\n"
+"Contact the I2P developers if you wish to develop a client supporting DHT."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:226
+msgid ""
+"Unlike standard DHT, I2P DHT does not use a bit in the options handshake,"
+" or the PORT message.\n"
+"It is advertised with an extension message, identified as \"i2p_dht\" in\n"
+"<a href=\"http://www.bittorrent.org/beps/bep_0010.html\">the extension "
+"handshake</a>.\n"
+"It contains a bencoded dictionary with two keys, \"port\" and \"rport\", "
+"both integers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:233
+msgid ""
+"The UDP (datagram) port listed in the compact node info is used\n"
+"to receive repliable (signed) datagrams.\n"
+"This is used for queries, except for announces.\n"
+"We call this the \"query port\".\n"
+"This is the \"port\" value from the extension message.\n"
+"Queries use I2CP protocol number 17."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:242
+msgid ""
+"In addition to that UDP port, we use a second datagram\n"
+"port equal to the query port + 1. This is used to receive\n"
+"unsigned (raw) datagrams for replies, errors, and announces.\n"
+"This port provides increased efficiency since replies\n"
+"contain tokens sent in the query, and need not be signed.\n"
+"We call this the \"response port\".\n"
+"This is the \"rport\" value from the extension message.\n"
+"It must be 1 + the query port.\n"
+"Responses and announces use I2CP protocol number 18."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:254
+msgid ""
+"Compact peer info is 32 bytes (32 byte SHA256 Hash)\n"
+"instead of 4 byte IP + 2 byte port. There is no peer port.\n"
+"In a response, the \"values\" key is a list of strings, each containing a"
+" single compact peer info."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:260
+msgid ""
+"Compact node info is 54 bytes (20 byte SHA1 Hash + 32 byte SHA256 Hash + "
+"2 byte port)\n"
+"instead of 20 byte SHA1 Hash + 4 byte IP + 2 byte port.\n"
+"In a response, the \"nodes\" key is a\n"
+"single byte string with concatenated compact node info."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:267
+msgid ""
+"Secure node ID requirement: To make various DHT attacks more difficult,\n"
+"the first 4 bytes of the Node ID must match the first 4 bytes of the "
+"destination Hash,\n"
+"and the next two bytes of the Node ID must match the next two bytes of "
+"the\n"
+"destination hash exclusive-ORed with the port."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:274
+msgid ""
+"In a torrent file,\n"
+"the trackerless torrent dictionary \"nodes\" key is TBD.\n"
+"It could be a list of\n"
+"32 byte binary strings (SHA256 Hashes) instead of a list of lists\n"
+"containing a host string and a port integer.\n"
+"Alternatives: A single byte string with concatenated hashes,\n"
+"or a list of strings alone."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:286
+msgid "Datagram (UDP) Trackers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:287
+msgid ""
+"UDP tracker support in clients and trackers is not yet available.\n"
+"Preliminary differences from\n"
+"<a href=\"http://www.bittorrent.org/beps/bep_0015.html\">BEP 15</a>\n"
+"are described below, and are subject to change.\n"
+"Contact the I2P developers if you wish to develop a client or tracker "
+"supporting datagram announces."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:295
+msgid ""
+"A UDP tracker listens on two ports.\n"
+"The \"query port\" is the advertised port, and is used to receive "
+"repliable (signed) datagrams, for the connect request only.\n"
+"The \"response port\" is used to receive unsigned (raw) datagrams, and is"
+" the source port for all replies.\n"
+"The response port is arbitrary.\n"
+"A client sends and receives on a single port only.\n"
+"It receives only unsigned (raw) datagrams.\n"
+"Raw datagrams provides increased efficiency for replies since they "
+"contain tokens sent in the query, and need not be signed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:305
+msgid ""
+"In the announce request, the 4-byte IP is replaced by a 32-byte hash, and"
+" the port is still present,\n"
+"although it may be ignored by the tracker.\n"
+"In the announce response, each 4-byte IP and 2-byte port is replaced by a"
+" 32-byte hash (compact peer info), and no port is present.\n"
+"The client sends the announce request and scrape request to the source "
+"port in the announce response packet.\n"
+"The connect request, connect response, scrape request, scrape response, "
+"and error response are the same as in BEP 15."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:313
+msgid ""
+"Source addresses in I2P cannot be spoofed, so it is possible to use a "
+"simplified protocol\n"
+"with 2 packets instead of 4, omitting the connect request and response.\n"
+"In this case, the announce request would be a repliable datagram sent to "
+"the tracker's query port,\n"
+"and the tracker would not require a response port.\n"
+"While this is more efficient, it would be more difficult to modify an "
+"existing tracker to support this mode.\n"
+"The URL for the 4-packet-mode tracker would use standard \"udp://\" "
+"prefix. \n"
+"The URL for a modified 2-packet-mode tracker would require a different "
+"prefix if both modes are supported in I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:326
+#: i2p2www/pages/site/docs/how/intro.html:184
+msgid "Additional Information"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:328
+#, python-format
+msgid ""
+"I2P bittorrent standards are generally discussed on <a "
+"href=\"http://%(zzz)s/\">%(zzz)s</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:331
+#, python-format
+msgid ""
+"A chart of current tracker software capabilities is <a "
+"href=\"http://%(zzz)s/files/trackers.html\">also available there</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:334
+#, python-format
+msgid ""
+"The\n"
+"<a href=\"http://%(forum)s/viewtopic.php?t=2068\">I2P bittorrent FAQ</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/bittorrent.html:338
+#, python-format
+msgid "<a href=\"http://%(zzz)s/topics/812\">DHT on I2P discussion</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:2
+msgid "Embedding I2P in your Application"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:3
+msgid "April 2015"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:8
+msgid ""
+"This page is about bundling the entire I2P router binary with your "
+"application.\n"
+"It is not about writing an application to work with I2P (either bundled "
+"or external)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:13
+msgid ""
+"Lots of projects are bundling, or talking about bundling, I2P. That's "
+"great if done right.\n"
+"If done wrong, it could cause real harm to our network.\n"
+"The I2P router is complex, and it can be a challenge to hide all the "
+"complexity from your users.\n"
+"This page discusses some general guidelines."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:23
+msgid "Talk to us"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:24
+msgid ""
+"Start a dialog. We're here to help. Applications that embed I2P are the "
+"most promising - and exciting -\n"
+"opportunities for us to grow the network and improve anonymity for "
+"everyone."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:30
+msgid "Choose your router wisely"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:31
+msgid ""
+"If your application is in Java or Scala, it's an easy choice - use the "
+"Java router.\n"
+"If in C/C++, we recommend i2pd. The development of i2pcpp has stopped.\n"
+"For apps in other languages, best to use SAM or BOB or SOCKS and bundle "
+"the Java router as a separate process.\n"
+"Some of the following only applies to the Java router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:39
+msgid "Licensing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:40
+msgid "Ensure you meet the license requirements of the software you are bundling."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:45
+msgid "Verify default configuration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:46
+msgid ""
+"A correct default configuration is crucial. Most users will not change "
+"the defaults.\n"
+"The defaults for your application may need to be different than the "
+"defaults for the router you are bundling.\n"
+"Override the router defaults if necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:51
+msgid ""
+"Some important defaults to review: Max bandwidth, tunnel quantity and "
+"length, max participating tunnels.\n"
+"A lot of this depends on the expected bandwidth and usage patterns of "
+"your app."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:55
+msgid ""
+"Configure enough bandwidth and tunnels to allow your users to contribute "
+"to the network.\n"
+"Consider disabling external I2CP, as you probably don't need it and it "
+"would conflict with any other running I2P instance.\n"
+"Also look at the configs for disabling killing of the JVM on exit, for "
+"example."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:62
+msgid "Participating Traffic Considerations"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:63
+msgid ""
+"It may be tempting for you to disable participating traffic.\n"
+"There's several ways to do this (hidden mode, setting max tunnels to 0, "
+"setting shared bandwidth below 12 KBytes/sec).\n"
+"Without participating traffic, you don't have to worry about graceful "
+"shutdown,\n"
+"your users don't see bandwidth usage not generated by them, etc.\n"
+"However, there's lots of reasons why you should allow participating "
+"tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:70
+msgid ""
+"First of all, the router doesn't work that well if it doesn't have a "
+"chance to \"integrate\" with the network,\n"
+"which is helped tremendously by others building tunnels through you."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:74
+msgid ""
+"Secondly, over 90&#37; of the routers in the current network allow "
+"participating traffic.\n"
+"It's the default in the Java router.\n"
+"If your application doesn't route for others and it gets really popular, "
+"then it's a leech on the network,\n"
+"and it upsets the balance we have now.\n"
+"If it gets really big, then we become Tor, and spend our time begging for"
+" people to enable relaying."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:81
+msgid ""
+"Thirdly, participating traffic is cover traffic that helps your users' "
+"anonymity."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:84
+msgid ""
+"We strongly discourage you from disabling participating traffic by "
+"default.\n"
+"If you do this and your application gets hugely popular, it could break "
+"the network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:90
+msgid "Persistence"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:91
+msgid ""
+"You must save the router's data (netdb, configuration, etc.) between runs"
+" of the router.\n"
+"I2P does not work well if you must reseed each startup, and that's a huge"
+" load on our reseed servers, and not very good for anonymity either.\n"
+"Even if you bundle router infos, I2P needs saved profile data for best "
+"performance."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:99
+msgid "Configurability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:100
+msgid ""
+"Give your users a way to change the configuration of the important "
+"settings.\n"
+"We understand that you will probably want to hide most of I2P's "
+"complexity, but it's important to show some basic settings.\n"
+"In addition to the defaults above, some network settings such as UPnP, "
+"IP/port may be helpful."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:108
+msgid "Floodfill Considerations"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:109
+msgid ""
+"Above a certain bandwidth setting, and meeting other health criteria, "
+"your router will become floodfill,\n"
+"which may cause a large increase in connections and memory usage (at "
+"least with the Java router).\n"
+"Think about whether that's OK. You can disable floodfill, but then your "
+"fastest users aren't contributing what they could.\n"
+"It also depends on the typical uptime for your application."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:119
+msgid "Reseeding"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:120
+msgid ""
+"Decide if you are bundling router infos or using our reseed hosts.\n"
+"The Java reseed host list is in the source code, so if you keep your "
+"source up to date, the host list will be also.\n"
+"Be aware of possible blocking by hostile governments."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:129
+msgid "Reduce Network Resource Usage"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:130
+msgid ""
+"Consider setting your application tunnels to delay-open, reduce-on-idle "
+"and/or close-on-idle.\n"
+"This is straightforward if using i2ptunnel but you'll have to implement "
+"some of it yourself if using I2CP directly.\n"
+"See i2psnark for code that reduces tunnel count and then closes the "
+"tunnel, even in the presence of some background DHT activity."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:138
+msgid "Updatability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:139
+msgid ""
+"Have an auto-update feature if at all possible, or at least auto-"
+"notification of a new version.\n"
+"Our biggest fear is a huge number of routers out there that can't be "
+"updated.\n"
+"We have about 6-8 releases a year of the Java router, and it's critical "
+"to the health of the network that the users keep up.\n"
+"We usually have over 80&#37; of the network on the latest release within "
+"6 weeks after the release, and we'd like to keep it that way.\n"
+"You don't need to worry about disabling the router's built-in auto-update"
+" function, as that code is in the router console,\n"
+"which you presumably are not bundling."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:150
+msgid "Rollout"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:151
+msgid ""
+"Have a gradual rollout plan. Don't overwhelm the network all at once.\n"
+"We currently have approximately 25K unique users per day and 40K uniques "
+"per month.\n"
+"We are probably able to handle growth of 2-3X per year without too much "
+"issue.\n"
+"If you anticipate a faster rampup than that, OR the bandwidth "
+"distribution (or uptime distribution,\n"
+"or any other significant characteristic) of your userbase is "
+"significantly different from our current userbase,\n"
+"we really need to have a discussion.\n"
+"The bigger your growth plans, the more important everthing else in this "
+"checklist is."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:163
+msgid "Design for and Encourage Long Uptimes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:164
+msgid ""
+"Tell your users that I2P works best if it keeps running.\n"
+"It may be several minutes after startup before it works well, and even "
+"more after first install.\n"
+"If your average uptime is less than an hour, I2P is probably the wrong "
+"solution."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:172
+msgid "Show Status"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:173
+msgid ""
+"Provide some indication to the user that the application tunnels are "
+"ready. Encourage patience."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:178
+msgid "Graceful Shutdown"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:179
+msgid ""
+"If possible, delay the shutdown until your participating tunnels expire.\n"
+"Don't let your users break tunnels easily, or at least ask them to "
+"confirm."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:185
+msgid "Education and Donation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:186
+msgid ""
+"It would be nice if you give your users links to learn more about I2P and"
+" to donate."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:192
+msgid "External Router Option"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:193
+msgid ""
+"Depending on your user base and application,\n"
+"it may be helpful to provide an option or a separate package to use an "
+"external router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:200
+msgid "Use of other Common Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:201
+msgid ""
+"If you plan to use or link to other common I2P services (news feeds, "
+"hosts.txt subscriptions, trackers, outproxies, etc.),\n"
+"make sure you aren't overloading them,\n"
+"and talk to the people who are running them to make sure it's ok."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:209
+msgid "Time / NTP Issues"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:210
+msgid ""
+"I2P includes an SNTP client. I2P requires correct time to operate.\n"
+"It will compensate for a skewed system clock but this may delay startup. "
+"You may disable I2P's SNTP queries,\n"
+"but this isn't advised unless your application makes sure the system "
+"clock is correct."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:218
+msgid "Choose What and How you Bundle"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:219
+msgid ""
+"At a minimum you will need i2p.jar, router.jar, streaming.jar, and "
+"mstreaming.jar.\n"
+"You may omit the two streaming jars for a datagram-only app.\n"
+"Some apps may need more, e.g. i2ptunnel.jar or addressbook.jar.\n"
+"Don't forget jbigi.jar, or a subset of it for the platforms you support, "
+"to make the crypto much faster.\n"
+"We are currently building them for Java 6, as of 0.9.14. The source is "
+"mostly compatible with Java 5 if you want to do your own compile,\n"
+"but we may start using Java 6 features at any time without notice.\n"
+"We plan to migrate to Java 7 in 2015.\n"
+"If you're building Debian / Ubuntu packages, you should require the I2P "
+"package from our PPA instead of bundling it.\n"
+"You almost certainly do not need susimail, susidns, the router console, "
+"and i2psnark, for example."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:230
+msgid ""
+"The following files should be included in the I2P installation directory,"
+" specified with the \"i2p.dir.base\" property.\n"
+"Don't forget certificates/reseed and certificates/ssl, required for "
+"reseeding, and blocklist.txt for IP validation.\n"
+"The geoip directory is optional, but recommended so the router can make "
+"decisions based on location.\n"
+"The hosts.txt file may be necessary, you may modify it to include any "
+"hosts your application uses.\n"
+"You may add a router.config file to the base directory to override "
+"initial defaults."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:237
+msgid ""
+"License requirements may require you to include the LICENSES.txt file and"
+" the licenses directory."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:243
+msgid "You may also wish to bundle a hosts.txt file."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:246
+msgid "Be sure to specify a Java 6 bootclasspath if compiling with Java 8."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:254
+msgid "Datagram (DHT) considerations"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:255
+msgid ""
+"If your application is using I2P datagrams, e.g. for a DHT,\n"
+"there's lots of advanced options available to reduce overhead and "
+"increase reliability.\n"
+"This may take some time and experimentation to get working well.\n"
+"Be aware of size/reliability tradeoffs. Talk to us for help.\n"
+"It is possible - and recommended - to use Datagrams and Streaming on the "
+"same Destination.\n"
+"Don't create separate Destinations for this.\n"
+"Don't try to store your unrelated data in the existing network DHTs "
+"(iMule, bote, bittorrent, and router).\n"
+"Build your own. If you are hardcoding seed nodes, we recommend that you "
+"have several."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:268
+msgid "Comarketing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:269
+msgid ""
+"Let's work together. Don't wait until it's done.\n"
+"Give us your Twitter handle and start tweeting about it, we will return "
+"the favor."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:275
+msgid "Malware"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:276
+msgid ""
+"Please don't use I2P for evil.\n"
+"It could cause great harm both to our network and our reputation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:282
+msgid "Join Us"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:283
+msgid ""
+"This may be obvious, but join the community. Run I2P 24/7. Start an "
+"eepsite about your project.\n"
+"Hang out in IRC #i2p-dev. Post on the forums. Spread the word.\n"
+"We can help get you users, testers, translators, or even coders."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:291
+msgid "Application Examples"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:292
+msgid ""
+"You may wish to install and play with the I2P Android app, and look at "
+"its code, for an example of an application that bundles the router.\n"
+"See what we expose to the user and what we hide.\n"
+"Look at the state machine we use to start and stop the router.\n"
+"Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak,"
+" and Monero."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:300
+msgid "Code Example"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:301
+msgid ""
+"None of the above actually tells you how to write your code to\n"
+"bundle the Java router, so following is a brief example."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/embedding.html:331
+msgid ""
+"This code is for the case where your application starts the router, as in"
+" our Android app.\n"
+"You could also have the router start the application via the "
+"clients.config and i2ptunnel.config files,\n"
+"together with Jetty webapps,\n"
+"as is done in our Java packages.\n"
+"As always, state management is the difficult part."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:3
+msgid "February 2014"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:8
+#, python-format
+msgid ""
+"Clients may be started directly by the router when they are listed\n"
+"in the <a href=\"%(configspec)s\">clients.config</a> file.\n"
+"These clients may be \"managed\" or \"unmanaged\".\n"
+"This is handled by the ClientAppManager.\n"
+"Additionally, managed or unmanaged clients may register with the\n"
+"ClientAppManager so that other clients may retrieve a reference to them.\n"
+"There is also a simple Port Mapper facility for clients to register an\n"
+"internal port that other clients may look up."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:21
+msgid ""
+"As of release 0.9.4, the router supports managed clients.\n"
+"Managed clients are instantiated and started by the ClientAppManager.\n"
+"The ClientAppManager maintains a reference to the client and receives "
+"updates on the client's state.\n"
+"Managed clients are preferred, as it is much easier to implement state "
+"tracking\n"
+"and to start and stop a client. It also is much easier to avoid static "
+"references in the client code\n"
+"which could lead to excessive memory usage after a client is stopped.\n"
+"Managed clients may be started and stopped by the user in the router "
+"console,\n"
+"and are stopped at router shutdown."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:31
+msgid ""
+"Managed clients implement either the net.i2p.app.ClientApp or "
+"net.i2p.router.app.RouterApp interface.\n"
+"Clients implementing the ClientApp interface must provide the following "
+"constructor:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:38
+msgid ""
+"Clients implementing the RouterApp interface must provide the following "
+"constructor:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:44
+msgid "The arguments provided are specified in the clients.config file."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:48
+msgid "Unmanaged Clients"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:49
+msgid ""
+"If the main class specified in the clients.config file does not implement"
+" a managed interface,\n"
+"it will be started with main() with the arguments specified,\n"
+"and stopped with main() with the arguments specified.\n"
+"The router does not maintain a reference, since all interactions are via "
+"the static main() method.\n"
+"The console cannot provide accurate state information to the user."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:57
+msgid "Registered Clients"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:58
+msgid ""
+"Clients, whether managed or unmanaged, may register with the "
+"ClientAppManager\n"
+"so that other clients may retrieve a reference to them.\n"
+"Registration is by name.\n"
+"Known registered clients are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:68
+msgid "Port Mapper"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/managed-clients.html:69
+msgid ""
+"The router also provides a simple mechanism for clients to find an "
+"internal socket service,\n"
+"such as the HTTP proxy. This is provided by the Port Mapper.\n"
+"Registration is by name.\n"
+"Clients that register generally provide an internal emulated socket on "
+"that port."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:2
+msgid "Supported Applications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:5
+#: i2p2www/pages/site/docs/applications/supported.html:183
+msgid "Blogging, Forums, and Wikis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:7
+#: i2p2www/pages/site/docs/applications/supported.html:229
+msgid "Decentralized File Storage"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:10
+#: i2p2www/pages/site/docs/applications/supported.html:241
+msgid "Development Tools"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:13
+#: i2p2www/pages/site/docs/applications/supported.html:243
+msgid "Version control"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:17
+#: i2p2www/pages/site/docs/applications/supported.html:262
+msgid "Domain Naming"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:19
+#: i2p2www/pages/site/docs/applications/supported.html:280
+msgid "Email"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:22
+#: i2p2www/pages/site/docs/applications/supported.html:325
+msgid "File Sharing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:25
+#: i2p2www/pages/site/docs/applications/supported.html:327
+msgid "BitTorrent clients"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:27
+#: i2p2www/pages/site/docs/applications/supported.html:369
+msgid "BitTorrent trackers and indexers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:36
+#: i2p2www/pages/site/docs/applications/supported.html:436
+msgid "Network Administration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:39
+#: i2p2www/pages/site/docs/applications/supported.html:438
+msgid "General-purpose socket utilities"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:46
+#: i2p2www/pages/site/docs/applications/supported.html:479
+msgid "Real-time Chat"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:49
+#: i2p2www/pages/site/docs/applications/supported.html:481
+msgid "Instant messaging clients"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:51
+#: i2p2www/pages/site/docs/applications/supported.html:491
+msgid "IRC clients"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:53
+#: i2p2www/pages/site/docs/applications/supported.html:542
+msgid "IRC servers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:58
+#: i2p2www/pages/site/docs/applications/supported.html:558
+msgid "Web Browsing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:61
+#: i2p2www/pages/site/docs/applications/supported.html:560
+msgid "Anonymous websites"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:63
+#: i2p2www/pages/site/docs/applications/supported.html:609
+msgid "Proxy software"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:65
+#: i2p2www/pages/site/docs/applications/supported.html:634
+msgid "Inproxies"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:67
+#: i2p2www/pages/site/docs/applications/supported.html:674
+msgid "Outproxies"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:72
+#: i2p2www/pages/site/docs/applications/supported.html:688
+msgid "Website Hosting"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:75
+#: i2p2www/pages/site/docs/applications/supported.html:703
+msgid "Web servers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:82
+#, python-format
+msgid ""
+"This is intended to be a comprehensive listing of applications used with\n"
+"I2P. If you know of something that's missing please submit a ticket on\n"
+"<a href=\"%(trac)s\">Trac</a>, and be sure to select the\n"
+"“www” component in the submission form."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:89
+msgid ""
+"\n"
+"Supported applications are tagged with one or more of the following:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:94
+#: i2p2www/pages/site/docs/applications/supported.html:276
+#: i2p2www/pages/site/docs/applications/supported.html:308
+#: i2p2www/pages/site/docs/applications/supported.html:333
+#: i2p2www/pages/site/docs/applications/supported.html:700
+msgid "bundled"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:97
+msgid ""
+"<em>Bundled application</em> — I2P ships with a few officially\n"
+"supported applications that let new users take immediate advantage of\n"
+"some of I2P's more useful capabilities."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:104
+#: i2p2www/pages/site/docs/applications/supported.html:192
+#: i2p2www/pages/site/docs/applications/supported.html:205
+#: i2p2www/pages/site/docs/applications/supported.html:217
+#: i2p2www/pages/site/docs/applications/supported.html:225
+#: i2p2www/pages/site/docs/applications/supported.html:238
+#: i2p2www/pages/site/docs/applications/supported.html:289
+#: i2p2www/pages/site/docs/applications/supported.html:401
+#: i2p2www/pages/site/docs/applications/supported.html:423
+#: i2p2www/pages/site/docs/applications/supported.html:432
+#: i2p2www/pages/site/docs/applications/supported.html:520
+msgid "plugin"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:107
+#, python-format
+msgid ""
+"<em>Third-party plugin</em> — I2P's plugin system provides convenient\n"
+"deployment of I2P-enabled applications and allows tighter integration\n"
+"with the router. Plugins are [reviewed by the community](<a href=\n"
+"\"http://%(plugins)s\">http://%(plugins)s</a>) to identify security and\n"
+"anonymity issues."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:118
+#: i2p2www/pages/site/docs/applications/supported.html:217
+#: i2p2www/pages/site/docs/applications/supported.html:225
+#: i2p2www/pages/site/docs/applications/supported.html:238
+#: i2p2www/pages/site/docs/applications/supported.html:249
+#: i2p2www/pages/site/docs/applications/supported.html:258
+#: i2p2www/pages/site/docs/applications/supported.html:321
+#: i2p2www/pages/site/docs/applications/supported.html:339
+#: i2p2www/pages/site/docs/applications/supported.html:350
+#: i2p2www/pages/site/docs/applications/supported.html:365
+#: i2p2www/pages/site/docs/applications/supported.html:411
+#: i2p2www/pages/site/docs/applications/supported.html:423
+#: i2p2www/pages/site/docs/applications/supported.html:432
+#: i2p2www/pages/site/docs/applications/supported.html:447
+#: i2p2www/pages/site/docs/applications/supported.html:453
+#: i2p2www/pages/site/docs/applications/supported.html:459
+#: i2p2www/pages/site/docs/applications/supported.html:469
+#: i2p2www/pages/site/docs/applications/supported.html:475
+#: i2p2www/pages/site/docs/applications/supported.html:487
+#: i2p2www/pages/site/docs/applications/supported.html:520
+#: i2p2www/pages/site/docs/applications/supported.html:526
+#: i2p2www/pages/site/docs/applications/supported.html:532
+#: i2p2www/pages/site/docs/applications/supported.html:538
+#: i2p2www/pages/site/docs/applications/supported.html:615
+#: i2p2www/pages/site/docs/applications/supported.html:624
+#: i2p2www/pages/site/docs/applications/supported.html:630
+#: i2p2www/pages/site/docs/applications/supported.html:700
+#: i2p2www/pages/site/docs/applications/supported.html:715
+#: i2p2www/pages/site/docs/applications/supported.html:721
+#: i2p2www/pages/site/docs/applications/supported.html:727
+#: i2p2www/pages/site/docs/applications/supported.html:733
+msgid "standalone"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:118
+#: i2p2www/pages/site/docs/applications/supported.html:192
+#: i2p2www/pages/site/docs/applications/supported.html:199
+#: i2p2www/pages/site/docs/applications/supported.html:205
+#: i2p2www/pages/site/docs/applications/supported.html:211
+#: i2p2www/pages/site/docs/applications/supported.html:359
+#: i2p2www/pages/site/docs/applications/supported.html:383
+#: i2p2www/pages/site/docs/applications/supported.html:392
+#: i2p2www/pages/site/docs/applications/supported.html:548
+#: i2p2www/pages/site/docs/applications/supported.html:554
+msgid "standalone/mod"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:121
+msgid ""
+"<em>Third-party standalone application</em> — Many standard network\n"
+"applications only require careful setup and configuration to communicate\n"
+"anonymously over I2P. These are tagged with <em>standalone</em>. Some\n"
+"applications, tagged with <em>standalone/mod</em>, require patching to\n"
+"function properly over I2P or to prevent inadvertent disclosure of\n"
+"identifying information such as the user's hostname or external IP\n"
+"address."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:132
+#: i2p2www/pages/site/docs/applications/supported.html:299
+#: i2p2www/pages/site/docs/applications/supported.html:568
+#: i2p2www/pages/site/docs/applications/supported.html:578
+#: i2p2www/pages/site/docs/applications/supported.html:587
+#: i2p2www/pages/site/docs/applications/supported.html:593
+#: i2p2www/pages/site/docs/applications/supported.html:599
+#: i2p2www/pages/site/docs/applications/supported.html:605
+#: i2p2www/pages/site/docs/applications/supported.html:646
+#: i2p2www/pages/site/docs/applications/supported.html:654
+#: i2p2www/pages/site/docs/applications/supported.html:663
+#: i2p2www/pages/site/docs/applications/supported.html:670
+#: i2p2www/pages/site/docs/applications/supported.html:684
+msgid "service"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:135
+msgid ""
+"<em>Third-party essential network service</em> — Services which on\n"
+"the I2P network are analogous to those provided on the public Internet\n"
+"by hosting providers, ISPs, and Google: eepsite indexes and jump\n"
+"services, search engines, email, DNS-style name services, hosting,\n"
+"proxies, etc. These services focus on boosting the usefulness of the\n"
+"network as a whole, and making network content more discoverable."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:145
+#: i2p2www/pages/site/docs/applications/supported.html:217
+#: i2p2www/pages/site/docs/applications/supported.html:365
+msgid "unmaintained"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:148
+msgid ""
+"<em>Unmaintained</em> — This is used to tag plugins, applications,\n"
+"and services which appear to be unmaintained and may be removed from\n"
+"this listing in the future."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:156
+#, python-format
+msgid ""
+"Warning: Using an application, plugin, or service with I2P\n"
+"doesn't automatically protect your anonymity. I2P is merely a set of "
+"tools\n"
+"which can help you mitigate certain <a "
+"href=\"%(threatmodel)s\">identified\n"
+"threats to anonymity</a>. We do not and cannot make any guarantees about "
+"the\n"
+"safety of the applications, plugins, and services listed below. Most\n"
+"applications and plugins must be properly configured, and some will need "
+"to\n"
+"be patched — and even then your anonymity might not be assured. "
+"Similarly,\n"
+"services could put your anonymity at risk, either by design or through\n"
+"carelessness on their part or your own."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:168
+msgid ""
+"If you have doubts about the suitability of an application,\n"
+"plugin, or service for use with I2P, you are urged to inquire about "
+"privacy\n"
+"issues with its maintainers, to search its mailing lists and bug tracker "
+"if\n"
+"one exists, and consult trusted, knowledgeable members of the I2P\n"
+"community."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:176
+msgid ""
+"Take responsibility for your own anonymity and safety — always\n"
+"seek expert advice, educate yourself, practice good judgment, be mindful "
+"of\n"
+"disclosing personally identifying information, and don't take\n"
+"shortcuts."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:198
+msgid "Lightweight forum software."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:204
+msgid "Another lightweight blogging platform."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:210
+msgid "Most popular open source forum software."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:216
+msgid "Distributed forums software, originally developed by jrandom."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:221
+#, python-format
+msgid ""
+"A Java-based MediaWiki clone. No external database needed.\n"
+"Plugin available <a href=\"http://%(plugins)s/plugins/jamwiki\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:233
+#, python-format
+msgid ""
+"Port of the <a href=\"http://tahoe-lafs.org/\"><strong>Tahoe-"
+"LAFS</strong></a>\n"
+"distributed file system to the I2P network. Controller plugin <a href=\n"
+"\"http://%(stats)s/i2p/plugins/\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:248
+msgid "Most popular distributed version control system."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:254
+#, python-format
+msgid ""
+"Another distributed version control system. Currently\n"
+"<a href=\"%(monotone)s\">used in I2P development</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:266
+#, python-format
+msgid ""
+"Provides management of addressbooks, which are part of a simple,\n"
+"user-controlled <a href=\"%(naming)s\">I2P naming system</a> somewhat\n"
+"analogous to the Internet's Domain Name System (DNS). Addressbooks map\n"
+"Base64 destinations to short, usually human-readable “domain” names "
+"ending\n"
+"with a .i2p suffix which the I2P router's HTTP client can resolve back to"
+"\n"
+"Base64 addresses. (<em>Note:</em> While Base64 destinations are globally\n"
+"unique, addressbook “domain” names only resolve to unique destinations\n"
+"locally.)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:285
+msgid ""
+"Serverless peer-to-peer email application using a distributed hash table\n"
+"(DHT) for secure mail storage."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:294
+msgid ""
+"Provides email service within the I2P network via @mail.i2p addresses,\n"
+"and email gateway service between the I2P network and the public Internet"
+"\n"
+"via @i2pmail.org addresses. One of the oldest continuous services on I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:304
+msgid ""
+"Simple web browser-based email interface. Configured to use Postman's\n"
+"email service by default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:313
+#, python-format
+msgid ""
+"Can be configured to use Postman's email service. See\n"
+"<a href=\"%(reviews)s\">this comparison of MUAs</a>,\n"
+"and configuration settings for\n"
+"<a href=\"%(smtp)s\">SMTP</a> and <a href=\"%(pop3)s\">POP3</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:332
+msgid "I2P's integrated BitTorrent client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:338
+msgid "Modified version of I2PSnark."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:344
+msgid ""
+"\n"
+"A fork of rufus that uses the Basic Open Bridge (BOB) and has many\n"
+"improvements, including using the latest wxwidgets and python. It also\n"
+"supports use of seedless if installed for trackerless torrents and\n"
+"magnet-link like fetching of torrents within I2P.\n"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:355
+msgid ""
+"Clean, full-featured cross-platform BitTorrent client with official\n"
+"ports for several GUI toolkits."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:364
+msgid "Has a plugin providing I2P support."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:371
+#, python-format
+msgid ""
+"For a detailed feature comparison of I2P-enabled trackers/indexers, see\n"
+"<a href=\"http://%(zzz)s/files/trackers.html\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:379
+msgid ""
+"The code that powered one of the first major tracker/indexer sites on the"
+"\n"
+"Internet. Patched for I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:388
+#, python-format
+msgid ""
+"Lightweight tracker/indexer. I2P mod available in the i2p.opentracker\n"
+"branch of the <a href=\"%(newdevs)s\">I2P Monotone repository</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:397
+#, python-format
+msgid ""
+"<a href=\"http://%(zzz)s/\">zzz's</a> Java-based open tracker. More info\n"
+"<a href=\"http://%(zzz)s/topics/598?page=1#p2085\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:410
+msgid "I2P port of the aMule ED2K client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:419
+#, python-format
+msgid ""
+"Port of the <a href=\"http://www.phex.org/mambo/\">Phex</a> Gnutella "
+"client. Website\n"
+"for plugin version <a href=\"http://%(stats)s/i2p/plugins/\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:428
+#, python-format
+msgid ""
+"Cache for Gnutella peers on I2P. Website for plugin version\n"
+"<a href=\"http://%(stats)s/i2p/plugins/\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:443
+msgid ""
+"Unix standard tool for socket relaying. Several clones, ports, and forks\n"
+"have appeared over the years."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:452
+msgid "Like netcat but more powerful."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:458
+msgid ""
+"Proxy providing simple, transparent SOCKS-ification of network "
+"applications."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:468
+msgid ""
+"Most popular implementation of the Secure Shell (SSH) protocol and "
+"related tools."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:474
+msgid "Open source Secure Shell (SSH) client for Windows."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:486
+msgid "IM client with multiple incarnations."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:493
+msgid ""
+"Many IRC clients leak identifying information to servers or other\n"
+"clients, so I2P's IRC and SOCKS IRC client tunnels filter certain inbound"
+"\n"
+"and outbound messages to scrub data such as LAN IP addresses, external IP"
+"\n"
+"addresses, local hostnames, and the name and version of the IRC client. "
+"Two\n"
+"message types in particular, DCC and CTCP, can't be sufficiently "
+"anonymized\n"
+"without changes to the protocols or to IRC client/server code, so they "
+"are\n"
+"completely blocked, except for CTCP ACTION (the message emitted by the\n"
+"<code>/me</code> command) which isn't inherently dangerous."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:504
+msgid ""
+"I2P's IRC filtering may not cover every possible leak — users should also"
+"\n"
+"check if their client is sending their real name or local username. "
+"Packet\n"
+"sniffers such as <a href=\"http://www.wireshark.org/\">Wireshark</a> are\n"
+"useful here. Eliminating remaining leaks may be as simple as changing the"
+"\n"
+"client's default configuration. If that doesn't help, inform the I2P\n"
+"developers; they may be able to solve it via additional filtering."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:516
+#, python-format
+msgid ""
+"Small Java-based IRC client. Plugin available <a href=\n"
+"\"http://%(stats)s/i2p/plugins/\">here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:525
+msgid "Cross-platform graphical IRC client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:531
+msgid "Unixy terminal-based IRC client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:537
+msgid "Another Unixy terminal-based IRC client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:547
+msgid "IRC server developed from scratch."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:553
+msgid "Most popular IRC server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:565
+msgid ""
+"Any website hosted anonymously on I2P, reachable through the I2P router's"
+" HTTP proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:573
+msgid ""
+"Distributed anonymous websites hosted\n"
+"using Tahoe-LAFS-I2P, currently only reachable with Tahoe-LAFS-I2P\n"
+"clients or through the Tahoe-LAFS-I2P HTTP proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:583
+#, python-format
+msgid ""
+"Website for <a href=\"http://%(sponge)s/\">sponge's</a> jump service.\n"
+"Source code available."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:592
+msgid "Another jump service."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:598
+msgid "Dynamically updated eepsite index."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:604
+#, python-format
+msgid "Website for <a href=\"http://%(zzz)s/\">zzz's</a> jump service."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:614
+msgid "SOCKS-enabled caching web proxy with basic filtering capabilities."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:620
+msgid ""
+"Privacy-focused non-caching web proxy with advanced filtering\n"
+"capabilities. Excels at removing ads and other junk."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:629
+msgid "Venerable caching web proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:636
+msgid "Gateways allowing users on the public Internet to access eepsites."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:643
+#, python-format
+msgid "<a href=\"http://%(tino)s/\">tino's</a> inproxy on the public Internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:651
+#: i2p2www/pages/site/docs/applications/supported.html:660
+#: i2p2www/pages/site/docs/applications/supported.html:667
+msgid "Another inproxy on the public Internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:676
+msgid ""
+"Gateways allowing I2P users to access content hosted on the public "
+"Internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:683
+msgid "Publicly advertised outproxy running Squid, located in Europe."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:693
+msgid ""
+"Lightweight web server and Java servlet container. I2P is tightly\n"
+"integrated with a bundled copy of Jetty which by default is configured to"
+"\n"
+"host the <a href=\"http://127.0.0.1:7658/\">user's eepsite</a>. The "
+"bundled\n"
+"Jetty also serves the I2P router console and web applications bundled "
+"with\n"
+"I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:705
+msgid ""
+"In addition to Jetty, any web server should function over I2P without\n"
+"modification so long as it's HTTP-compliant. Some web servers known to\n"
+"currently serve content on the I2P network are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:714
+msgid "Most popular web server on the public WWW."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:720
+msgid "Web server and Java servlet container. More features than Jetty."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:726
+msgid "Fast lightweight web server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/applications/supported.html:732
+msgid "High-performance lightweight web server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:2
+msgid "Naming discussion"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:4
+#, python-format
+msgid ""
+"NOTE: The following is a discussion of the reasons behind the I2P naming "
+"system,\n"
+"common arguments and possible alternatives.\n"
+"See <a href=\"%(naming)s\">the naming page</a> for current documentation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:10
+msgid "Discarded alternatives"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:12
+msgid ""
+"Naming within I2P has been an oft-debated topic since the very beginning "
+"with\n"
+"advocates across the spectrum of possibilities.  However, given I2P's "
+"inherent\n"
+"demand for secure communication and decentralized operation, the "
+"traditional\n"
+"DNS-style naming system is clearly out, as are \"majority rules\" voting "
+"systems."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:19
+msgid ""
+"I2P does not promote the use of DNS-like services though, as the damage "
+"done\n"
+"by hijacking a site can be tremendous - and insecure destinations have no"
+"\n"
+"value.  DNSsec itself still falls back on registrars and certificate "
+"authorities,\n"
+"while with I2P, requests sent to a destination cannot be intercepted or "
+"the reply\n"
+"spoofed, as they are encrypted to the destination's public keys, and a "
+"destination\n"
+"itself is just a pair of public keys and a certificate.  DNS-style "
+"systems on the\n"
+"other hand allow any of the name servers on the lookup path to mount "
+"simple denial\n"
+"of service and spoofing attacks.  Adding on a certificate authenticating "
+"the\n"
+"responses as signed by some centralized certificate authority would "
+"address many of\n"
+"the hostile nameserver issues but would leave open replay attacks as well"
+" as \n"
+"hostile certificate authority attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:33
+msgid ""
+"Voting style naming is dangerous as well, especially given the "
+"effectiveness of\n"
+"Sybil attacks in anonymous systems - the attacker can simply create an "
+"arbitrarily\n"
+"high number of peers and \"vote\" with each to take over a given name.  "
+"Proof-of-work\n"
+"methods can be used to make identity non-free, but as the network grows "
+"the load\n"
+"required to contact everyone to conduct online voting is implausible, or "
+"if the\n"
+"full network is not queried, different sets of answers may be reachable."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:42
+msgid ""
+"As with the Internet however, I2P is keeping the design and operation of "
+"a \n"
+"naming system out of the (IP-like) communication layer.  The bundled "
+"naming library\n"
+"includes a simple service provider interface which <a "
+"href=\"#alternatives\">alternate naming systems</a> can\n"
+"plug into, allowing end users to drive what sort of naming tradeoffs they"
+" prefer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:50
+msgid ""
+"See also <a href=\"https://zooko.com/distnames.html\">Names: "
+"Decentralized, Secure, Human-Meaningful: Choose Two</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:55
+msgid "(adapted from a post in the old Syndie, November 26, 2005)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:58
+msgid ""
+"Q:\n"
+"What to do if some hosts \n"
+"do not agree on one address and if some addresses are working, others are"
+" not? \n"
+"Who is the right source of a name?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:64
+msgid ""
+"A:\n"
+"You don't. This is actually a critical difference between names on I2P "
+"and how \n"
+"DNS works - names in I2P are human readable, secure, but <b>not globally"
+" \n"
+"unique</b>.  This is by design, and an inherent part of our need for "
+"security."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:70
+msgid ""
+"If I could somehow convince you to change the destination associated with"
+" some \n"
+"name, I'd successfully \"take over\" the site, and under no circumstances"
+" is that \n"
+"acceptable.  Instead, what we do is make names <b>locally unique</b>: "
+"they are \n"
+"what <i>you</i> use to call a site, just as how you can call things "
+"whatever \n"
+"you want when you add them to your browser's bookmarks, or your IM "
+"client's \n"
+"buddy list.  Who you call \"Boss\" may be who someone else calls "
+"\"Sally\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:78
+msgid "Names will not, ever, be securely human readable and globally unique."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:83
+msgid ""
+"The following from zzz is a review of several common\n"
+"complaints about I2P's naming system."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:89
+msgid ""
+"<b>Inefficiency:</b>\n"
+"The whole hosts.txt is downloaded (if it has changed, since eepget uses "
+"the etag and last-modified headers).\n"
+"It's about 400K right now for almost 800 hosts."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:94
+msgid ""
+"True, but this isn't a lot of traffic in the context of i2p, which is "
+"itself wildly inefficient\n"
+"(floodfill databases, huge encryption overhead and padding, garlic "
+"routing, etc.).\n"
+"If you downloaded a hosts.txt file from someone every 12 hours it "
+"averages out to about 10 bytes/sec."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:99
+msgid ""
+"As is usually the case in i2p, there is a fundamental tradeoff here "
+"between anonymity and efficiency.\n"
+"Some would say that using the etag and last-modified headers is hazardous"
+" because it exposes when you\n"
+"last requested the data.\n"
+"Others have suggested asking for specific keys only (similar to what jump"
+" services do, but\n"
+"in a more automated fashion), possibly at a further cost in anonymity."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:106
+#, python-format
+msgid ""
+"Possible improvements would be a replacement or supplement to addressbook"
+" (see <a href=\"http://%(i2host)s/\">%(i2host)sp</a>),\n"
+"or something simple like subscribing to http://example.i2p/cgi-"
+"bin/recenthosts.cgi rather than http://example.i2p/hosts.txt.\n"
+"If a hypothetical recenthosts.cgi distributed all hosts from the last 24 "
+"hours, for example,\n"
+"that could be both more efficient and more anonymous than the current "
+"hosts.txt with last-modified and etag."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:112
+#, python-format
+msgid ""
+"A sample implementation is on stats.i2p at\n"
+"<a href=\"%(url)s\">%(url)s</a>.\n"
+"This script returns an Etag with a timestamp.\n"
+"When a request comes in with the If-None-Match etag,\n"
+"the script ONLY returns new hosts since that timestamp, or 304 Not "
+"Modified if there are none.\n"
+"In this way, the script efficiently returns only the hosts the subscriber"
+"\n"
+"does not know about, in an addressbook-compatible manner."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:121
+msgid ""
+"So the inefficiency is not a big issue and there are several ways to "
+"improve things without\n"
+"radical change."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:127
+msgid ""
+"<b>Not Scalable:</b>\n"
+"The 400K hosts.txt (with linear search) isn't that big at the moment and\n"
+"we can probably grow by 10x or 100x before it's a problem."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:132
+msgid ""
+"As far as network traffic see above.\n"
+"But unless you're going to do a slow real-time query over the network for"
+"\n"
+"a key, you need to have the whole set of keys stored locally, at a cost "
+"of about 500 bytes per key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:139
+msgid ""
+"<b>Requires configuration and \"trust\":</b>\n"
+"Out-of-the-box addressbook is only subscribed to "
+"http://www.i2p2.i2p/hosts.txt, which is rarely updated,\n"
+"leading to poor new-user experience."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:144
+msgid ""
+"This is very much intentional. jrandom wants a user to \"trust\" a "
+"hosts.txt\n"
+"provider, and as he likes to say, \"trust is not a boolean\".\n"
+"The configuration step attempts to force users to think about issues of "
+"trust in an anonymous network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:149
+msgid ""
+"As another example, the \"Eepsite Unknown\" error page in the HTTP Proxy\n"
+"lists some jump services, but doesn't \"recommend\" any one in "
+"particular,\n"
+"and it's up to the user to pick one (or not).\n"
+"jrandom would say we trust the listed providers enough to list them but "
+"not enough to\n"
+"automatically go fetch the key from them."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:156
+msgid ""
+"How successful this is, I'm not sure.\n"
+"But there must be some sort of hierarchy of trust for the naming system.\n"
+"To treat everyone equally may increase the risk of hijacking."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:163
+msgid "<b>It isn't DNS</b>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:166
+msgid ""
+"Unfortunately real-time lookups over i2p would significantly slow down "
+"web browsing."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:169
+msgid ""
+"Also, DNS is based on lookups with limited caching and time-to-live, "
+"while i2p\n"
+"keys are permanent."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:173
+msgid "Sure, we could make it work, but why? It's a bad fit."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:178
+msgid ""
+"<b>Not reliable:</b>\n"
+"It depends on specific servers for addressbook subscriptions."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:182
+msgid ""
+"Yes it depends on a few servers that you have configured.\n"
+"Within i2p, servers and services come and go.\n"
+"Any other centralized system (for example DNS root servers) would\n"
+"have the same problem. A completely decentralized system (everybody is "
+"authoritative)\n"
+"is possible by implementing an \"everybody is a root DNS server\" "
+"solution, or by\n"
+"something even simpler, like a script that adds everybody in your "
+"hosts.txt to your addressbook."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:190
+msgid ""
+"People advocating all-authoritative solutions generally haven't thought "
+"through\n"
+"the issues of conflicts and hijacking, however."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:196
+msgid ""
+"<b>Awkward, not real-time:</b>\n"
+"It's a patchwork of hosts.txt providers, key-add web form providers, jump"
+" service providers,\n"
+"eepsite status reporters.\n"
+"Jump servers and subscriptions are a pain, it should just work like DNS."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:202
+msgid "See the reliability and trust sections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:207
+msgid ""
+"So, in summary, the current system is not horribly broken, inefficient, "
+"or un-scalable,\n"
+"and proposals to \"just use DNS\" aren't well thought-through."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:212
+msgid "Alternatives"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:213
+msgid ""
+"The I2P source contains several pluggable naming systems and supports "
+"configuration options\n"
+"to enable experimentation with naming systems."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:218
+msgid ""
+"<b>Meta</b> - calls two or more other naming systems in order.\n"
+"By default, calls PetName then HostsTxt."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:222
+msgid ""
+"<b>PetName</b> - Looks up in a petnames.txt file.\n"
+"The format for this file is NOT the same as hosts.txt."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:226
+msgid "<b>HostsTxt</b> - Looks up in the following files, in order:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:234
+msgid ""
+"<b>AddressDB</b> - Each host is listed in a separate file in a addressDb/"
+" directory."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:237
+msgid ""
+"<b>Eepget</b> - does an HTTP lookup request from an external\n"
+"server - must be stacked after the HostsTxt lookup with Meta.\n"
+"This could augment or replace the jump system.\n"
+"Includes in-memory caching."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:243
+msgid ""
+"<b>Exec</b> - calls an external program for lookup, allows\n"
+"additional experimentation in lookup schemes, independent of java.\n"
+"Can be used after HostsTxt or as the sole naming system.\n"
+"Includes in-memory caching."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:249
+msgid "<b>Dummy</b> - used as a fallback for Base64 names, otherwise fails."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:253
+msgid ""
+"The current naming system can be changed with the advanced config option "
+"'i2p.naming.impl'\n"
+"(restart required).\n"
+"See core/java/src/net/i2p/client/naming for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:258
+msgid ""
+"Any new system should be stacked with HostsTxt, or should\n"
+"implement local storage and/or the addressbook subscription functions, "
+"since addressbook\n"
+"only knows about the hosts.txt files and format."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:264
+msgid "Certificates"
+msgstr "Certificados"
+
+#: i2p2www/pages/site/docs/discussions/naming.html:265
+msgid ""
+"I2P destinations contain a certificate, however at the moment that "
+"certificate\n"
+"is always null.\n"
+"With a null certificate, base64 destinations are always 516 bytes ending "
+"in \"AAAA\",\n"
+"and this is checked in the addressbook merge mechanism, and possibly "
+"other places.\n"
+"Also, there is no method available to generate a certificate or add it to"
+" a\n"
+"destination. So these will have to be updated to implement certificates."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:273
+#, python-format
+msgid ""
+"One possible use of certificates is for <a "
+"href=\"%(todo)s#hashcash\">proof of work</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:276
+msgid ""
+"Another is for \"subdomains\" (in quotes because there is really no such "
+"thing,\n"
+"i2p uses a flat naming system) to be signed by the 2nd level domain's "
+"keys."
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:280
+msgid ""
+"With any certificate implementation must come the method for verifying "
+"the\n"
+"certificates.\n"
+"Presumably this would happen in the addressbook merge code.\n"
+"Is there a method for multiple types of certificates, or multiple "
+"certificates?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/discussions/naming.html:286
+msgid ""
+"Adding on a certificate authenticating the\n"
+"responses as signed by some centralized certificate authority would "
+"address many of\n"
+"the hostile nameserver issues but would leave open replay attacks as well"
+" as \n"
+"hostile certificate authority attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:2
+msgid "ElGamal/AES + SessionTag Encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:7
+msgid "ElGamal/AES+SessionTags is used for end-to-end encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:11
+msgid ""
+"As an unreliable, unordered, message based system, I2P uses a simple "
+"combination \n"
+"of asymmetric and symmetric encryption algorithms to provide data "
+"confidentiality \n"
+"and integrity to garlic messages. As a whole, the combination is referred"
+" \n"
+"to as ElGamal/AES+SessionTags, but that is an excessively verbose way to "
+"describe \n"
+"the use of 2048bit ElGamal, AES256, SHA256, and 32 byte nonces."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:19
+#: i2p2www/pages/site/docs/how/tech-intro.html:508
+msgid ""
+"The first time a router wants to encrypt a garlic message to another "
+"router, \n"
+"they encrypt the keying material for an AES256 session key with ElGamal "
+"and \n"
+"append the AES256/CBC encrypted payload after that encrypted ElGamal "
+"block. \n"
+"In addition to the encrypted payload, the AES encrypted section contains "
+"the \n"
+"payload length, the SHA256 hash of the unencrypted payload, as well as a "
+"number \n"
+"of \"session tags\" - random 32 byte nonces. The next time the sender "
+"wants \n"
+"to encrypt a garlic message to another router, rather than ElGamal "
+"encrypt \n"
+"a new session key they simply pick one of the previously delivered "
+"session \n"
+"tags and AES encrypt the payload like before, using the session key used "
+"with \n"
+"that session tag, prepended with the session tag itself. When a router "
+"receives \n"
+"a garlic encrypted message, they check the first 32 bytes to see if it "
+"matches \n"
+"an available session tag - if it does, they simply AES decrypt the "
+"message, \n"
+"but if it does not, they ElGamal decrypt the first block."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:35
+#: i2p2www/pages/site/docs/how/tech-intro.html:524
+msgid ""
+"Each session tag can be used only once so as to prevent internal "
+"adversaries \n"
+"from unnecessarily correlating different messages as being between the "
+"same \n"
+"routers. The sender of an ElGamal/AES+SessionTag encrypted message "
+"chooses \n"
+"when and how many tags to deliver, prestocking the recipient with enough "
+"tags \n"
+"to cover a volley of messages. Garlic messages may detect the successful "
+"tag \n"
+"delivery by bundling a small additional message as a clove (a \"delivery "
+"status \n"
+"message\") - when the garlic message arrives at the intended recipient "
+"and \n"
+"is decrypted successfully, this small delivery status message is one of "
+"the \n"
+"cloves exposed and has instructions for the recipient to send the clove "
+"back \n"
+"to the original sender (through an inbound tunnel, of course). When the "
+"original \n"
+"sender receives this delivery status message, they know that the session "
+"tags \n"
+"bundled in the garlic message were successfully delivered."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:50
+msgid ""
+"Session tags themselves have a short lifetime, after which they are \n"
+"discarded if not used. In addition, the quantity stored for each key is "
+"limited, \n"
+"as are the number of keys themselves - if too many arrive, either new or "
+"old \n"
+"messages may be dropped. The sender keeps track whether messages using "
+"session \n"
+"tags are getting through, and if there isn't sufficient communication it "
+"may \n"
+"drop the ones previously assumed to be properly delivered, reverting back"
+" \n"
+"to the full expensive ElGamal encryption.\n"
+"A session will continue to exist until all its tags are exhausted or "
+"expire."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:61
+msgid ""
+"Sessions are unidirectional. Tags are delivered from Alice to Bob,\n"
+"and Alice then uses the tags, one by one, in subsequent messages to Bob."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:66
+msgid ""
+"Sessions may be established between Destinations, between Routers, or\n"
+"between a Router and a Destination.\n"
+"Each Router and Destination maintains its own Session Key Manager to\n"
+"keep track of Session Keys and Session Tags.\n"
+"Separate Session Key Managers prevents correlation of multiple "
+"Destinations\n"
+"to each other or a Router by adversaries."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:77
+msgid "Message Reception"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:78
+msgid ""
+"Each message received has one of two\n"
+"the two possible conditions:</p>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:84
+msgid ""
+"It is part of an existing session and contains a Session Tag and an AES "
+"encrypted block"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:85
+msgid "It is for a new session and contains both ElGamal and AES encrypted blocks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:88
+msgid ""
+"When a router receives a message, it will first assume it is from\n"
+"an existing session and attempt to look up the Session Tag and decrypt "
+"the following data using AES.\n"
+"If that fails, it will assume it is for a new session and attempt to\n"
+"decrypt it using ElGamal."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:97
+msgid "New Session Message Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:98
+msgid ""
+"A New Session ElGamal Message contains two parts, an encrypted ElGamal "
+"block\n"
+"and an encrypted AES block."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:103
+msgid "The encrypted message contains:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:127
+msgid "ElGamal Block"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:128
+msgid "The encrypted ElGamal Block is always 514 bytes long."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:132
+msgid "The unencrypted ElGamal data is 222 bytes long, containing:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:164
+#, python-format
+msgid ""
+"The 32-byte\n"
+"<a href=\"%(commonstructures)s#type_SessionKey\">Session Key</a>\n"
+"is the identifier for the session.\n"
+"The 32-byte Pre-IV will be used to generate the IV for the AES block that"
+" follows;\n"
+"the IV is the first 16 bytes of the SHA-256 Hash of the Pre-IV."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:172
+#, python-format
+msgid ""
+"The 222 byte payload is encrypted\n"
+"<a href=\"%(cryptography)s#elgamal\">using ElGamal</a>\n"
+"and the encrypted block is 514 bytes long.\n"
+"</p>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:179
+msgid "AES Block"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:180
+msgid "The unencrypted data in the AES block contains the following:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:254
+msgid "Minimum length: 48 bytes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:257
+#, python-format
+msgid ""
+"The data is then <a href=\"%(cryptography)s\">AES Encrypted</a>,\n"
+"using the session key and IV (calculated from the pre-IV) from the "
+"ElGamal section.\n"
+"The encrypted AES Block length is variable but is always a multiple of 16"
+" bytes.\n"
+"</p>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:266
+#, python-format
+msgid ""
+"Actual max payload length, and max block length, is less than 64 KB; see "
+"the <a href=\"%(i2np)s\">I2NP Overview</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:269
+msgid "New Session Key is currently unused and is never present."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:274
+msgid "Existing Session Message Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:275
+msgid ""
+"The session tags delivered successfully are remembered for a \n"
+"brief period (15 minutes currently) until they are used or discarded.\n"
+"A tag is used by packaging one in an Existing Session Message that\n"
+"contains only an AES encrypted block, and is not preceded by an\n"
+"ElGamal block."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:283
+msgid ""
+"The existing session message is\n"
+"as follows:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:318
+msgid ""
+"The session tag also serves as\n"
+"the pre-IV. The IV is the first 16 bytes of the SHA-256 Hash of the "
+"sessionTag."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:323
+msgid ""
+"To decode a message from an existing session, a router looks up the "
+"Session Tag to find an\n"
+"associated Session Key. If the Session Tag is found, the AES block is "
+"decrypted using the associated Session Key.\n"
+"If the tag is not found, the message is assumed to be a <a "
+"href=\"#new\">New Session Message</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:331
+msgid "Session Tag Configuration Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:332
+#, python-format
+msgid ""
+"As of release 0.9.2, the client may configure the default number of "
+"Session Tags to send\n"
+"and the low tag threshold for the current session.\n"
+"For brief streaming connections or datagrams, these options may be used "
+"to significantly reduce bandwidth.\n"
+"See the <a href=\"%(i2cp)s#options\">I2CP options specification</a> for "
+"details.\n"
+"The session settings may also be overridden on a per-message basis.\n"
+"See the <a href=\"%(i2cpspec)s#msg_SendMessageExpires\">I2CP Send Message"
+" Expires specification</a> for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:345
+msgid ""
+"There are many possible areas to tune the Session Key Manager's "
+"algorithms;\n"
+"some may interact with the streaming library behavior, or have "
+"significant\n"
+"impact on overall performance."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:352
+msgid ""
+"The number of tags delivered could depend on message size, keeping in "
+"mind\n"
+"the eventual padding to 1KB at the tunnel message layer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:357
+msgid ""
+"Clients could send an estimate of session lifetime to the router, as an "
+"advisory\n"
+"on the number of tags required."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:362
+msgid ""
+"Delivery of too few tags causes the router to fall back to an expensive "
+"ElGamal encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:366
+msgid ""
+"The router may assume delivery of Session Tags, or await acknowledgement "
+"before using them;\n"
+"there are tradeoffs for each strategy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:371
+msgid ""
+"For very brief messages, almost the full 222 bytes of the pre-IV and "
+"padding fields in the ElGamal block\n"
+"could be used for the entire message, instead of establishing a session."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:376
+msgid ""
+"Evaluate padding strategy; currently we pad to a minimum of 128 bytes.\n"
+"Would be better to add a few tags to small messages than pad."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:381
+msgid ""
+"Perhaps things could be more efficient if the Session Tag system was "
+"bidirectional,\n"
+"so tags delivered in the 'forward' path could be used in the 'reverse' "
+"path,\n"
+"thus avoiding ElGamal in the initial response.\n"
+"The router currently plays some tricks like this when sending\n"
+"tunnel test messages to itself."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:389
+#, python-format
+msgid ""
+"Change from Session Tags to\n"
+"<a href=\"%(futureperf)s#prng\">a synchronized PRNG</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/elgamal-aes.html:394
+#, python-format
+msgid ""
+"Several of these ideas may require a new I2NP message type, or\n"
+"set a flag in the\n"
+"<a "
+"href=\"%(tunnelmessage)s#struct_TunnelMessageDeliveryInstructions\">Delivery"
+" Instructions</a>,\n"
+"or set a magic number in the first few bytes of the Session Key field\n"
+"and accept a small risk of the random Session Key matching the magic "
+"number."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:2
+msgid "Garlic Routing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:3
+msgid "March 2014"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:6
+msgid "Garlic Routing and \"Garlic\" Terminology"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:7
+msgid ""
+"The terms \"garlic routing\" and \"garlic encryption\" are often used "
+"rather loosely when referring to I2P's technology.\n"
+"Here, we explain the history of the terms, the various meanings, and\n"
+"the usage of \"garlic\" methods in I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:13
+msgid ""
+"\"Garlic routing\" was first coined by\n"
+"<a href=\"http://www.cs.princeton.edu/~mfreed/\">Michael J. Freedman</a>\n"
+"in Roger Dingledine's Free Haven \n"
+"<a href=\"http://www.freehaven.net/papers.html\">Master's thesis</a> "
+"Section 8.1.1 (June 2000), as derived from \n"
+"<a href=\"http://www.onion-router.net/\">Onion Routing</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:21
+msgid ""
+"\"Garlic\" may have been used originally by I2P developers because I2P "
+"implements a form of\n"
+"bundling as Freedman describes, or simply to emphasize general "
+"differences from Tor.\n"
+"The specific reasoning may be lost to history.\n"
+"Generally, when referring to I2P, the term \"garlic\" may mean one of "
+"three things:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:28
+#: i2p2www/pages/site/docs/how/garlic-routing.html:39
+msgid "Layered Encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:29
+msgid "Bundling multiple messages together"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:30
+#: i2p2www/pages/site/docs/how/garlic-routing.html:96
+msgid "ElGamal/AES Encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:33
+msgid ""
+"Unfortunately, I2P's usage of \"garlic\" terminology over the past seven "
+"years has not always been precise; therefore the reader is\n"
+"cautioned when encountering the term.\n"
+"Hopefully, the explanation below will make things clear."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:40
+msgid ""
+"Onion routing is a technique for building paths, or tunnels, through a "
+"series of peers,\n"
+"and then using that tunnel.\n"
+"Messages are repeatedly encrypted by the originator, and then decrypted "
+"by each hop.\n"
+"During the building phase, only the routing instructions for the next hop"
+" are exposed to each peer.\n"
+"During the operating phase, messages are passed through the tunnel, and "
+"the\n"
+"message and its routing instructions are only exposed to the endpoint of "
+"the tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:49
+#, python-format
+msgid ""
+"This is similar to the way Mixmaster\n"
+"(see <a href=\"%(comparisons)s\">network comparisons</a>) sends messages "
+"- taking a message, encrypting it\n"
+"to the recipient's public key, taking that encrypted message and "
+"encrypting\n"
+"it (along with instructions specifying the next hop), and then taking "
+"that\n"
+"resulting encrypted message and so on, until it has one layer of "
+"encryption\n"
+"per hop along the path."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:58
+msgid ""
+"In this sense, \"garlic routing\" as a general concept is identical to "
+"\"onion routing\".\n"
+"As implemented in I2P, of course, there are several differences from the "
+"implementation in Tor; see below.\n"
+"Even so, there are substantial similarities such that I2P benefits from a"
+"\n"
+"<a href=\"http://www.onion-router.net/Publications.html\">large amount of"
+" academic research on onion routing</a>,\n"
+"<a href=\"http://freehaven.net/anonbib/topic.html\">Tor, and similar "
+"mixnets</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:67
+msgid "Bundling Multiple Messages"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:68
+msgid ""
+"Michael Freedman defined \"garlic routing\" as an extension to onion "
+"routing,\n"
+"in which multiple messages are bundled together.\n"
+"He called each message a \"bulb\".\n"
+"All the messages, each with its own delivery instructions, are exposed at"
+" the\n"
+"endpoint.\n"
+"This allows the efficient bundling of an onion routing \"reply block\" "
+"with the original message."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:77
+msgid ""
+"This concept is implemented in I2P, as described below.\n"
+"Our term for garlic \"bulbs\" is \"cloves\".\n"
+"Any number of messages can be\n"
+"contained, instead of just a single message.\n"
+"This is a significant distinction from the onion routing implemented in "
+"Tor.\n"
+"However, it is only one of many major architectural differences between "
+"I2P and Tor;\n"
+"perhaps it is not, by itself, enough to justify a change in terminology."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:87
+msgid ""
+"Another difference\n"
+"from the method described by Freedman\n"
+"is that the path is unidirectional - there is no \"turning point\" as "
+"seen in onion routing\n"
+"or mixmaster reply blocks, which greatly simplifies the algorithm and "
+"allows for more flexible\n"
+"and reliable delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:97
+#, python-format
+msgid ""
+"In some cases, \"garlic encryption\" may simply mean\n"
+"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> encryption\n"
+"(without multiple layers)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:105
+msgid "\"Garlic\" Methods in I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:106
+msgid ""
+"Now that we've defined various \"garlic\" terms, we can say that\n"
+"I2P uses garlic routing, bundling and encryption in three places:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:111
+msgid "For building and routing through tunnels (layered encryption)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:112
+msgid ""
+"For determining the success or failure of end to end message delivery "
+"(bundling)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:113
+msgid ""
+"For publishing some network database entries (dampening the probability "
+"of a successful traffic analysis attack) (ElGamal/AES)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:116
+msgid ""
+"There are also significant ways that this technique can be used to "
+"improve the performance of the network, \n"
+"exploiting transport latency/throughput tradeoffs, and branching data "
+"through redundant paths to increase reliability."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:122
+msgid "Tunnel Building and Routing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:123
+msgid ""
+"In I2P, tunnels are unidirectional. Each party builds two tunnels,\n"
+"one for outbound and one for inbound traffic.\n"
+"Therefore, four tunnels are required for a single round-trip message and "
+"reply."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:129
+#, python-format
+msgid ""
+"Tunnels are built, and then used, with layered encryption.\n"
+"This is described on the\n"
+"<a href=\"%(tunnelimpl)s\">tunnel implementation page</a>.\n"
+"Tunnel building details are defined on\n"
+"<a href=\"%(tunnelcreation)s\">this page</a>.\n"
+"We use\n"
+"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> for the encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:141
+#, python-format
+msgid ""
+"Tunnels are a general-purpose mechanism to transport all\n"
+"<a href=\"%(i2np)s\">I2NP messages</a>, and\n"
+"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Messages</a> are not used to "
+"build tunnels.\n"
+"We do not bundle multiple\n"
+"<a href=\"%(i2np)s\">I2NP messages</a> into a single\n"
+"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a> for unwrapping at "
+"the outbound tunnel endpoint;\n"
+"the tunnel encryption is sufficient."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:152
+msgid "End-to-End Message Bundling"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:153
+#, python-format
+msgid ""
+"At the layer above tunnels, I2P delivers end-to-end messages between\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destinations</a>.\n"
+"Just as within a single tunnel, we use\n"
+"<a href=\"%(elgamalaes)s\">ElGamal/AES+SessionTag</a> for the encryption."
+"\n"
+"Each client message as delivered to the router through the\n"
+"<a href=\"%(i2cp)s\">I2CP interface</a> becomes a single\n"
+"<a href=\"%(i2npspec)s#struct_GarlicClove\">Garlic Clove</a>\n"
+"with its own\n"
+"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
+"Instructions</a>,\n"
+"inside a\n"
+"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a>.\n"
+"Delivery Instructions may specify a Destination, Router, or Tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:171
+msgid ""
+"Generally, a Garlic Message will contain only one clove.\n"
+"However, the router will periodically bundle two additional\n"
+"cloves in the Garlic Message:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:176
+msgid "Garlic Message Cloves"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:179
+#, python-format
+msgid ""
+"A\n"
+"<a href=\"%(i2npspec)s#msg_DeliveryStatus\">Delivery Status Message</a>,\n"
+"with\n"
+"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
+"Instructions</a>\n"
+"specifying that it be sent back to the originating router as an "
+"acknowledgment.\n"
+"This is similar to the \"reply block\" or \"reply onion\"\n"
+"described in the references.\n"
+"It is used for determining the success or failure of end to end message "
+"delivery.\n"
+"The originating router may, upon failure to receive the Delivery Status "
+"Message\n"
+"within the expected time period, modify the routing to the far-end "
+"Destination,\n"
+"or take other actions."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:192
+#, python-format
+msgid ""
+"A\n"
+"<a href=\"%(i2npspec)s#msg_DatabaseStore\">Database Store Message</a>,\n"
+"containing a\n"
+"<a href=\"%(commonstructures)s#struct_LeaseSet\">LeaseSet</a>\n"
+"for the originating Destination, with\n"
+"<a href=\"%(i2npspec)s#struct_GarlicCloveDeliveryInstructions\">Delivery "
+"Instructions</a>\n"
+"specifying the far-end destination's router.\n"
+"By periodically bundling a LeaseSet, the router ensures that the far-end "
+"will be able\n"
+"to maintain communications.\n"
+"Otherwise the far-end would have to query a floodfill router for the "
+"network database entry,\n"
+"and all LeaseSets would have to be published to the network database, as "
+"explained on the\n"
+"<a href=\"%(netdb)s\">network database page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:210
+#, python-format
+msgid ""
+"By default, the Delivery Status and Database Store Messages\n"
+"are bundled when the local LeaseSet changes, when additional\n"
+"<a href=\"%(commonstructures)s#type_SessionTag\">Session Tags</a>\n"
+"are delivered, or if the messages have not been bundled in the previous "
+"minute.\n"
+"As of release 0.9.2, the client may configure the default number of "
+"Session Tags to send\n"
+"and the low tag threshold for the current session.\n"
+"See the <a href=\"%(i2cp)s#options\">I2CP options specification</a> for "
+"details.\n"
+"The session settings may also be overridden on a per-message basis.\n"
+"See the <a href=\"%(i2cpspec)s#msg_SendMessageExpires\">I2CP Send Message"
+" Expires specification</a> for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:224
+msgid ""
+"Obviously, the additional messages are currently bundled for specific "
+"purposes,\n"
+"and not part of a general-purpose routing scheme."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:229
+msgid ""
+"As of release 0.9.12, the Delivery Status Message is wrapped in another "
+"Garlic Message\n"
+"by the originator so that the contents are encrypted and not visible to "
+"routers on the return path."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:235
+msgid "Storage to the Floodfill Network Database"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:236
+#, python-format
+msgid ""
+"As explained on the\n"
+"<a href=\"%(netdb)s#delivery\">network database page</a>,\n"
+"local\n"
+"<a href=\"%(commonstructures)s#struct_LeaseSet\">LeaseSets</a>\n"
+"are sent to floodfill routers in a\n"
+"<a href=\"%(i2npspec)s#msg_DatabaseStore\">Database Store Message</a>\n"
+"wrapped in a\n"
+"<a href=\"%(i2npspec)s#msg_Garlic\">Garlic Message</a>\n"
+"so it is not visible to the tunnel's outbound gateway."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:252
+#, python-format
+msgid ""
+"The Garlic Message mechanism is very flexible and provides a structure "
+"for\n"
+"implementing many types of mixnet delivery methods.\n"
+"Together with the unused delay option in the\n"
+"<a "
+"href=\"%(tunnelmessage)s#struct_TunnelMessageDeliveryInstructions\">tunnel"
+" message Delivery Instructions</a>,\n"
+"a wide spectrum of batching, delay, mixing, and routing strategies are "
+"possible."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:260
+msgid ""
+"In particular, there is potential for much more flexibility at the "
+"outbound tunnel endpoint.\n"
+"Messages could possibly be routed from there to one of several tunnels\n"
+"(thus minimizing point-to-point connections), or multicast to several "
+"tunnels\n"
+"for redundancy, or streaming audio and video."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:267
+msgid ""
+"Such experiments may conflict with the need to ensure security and "
+"anonymity, such\n"
+"as limiting certain routing paths, restricting the types of I2NP messages"
+" that may\n"
+"be forwarded along various paths, and enforcing certain message "
+"expiration times."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:273
+#, python-format
+msgid ""
+"As a part of\n"
+"<a href=\"%(elgamalaes)s\">ElGamal/AES encryption</a>,\n"
+"a garlic message contains a sender\n"
+"specified amount of padding data, allowing the sender to take active "
+"countermeasures \n"
+"against traffic analysis.\n"
+"This is not currently used, beyond the requirement to pad to a multiple "
+"of 16 bytes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:282
+#, python-format
+msgid ""
+"Encryption of additional messages to and from the\n"
+"<a href=\"%(netdb)s#delivery\">floodfill routers</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:290
+#: i2p2www/pages/site/docs/how/peer-selection.html:296
+msgid "References"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:292
+msgid ""
+"The term garlic routing was first coined in Roger Dingledine's Free Haven"
+" \n"
+"<a href=\"http://www.freehaven.net/papers.html\">Master's thesis</a> "
+"(June 2000),\n"
+"see Section 8.1.1 authored by\n"
+"<a href=\"http://www.cs.princeton.edu/~mfreed/\">Michael J. Freedman</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:299
+msgid "Onion router publications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:301
+msgid "Onion Routing on Wikipedia"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:303
+msgid "Garlic Routing on Wikipedia"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:305
+#, python-format
+msgid ""
+"<a href=\"%(meeting58)s\">I2P Meeting 58</a> (2003) discussing the "
+"implementation of garlic routing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:311
+msgid "Free Haven publications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/garlic-routing.html:313
+msgid ""
+"Onion routing was first described in <a href=\"http://www.onion-"
+"router.net/Publications/IH-1996.pdf\">Hiding Routing Information</a>\n"
+"by David M. Goldschlag, Michael G. Reed, and Paul F. Syverson in 1996."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:2
+msgid "A Gentle Introduction to How I2P Works"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:4
+msgid ""
+"I2P is a project to build, deploy, and maintain a network supporting "
+"secure and anonymous\n"
+"communication. People using I2P are in control of the tradeoffs between "
+"anonymity, reliability,\n"
+"bandwidth usage, and latency. There is no central point in the network on"
+" which pressure can be\n"
+"exerted to compromise the integrity, security, or anonymity of the "
+"system. The network supports\n"
+"dynamic reconfiguration in response to various attacks, and has been "
+"designed to make use of\n"
+"additional resources as they become available. Of course, all aspects of "
+"the network are open and\n"
+"freely available."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:14
+msgid ""
+"Unlike many other anonymizing networks, I2P doesn't try to provide "
+"anonymity by hiding the\n"
+"originator of some communication and not the recipient, or the other way "
+"around. I2P is designed to\n"
+"allow peers using I2P to communicate with each other anonymously &mdash; "
+"both sender and recipient\n"
+"are unidentifiable to each other as well as to third parties. For "
+"example, today there are both\n"
+"in-I2P web sites (allowing anonymous publishing / hosting) as well as "
+"HTTP proxies to the normal web\n"
+"(allowing anonymous web browsing). Having the ability to run servers "
+"within I2P is essential, as it\n"
+"is quite likely that any outbound proxies to the normal Internet will be "
+"monitored, disabled, or\n"
+"even taken over to attempt more malicious attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:25
+#, python-format
+msgid ""
+"The network itself is message oriented - it is essentially a secure and "
+"anonymous IP layer, where\n"
+"messages are addressed to cryptographic keys (Destinations) and can be "
+"significantly larger than IP\n"
+"packets. Some example uses of the network include \"eepsites\" "
+"(webservers hosting normal web\n"
+"applications within I2P), a BitTorrent client (\"I2PSnark\"), or a "
+"distributed data store. With the\n"
+"help of the <a href=\"%(i2ptunnel)s\">I2PTunnel</a> application, we are "
+"able to stream traditional\n"
+"TCP/IP applications over I2P, such as SSH, IRC, a squid proxy, and even "
+"streaming audio. Most people\n"
+"will not use I2P directly, or even need to know they're using it. Instead"
+" their view will be of one\n"
+"of the I2P enabled applications, or perhaps as a little controller app to"
+" turn on and off various\n"
+"proxies to enable the anonymizing functionality."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:37
+#, python-format
+msgid ""
+"An essential part of designing, developing, and testing an anonymizing "
+"network is to define the <a\n"
+"href=\"%(threatmodel)s\">threat model</a>, since there is no such thing "
+"as \"true\" anonymity, just\n"
+"increasingly expensive costs to identify someone. Briefly, I2P's intent "
+"is to allow people to\n"
+"communicate in arbitrarily hostile environments by providing good "
+"anonymity, mixed in with\n"
+"sufficient cover traffic provided by the activity of people who require "
+"less anonymity. This way,\n"
+"some users can avoid detection by a very powerful adversary, while others"
+" will try to evade a weaker\n"
+"entity, <i>all on the same network</i>, where each one's messages are "
+"essentially indistinguishable\n"
+"from the others."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:48
+msgid "Why?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:49
+#, python-format
+msgid ""
+"There are a multitude of reasons why we need a system to support "
+"anonymous communication, and\n"
+"everyone has their own personal rationale. There are many <a "
+"href=\"%(comparisons)s\">other\n"
+"efforts</a> working on finding ways to provide varying degrees of "
+"anonymity to people through the\n"
+"Internet, but we could not find any that met our needs or threat model."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:56
+msgid "How?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:58
+#, python-format
+msgid ""
+"The network at a glance is made up of a set of nodes (\"routers\") with a"
+" number of unidirectional\n"
+"inbound and outbound virtual paths (\"tunnels\", as outlined on the <a "
+"href=\"%(tunnelrouting)s\">tunnel routing</a> page). Each router is "
+"identified by a cryptographic RouterIdentity which is\n"
+"typically long lived. These routers communicate with each other through "
+"existing transport\n"
+"mechanisms (TCP, UDP, etc), passing various messages. Client applications"
+" have their own\n"
+"cryptographic identifier (\"Destination\") which enables it to send and "
+"receive messages. These\n"
+"clients can connect to any router and authorize the temporary allocation "
+"(\"lease\") of some tunnels\n"
+"that will be used for sending and receiving messages through the network."
+" I2P has its own internal\n"
+"<a href=\"%(netdb)s\">network database</a> (using a modification of the "
+"Kademlia algorithm) for\n"
+"distributing routing and contact information securely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:71
+msgid "Network topology example"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:73
+msgid ""
+"In the above, Alice, Bob, Charlie, and Dave are all running routers with "
+"a single Destination on\n"
+"their local router. They each have a pair of 2-hop inbound tunnels per "
+"destination (labeled 1, 2, 3,\n"
+"4, 5 and 6), and a small subset of each of those router's outbound tunnel"
+" pool is shown with 2-hop\n"
+"outbound tunnels. For simplicity, Charlie's inbound tunnels and Dave's "
+"outbound tunnels are not\n"
+"shown, nor are the rest of each router's outbound tunnel pool (typically "
+"stocked with a few tunnels\n"
+"at a time). When Alice and Bob talk to each other, Alice sends a message "
+"out one of her (pink)\n"
+"outbound tunnels targeting one of Bob's (green) inbound tunnels (tunnel 3"
+" or 4). She knows to send\n"
+"to those tunnels on the correct router by querying the network database, "
+"which is constantly updated\n"
+"as new leases are authorized and old ones expire."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:85
+#, python-format
+msgid ""
+"If Bob wants to reply to Alice, he simply goes through the same process -"
+" send a message out one of\n"
+"his outbound tunnels targeting one of Alice's inbound tunnels (tunnel 1 "
+"or 2). To make things\n"
+"easier, most messages sent between Alice and Bob are <a "
+"href=\"%(garlicrouting)s\">garlic</a>\n"
+"wrapped, bundling the sender's own current lease information so that the "
+"recipient can reply\n"
+"immediately without having to look in the network database for the "
+"current data."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:93
+#, python-format
+msgid ""
+"To deal with a wide range of attacks, I2P is fully distributed with no "
+"centralized resources - and\n"
+"hence there are no directory servers keeping statistics regarding the "
+"performance and reliability of\n"
+"routers within the network. As such, each router must keep and maintain "
+"profiles of various routers\n"
+"and is responsible for selecting appropriate peers to meet the anonymity,"
+" performance, and\n"
+"reliability needs of the users, as described in the <a "
+"href=\"%(peerselection)s\">peer selection</a>\n"
+"page."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:102
+#, python-format
+msgid ""
+"The network itself makes use of a significant number of <a "
+"href=\"%(cryptography)s\">cryptographic\n"
+"techniques and algorithms</a> - a full laundry list includes 2048bit "
+"ElGamal encryption, 256bit AES\n"
+"in CBC mode with PKCS#5 padding, 1024bit DSA signatures, SHA256 hashes, "
+"2048bit Diffie-Hellman\n"
+"negotiated connections with station to station authentication, and <a "
+"href=\"%(elgamalaes)s\">ElGamal / AES+SessionTag</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:110
+msgid ""
+"Content sent over I2P is encrypted through three layers garlic encryption"
+" (used to verify the\n"
+"delivery of the message to the recipient), tunnel encryption (all "
+"messages passing through a tunnel\n"
+"is encrypted by the tunnel gateway to the tunnel endpoint), and inter "
+"router transport layer\n"
+"encryption (e.g. the TCP transport uses AES256 with ephemeral keys)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:117
+msgid ""
+"End-to-end (I2CP) encryption (client application to server application) "
+"was disabled in I2P release\n"
+"0.6; end-to-end (garlic) encryption (I2P client router to I2P server "
+"router) from Alice's router \"a\"\n"
+"to Bob's router \"h\" remains. Notice the different use of terms! All "
+"data from a to h is end-to-end\n"
+"encrypted, but the I2CP connection between the I2P router and the "
+"applications is not end-to-end\n"
+"encrypted! A and h are the routers of Alice and Bob, while Alice and Bob "
+"in following chart are the\n"
+"applications running atop of I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:126
+msgid "End to end layered encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:128
+#, python-format
+msgid ""
+"The specific use of these algorithms are outlined <a "
+"href=\"%(cryptography)s\">elsewhere</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:132
+msgid ""
+"The two main mechanisms for allowing people who need strong anonymity to "
+"use the network are\n"
+"explicitly delayed garlic routed messages and more comprehensive tunnels "
+"to include support for\n"
+"pooling and mixing messages. These are currently planned for release 3.0,"
+" but garlic routed messages\n"
+"with no delays and FIFO tunnels are currently in place. Additionally, the"
+" 2.0 release will allow\n"
+"people to set up and operate behind restricted routes (perhaps with "
+"trusted peers), as well as the\n"
+"deployment of more flexible and anonymous transports."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:141
+#, python-format
+msgid ""
+"Some questions have been raised with regards to the scalability of I2P, "
+"and reasonably so. There\n"
+"will certainly be more analysis over time, but peer lookup and "
+"integration should be bounded by\n"
+"<code>O(log(N))</code> due to the <a href=\"%(netdb)s\">network "
+"database</a>'s algorithm, while end\n"
+"to end messages should be <code>O(1)</code> (scale free), since messages "
+"go out K hops through the\n"
+"outbound tunnel and another K hops through the inbound tunnel, with K no "
+"longer than 3. The size of\n"
+"the network (N) bears no impact."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:150
+msgid "When?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:151
+#, python-format
+msgid ""
+"I2P initially began in Feb 2003 as a proposed modification to <a\n"
+"href=\"http://freenetproject.org\">Freenet</a> to allow it to use "
+"alternate transports, such as <a\n"
+"href=\"%(jms)s\">JMS</a>, then grew into its own as an\n"
+"'anonCommFramework' in April 2003, turning into I2P in July, with code "
+"being written in earnest\n"
+"starting in August '03. I2P is currently under development, following the"
+" <a href=\"%(roadmap)s\">roadmap</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:161
+msgid "Who?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:162
+#, python-format
+msgid ""
+"We have a small <a href=\"%(team)s\">team</a> spread around several "
+"continents, working to advance\n"
+"different aspects of the project. We are very open to other developers "
+"who want to get involved and\n"
+"anyone else who would like to contribute in other ways, such as "
+"critiques, peer review, testing,\n"
+"writing I2P enabled applications, or documentation. The entire system is "
+"open source - the router\n"
+"and most of the SDK are outright public domain with some BSD and Cryptix "
+"licensed code, while some\n"
+"applications like I2PTunnel and I2PSnark are GPL. Almost everything is "
+"written in Java (1.5+),\n"
+"though some third party applications are being written in Python and "
+"other languages. The code works\n"
+"on <a href=\"http://java.com/en/\">Sun Java SE</a> and other Java Virtual"
+" Machines."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:173
+msgid "Where?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:174
+#, python-format
+msgid ""
+"Anyone interested should join us on the IRC channel #i2p-dev (hosted "
+"concurrently on irc.freenode.net,\n"
+"irc.postman.i2p, irc.echelon.i2p, irc.dg.i2p and irc.oftc.net). There are"
+" currently no\n"
+"scheduled development meetings, however <a href=\"%(meetings)s\">archives"
+" are available</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:180
+#, python-format
+msgid "The current source is available in <a href=\"%(monotone)s\">monotone</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/intro.html:185
+#, python-format
+msgid "See <a href=\"%(docs)s\">the Index to Technical Documentation</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:2
+msgid "The Network Database"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:3
+#: i2p2www/pages/site/docs/protocol/i2cp.html:3
+msgid "February 2016"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:8
+msgid ""
+"I2P's netDb is a specialized distributed database, containing \n"
+"just two types of data - router contact information (<b>RouterInfos</b>) "
+"and destination contact\n"
+"information (<b>LeaseSets</b>). Each piece of data is signed by the "
+"appropriate party and verified\n"
+"by anyone who uses or stores it. In addition, the data has liveliness "
+"information\n"
+"within it, allowing irrelevant entries to be dropped, newer entries to "
+"replace\n"
+"older ones, and protection against certain classes of attack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:17
+msgid ""
+"The netDb is distributed with a simple technique called \"floodfill\",\n"
+"where a subset of all routers, called \"floodfill routers\", maintains "
+"the distributed database."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:25
+msgid ""
+"When an I2P router wants to contact another router, they need to know "
+"some \n"
+"key pieces of data - all of which are bundled up and signed by the router"
+" into\n"
+"a structure called the \"RouterInfo\", which is distributed with the "
+"SHA256 of the router's identity\n"
+"as the key. The structure itself contains:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:32
+msgid ""
+"The router's identity (a 2048bit ElGamal encryption key, a signing key, "
+"and a certificate)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:33
+msgid ""
+"The contact addresses at which it can be reached (e.g. TCP: example.org "
+"port 4108)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:34
+msgid "When this was published"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:35
+msgid "A set of arbitrary text options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:36
+msgid "The signature of the above, generated by the identity's signing key"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:39
+msgid "Expected Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:41
+msgid ""
+"The following text options, while not strictly required, are expected\n"
+"to be present:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:47
+msgid ""
+"Capabilities flags - used to indicate floodfill participation, "
+"approximate bandwidth, and perceived reachability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:49
+#: i2p2www/pages/site/docs/how/network-database.html:287
+msgid "Floodfill"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:50
+msgid "Hidden"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:51
+#, python-format
+msgid "Under %(amount)s shared bandwidth"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:52
+#: i2p2www/pages/site/docs/how/network-database.html:53
+#: i2p2www/pages/site/docs/how/network-database.html:54
+#: i2p2www/pages/site/docs/how/network-database.html:55
+#: i2p2www/pages/site/docs/how/network-database.html:56
+#, python-format
+msgid "%(amount)s shared bandwidth"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:52
+msgid "default"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:57
+msgid "Reachable"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:58
+msgid "Unreachable"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:59
+#, python-format
+msgid "Over %(amount)s shared bandwidth"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:66
+msgid "The core library version, always the same as the router version"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:70
+msgid ""
+"Basic network compatibility - A router will refuse to communicate with a "
+"peer having a different netId"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:73
+msgid "Used to determine compatibility with newer features and messages"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:76
+msgid ""
+"Always sent as 90m, for compatibility with an older scheme where routers "
+"published their actual uptime,\n"
+"and only sent tunnel requests to peers whose uptime was more than 60m"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:82
+msgid ""
+"These values are used by other routers for basic decisions.\n"
+"Should we connect to this router? Should we attempt to route a tunnel "
+"through this router?\n"
+"The bandwidth capability flag, in particular, is used only to determine "
+"whether\n"
+"the router meets a minimum threshold for routing tunnels.\n"
+"Above the minimum threshold, the advertised bandwidth is not used or "
+"trusted anywhere\n"
+"in the router, except for display in the user interface and for debugging"
+" and network analysis."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:91
+msgid "Additional Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:93
+#, python-format
+msgid ""
+"Additional text options include\n"
+"a small number of statistics about the router's health, which are "
+"aggregated by\n"
+"sites such as <a href=\"http://%(stats)s/\">%(stats)s</a>\n"
+"for network performance analysis and debugging.\n"
+"These statistics were chosen to provide data crucial to the developers,\n"
+"such as tunnel build success rates, while balancing the need for such "
+"data\n"
+"with the side-effects that could result from revealing this data.\n"
+"Current statistics are limited to:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:104
+msgid "Exploratory tunnel build success, reject, and timeout rates"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:105
+msgid "1 hour average number of participating tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:108
+msgid ""
+"Floodfill routers publish additional data on the number of entries in "
+"their network database."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:112
+msgid ""
+"The data published can be seen in the router's user interface,\n"
+"but is not used or trusted within the router.\n"
+"As the network has matured, we have gradually removed most of the "
+"published\n"
+"statistics to improve anonymity, and we plan to remove more in future "
+"releases."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:119
+msgid "Family Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:121
+msgid ""
+"As of release 0.9.24, routers may declare that they are part of a "
+"\"family\", operated by the same entity.\n"
+"Multiple routers in the same family will not be used in a single tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:126
+msgid "The family options are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:132
+msgid "The family name"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:147
+msgid "RouterInfo Expiration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:148
+msgid ""
+"RouterInfos have no set expiration time.\n"
+"Each router is free to maintain its own local policy to trade off the "
+"frequency of RouterInfo lookups\n"
+"with memory or disk usage.\n"
+"In the current implementation, there are the following general policies:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:155
+msgid ""
+"There is no expiration during the first hour of uptime, as the persistent"
+" stored data may be old."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:158
+msgid "There is no expiration if there are 25 or less RouterInfos."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:161
+msgid ""
+"As the number of local RouterInfos grows, the expiration time shrinks, in"
+" an attempt to maintain\n"
+"a reasonable number RouterInfos. The expiration time with less than 120 "
+"routers is 72 hours,\n"
+"while expiration time with 300 routers is around 30 hours."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:166
+#, python-format
+msgid ""
+"RouterInfos containing <a href=\"%(ssu)s\">SSU</a> introducers expire in "
+"about an hour, as\n"
+"the introducer list expires in about that time."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:170
+msgid ""
+"Floodfills use a short expiration time (1 hour) for all local "
+"RouterInfos, as valid RouterInfos will\n"
+"be frequently republished to them."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:176
+msgid "RouterInfo Persistent Storage"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:178
+msgid ""
+"RouterInfos are periodically written to disk so that they are available "
+"after a restart."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:186
+msgid "RouterInfo specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:189
+msgid "RouterInfo Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:194
+msgid ""
+"The second piece of data distributed in the netDb is a \"LeaseSet\" - "
+"documenting\n"
+"a group of <b>tunnel entry points (leases)</b> for a particular client "
+"destination.\n"
+"Each of these leases specify the following information:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:200
+msgid "The tunnel gateway router (by specifying its identity)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:201
+msgid "The tunnel ID on that router to send messages with (a 4 byte number)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:202
+msgid "When that tunnel will expire."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:204
+msgid ""
+"The LeaseSet itself is stored in the netDb under\n"
+"the key derived from the SHA256 of the destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:209
+msgid "In addition to these leases, the LeaseSet includes:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:213
+msgid ""
+"The destination itself (a 2048bit ElGamal encryption key, a signing key "
+"and a certificate)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:214
+msgid ""
+"Additional encryption public key: used for end-to-end encryption of "
+"garlic messages"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:215
+msgid ""
+"Additional signing public key: intended for LeaseSet revocation, but is "
+"currently unused."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:216
+msgid ""
+"Signature of all the LeaseSet data, to make sure the Destination "
+"published the LeaseSet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:220
+msgid "Lease specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:222
+msgid "LeaseSet specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:225
+msgid "Lease Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:227
+msgid "LeaseSet Javadoc"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:231
+msgid "Unpublished LeaseSets"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:232
+msgid ""
+"A LeaseSet for a destination used only for outgoing connections is "
+"<i>unpublished</i>.\n"
+"It is never sent for publication to a floodfill router.\n"
+"\"Client\" tunnels, such as those for web browsing and IRC clients, are "
+"unpublished.\n"
+"Servers will still be able to send messages back to those unpublished "
+"destinations,\n"
+"because of <a href=\"#leaseset_storage_peers\">I2NP storage messages</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:242
+msgid "Revoked LeaseSets"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:243
+msgid ""
+"A LeaseSet may be <i>revoked</i> by publishing a new LeaseSet with zero "
+"leases.\n"
+"Revocations must be signed by the additional signing key in the LeaseSet."
+"\n"
+"Revocations are not fully implemented, and it is unclear if they have any"
+" practical use.\n"
+"This is the only planned use for that signing key, so it is currently "
+"unused."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:250
+msgid "Encrypted LeaseSets"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:251
+msgid ""
+"In an <i>encrypted</i> LeaseSet, all Leases are encrypted with a separate"
+" key.\n"
+"The leases may only be decoded, and thus the destination may only be "
+"contacted,\n"
+"by those with the key.\n"
+"There is no flag or other direct indication that the LeaseSet is "
+"encrypted.\n"
+"Encrypted LeaseSets are not widely used, and it is a topic for future "
+"work to\n"
+"research whether the user interface and implementation of encrypted "
+"LeaseSets could be improved."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:260
+msgid "LeaseSet Expiration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:261
+msgid ""
+"All Leases (tunnels) are valid for 10 minutes; therefore, a LeaseSet "
+"expires\n"
+"10 minutes after the earliest creation time of all its Leases."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:266
+msgid "LeaseSet Persistent Storage"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:267
+msgid ""
+"There is no persistent storage of LeaseSet data since they expire so "
+"quickly."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:272
+msgid "Bootstrapping"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:273
+msgid ""
+"The netDb is decentralized, however you do need at\n"
+"least one reference to a peer so that the integration process\n"
+"ties you in. This is accomplished by \"reseeding\" your router with the "
+"RouterInfo\n"
+"of an active peer - specifically, by retrieving their "
+"<code>routerInfo-$hash.dat</code>\n"
+"file and storing it in your <code>netDb/</code> directory. Anyone can "
+"provide\n"
+"you with those files - you can even provide them to others by exposing "
+"your own\n"
+"netDb directory. To simplify the process,\n"
+"volunteers publish their netDb directories (or a subset) on the regular "
+"(non-i2p) network,\n"
+"and the URLs of these directories are hardcoded in I2P.\n"
+"When the router starts up for the first time, it automatically fetches "
+"from\n"
+"one of these URLs, selected at random."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:288
+msgid ""
+"The floodfill netDb is a simple distributed storage mechanism.\n"
+"The storage algorithm is simple: send the data to the closest peer that "
+"has advertised itself\n"
+"as a floodfill router. Then wait 10 seconds, pick another floodfill "
+"router and ask them \n"
+"for the entry to be sent, verifying its proper insertion / distribution. "
+"If the \n"
+"verification peer doesn't reply, or they don't have the entry, the sender"
+" \n"
+"repeats the process. When the peer in the floodfill netDb receives a "
+"netDb \n"
+"store from a peer not in the floodfill netDb, they send it to a subset of"
+" the floodfill netDb-peers.\n"
+"The peers selected are the ones closest (according to the <a "
+"href=\"#kademlia_closeness\">XOR-metric</a>) to a specific key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:299
+msgid ""
+"Determining who is part of the floodfill netDb is trivial - it is exposed"
+" in each \n"
+"router's published routerInfo as a capability."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:304
+msgid ""
+"Floodfills have no central authority and do not form a \"consensus\" -\n"
+"they only implement a simple DHT overlay."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:311
+msgid "Floodfill Router Opt-in"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:313
+msgid ""
+"Unlike Tor, where the directory servers are hardcoded and trusted,\n"
+"and operated by known entities,\n"
+"the members of the I2P floodfill peer set need not be trusted, and\n"
+"change over time."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:320
+msgid ""
+"To increase reliability of the netDb, and minimize the impact\n"
+"of netDb traffic on a router, floodfill is automatically enabled\n"
+"only on routers that are configured with high bandwidth limits.\n"
+"Routers with high bandwidth limits (which must be manually configured,\n"
+"as the default is much lower) are presumed to be on lower-latency\n"
+"connections, and are more likely to be available 24/7.\n"
+"The current minimum share bandwidth for a floodfill router is 128 "
+"KBytes/sec."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:330
+msgid ""
+"In addition, a router must pass several additional tests for health\n"
+"(outbound message queue time, job lag, etc.) before floodfill operation "
+"is\n"
+"automatically enabled."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:336
+msgid ""
+"With the current rules for automatic opt-in, approximately 6&#37; of\n"
+"the routers in the network are floodfill routers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:341
+msgid ""
+"While some peers are manually configured to be floodfill,\n"
+"others are simply high-bandwidth routers who automatically volunteer\n"
+"when the number of floodfill peers drops below a threshold.\n"
+"This prevents any long-term network damage from losing most or all\n"
+"floodfills to an attack.\n"
+"In turn, these peers will un-floodfill themselves when there are\n"
+"too many floodfills outstanding."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:351
+msgid "Floodfill Router Roles"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:352
+msgid ""
+"A floodfill router's only services that are in addition to those of non-"
+"floodfill routers\n"
+"are in accepting netDb stores and responding to netDb queries.\n"
+"Since they are generally high-bandwidth, they are more likely to "
+"participate in a high number of tunnels\n"
+"(i.e. be a \"relay\" for others), but this is not directly related to "
+"their distributed database services."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:360
+msgid "Kademlia Closeness Metric"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:361
+msgid ""
+"The netDb uses a simple Kademlia-style XOR metric to determine closeness."
+"\n"
+"The SHA256 hash of the key being looked up or stored is XOR-ed with\n"
+"the hash of the router in question to determine closeness.\n"
+"A modification to this algorithm is done to increase the costs of <a href"
+"=\"#sybil-partial\">Sybil attacks</a>.\n"
+"Instead of the SHA256 hash of the key being looked up of stored, the "
+"SHA256 hash is taken\n"
+"of the 32-byte binary search key appended with the UTC date represented "
+"as an 8-byte ASCII string yyyyMMdd, i.e. SHA256(key + yyyyMMdd).\n"
+"This is called the \"routing key\", and it changes every day at midnight "
+"UTC.\n"
+"Only the search key is modified in this way, not the floodfill router "
+"hashes.\n"
+"The daily transformation of the DHT is sometimes called \"keyspace "
+"rotation\",\n"
+"although it isn't strictly a rotation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:374
+msgid ""
+"Routing keys are never sent on-the-wire in any I2NP message, they are "
+"only used locally for\n"
+"determination of distance."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:381
+msgid "Storage, Verification, and Lookup Mechanics"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:383
+msgid "RouterInfo Storage to Peers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:384
+#, python-format
+msgid ""
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessages containing the local "
+"RouterInfo are exchanged with peers\n"
+"as a part of the initialization of a <a href=\"%(ntcp)s\">NTCP</a>\n"
+"or <a href=\"%(ssu)s\">SSU</a> transport connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:391
+msgid "LeaseSet Storage to Peers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:392
+#, python-format
+msgid ""
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessages containing the local "
+"LeaseSet are periodically exchanged with peers\n"
+"by bundling them in a garlic message along with normal traffic from the "
+"related Destination.\n"
+"This allows an initial response, and later responses, to be sent to an "
+"appropriate Lease,\n"
+"without requiring any LeaseSet lookups, or requiring the communicating "
+"Destinations to have published LeaseSets at all."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:400
+msgid ""
+"The DatabaseStoreMessage should be sent to the floodfill that is closest\n"
+"to the current routing key for the RouterInfo or LeaseSet being stored.\n"
+"Currently, the closest floodfill is found by a search in the local "
+"database.\n"
+"Even if that floodfill is not actually closest, it will flood it "
+"\"closer\" by\n"
+"sending it to multiple other floodfills.\n"
+"This provides a high degree of fault-tolerance."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:409
+msgid ""
+"In traditional Kademlia, a peer would do a \"find-closest\" search before"
+" inserting\n"
+"an item in the DHT to the closest target. As the verify operation will "
+"tend to\n"
+"discover closer floodfills if they are present, a router will quickly "
+"improve\n"
+"its knowledge of the DHT \"neighborhood\" for the RouterInfo and "
+"LeaseSets it regularly publishes.\n"
+"While I2NP does not define a \"find-closest\" message, if it becomes "
+"necessary,\n"
+"a router may simply do an iterative search for a key with the least "
+"significant bit flipped\n"
+"(i.e. key ^ 0x01) until no closer peers are received in the "
+"DatabaseSearchReplyMessages.\n"
+"This ensures that the true closest peer will be found even if a more-"
+"distant peer had\n"
+"the netdb item."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:422
+msgid "RouterInfo Storage to Floodfills"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:423
+#, python-format
+msgid ""
+"A router publishes its own RouterInfo by directly connecting to a "
+"floodfill router\n"
+"and sending it a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
+"with a nonzero Reply Token. The message is not end-to-end garlic "
+"encrypted,\n"
+"as this is a direct connection, so there are no intervening routers\n"
+"(and no need to hide this data anyway).\n"
+"The floodfill router replies with a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DeliveryStatusMessage,\n"
+"with the Message ID set to the value of the Reply Token."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:437
+msgid "LeaseSet Storage to Floodfills"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:438
+msgid ""
+"Storage of LeaseSets is much more sensitive than for RouterInfos, as a "
+"router\n"
+"must take care that the LeaseSet cannot be associated with the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:443
+#, python-format
+msgid ""
+"A router publishes a local LeaseSet by\n"
+"sending a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
+"with a nonzero Reply Token over an outbound client tunnel for that "
+"Destination.\n"
+"The message is end-to-end garlic encrypted using the Destination's "
+"Session Key Manager,\n"
+"to hide the message from the tunnel's outbound endpoint.\n"
+"The floodfill router replies with a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DeliveryStatusMessage,\n"
+"with the Message ID set to the value of the Reply Token.\n"
+"This message is sent back to one of the client's inbound tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:456
+msgid "Flooding"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:457
+#, python-format
+msgid ""
+"After a floodfill router receives a DatabaseStoreMessage containing a\n"
+"valid RouterInfo or LeaseSet which is newer than that previously stored "
+"in its\n"
+"local NetDb, it \"floods\" it.\n"
+"To flood a NetDb entry, it looks up several (currently %(floodsize)s) "
+"floodfill routers closest to the routing key\n"
+"of the NetDb entry. (The routing key is the SHA256 Hash of the "
+"RouterIdentity or Destination with the date (yyyyMMdd) appended.)\n"
+"By flooding to those closest to the key, not closest to itself, the "
+"floodfill ensures that the storage\n"
+"gets to the right place, even if the storing router did not have good "
+"knowledge of the\n"
+"DHT \"neighborhood\" for the routing key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:468
+#, python-format
+msgid ""
+"The floodfill then directly connects to each of those peers\n"
+"and sends it a <a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage\n"
+"with a zero Reply Token. The message is not end-to-end garlic encrypted,\n"
+"as this is a direct connection, so there are no intervening routers\n"
+"(and no need to hide this data anyway).\n"
+"The other routers do not reply or re-flood, as the Reply Token is zero."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:478
+msgid "RouterInfo and LeaseSet Lookup"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:479
+#, python-format
+msgid ""
+"The <a href=\"%(i2np)s\">I2NP</a> DatabaseLookupMessage is used to "
+"request a netdb entry from a floodfill router.\n"
+"Lookups are sent out one of the router's outbound exploratory tunnels.\n"
+"The replies are specified to return via one of the router's inbound "
+"exploratory tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:485
+msgid ""
+"Lookups are generally sent to the two \"good\" (the connection doesn't "
+"fail) floodfill routers closest to the requested key, in parallel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:489
+#, python-format
+msgid ""
+"If the key is found locally by the floodfill router, it responds with a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseStoreMessage.\n"
+"If the key is not found locally by the floodfill router, it responds with"
+" a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage\n"
+"containing a list of other floodfill routers close to the key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:497
+msgid ""
+"LeaseSet lookups are garlic encrypted end-to-end as of release 0.9.5.\n"
+"RouterInfo lookups are not encrypted and thus are vulnerable to snooping "
+"by the outbound endpoint\n"
+"(OBEP) of the client tunnel. This is due to the expense of the ElGamal "
+"encryption.\n"
+"RouterInfo lookup encryption may be enabled in a future release."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:504
+msgid ""
+"As of release 0.9.7, replies to a LeaseSet lookup (a DatabaseStoreMessage"
+" or a DatabaseSearchReplyMessage)\n"
+"will be encrypted by including the session key and tag in the lookup.\n"
+"This hides the reply from the inbound gateway (IBGW) of the reply tunnel."
+"\n"
+"Responses to RouterInfo lookups will be encrypted if we enable the lookup"
+" encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:511
+#, python-format
+msgid ""
+"(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Sections "
+"2.2-2.3 for terms below in italics)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:515
+msgid ""
+"Due to the relatively small size of the network and the flooding "
+"redundancy of 8x,\n"
+"lookups are usually O(1) rather than O(log n) --\n"
+"a router is highly likely to know a floodfill router close enough to the "
+"key to get the answer on the first try.\n"
+"In releases prior to 0.8.9, routers used a lookup redundancy of two\n"
+"(that is, two lookups were performed in parallel to different peers), and"
+"\n"
+"neither <i>recursive</i> nor <i>iterative</i> routing for lookups was "
+"implemented.\n"
+"Queries were sent through <i>multiple routes simultaneously</i>\n"
+"to <i>reduce the chance of query failure</i>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:526
+msgid ""
+"As of release 0.8.9, <i>iterative lookups</i> are implemented with no "
+"lookup redundancy.\n"
+"This is a more efficient and reliable lookup that will work much better\n"
+"when not all floodfill peers are known, and it removes a serious\n"
+"limitation to network growth. As the network grows and each router knows "
+"only a small\n"
+"subset of the floodfill peers, lookups will become O(log n).\n"
+"Even if the peer does not return references closer to the key, the lookup"
+" continues with\n"
+"the next-closest peer, for added robustness, and to prevent a malicious "
+"floodfill from\n"
+"black-holing a part of the key space. Lookups continue until a total "
+"lookup timeout is reached,\n"
+"or the maximum number of peers is queried."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:538
+msgid ""
+"<i>Node IDs</i> are <i>verifiable</i> in that we use the router hash "
+"directly as both the node ID and the Kademlia key.\n"
+"Incorrect responses that are not closer to the search key are generally "
+"ignored.\n"
+"Given the current size of the network, a router has\n"
+"<i>detailed knowledge of the neighborhood of the destination ID space</i>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:547
+msgid "RouterInfo Storage Verification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:548
+#, python-format
+msgid ""
+"Note: RouterInfo verification is disabled as of release 0.9.7.1 to "
+"prevent\n"
+"the attack described in the paper\n"
+"<a href=\"%(egger2013)s\">Practical Attacks Against the I2P Network</a>.\n"
+"It is not clear if verification can be redesigned to be done safely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:555
+msgid ""
+"To verify a storage was successful, a router simply waits about 10 "
+"seconds,\n"
+"then sends a lookup to another floodfill router close to the key\n"
+"(but not the one the store was sent to).\n"
+"Lookups sent out one of the router's outbound exploratory tunnels.\n"
+"Lookups are end-to-end garlic encrypted to prevent snooping by the "
+"outbound endpoint(OBEP)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:563
+msgid "LeaseSet Storage Verification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:564
+msgid ""
+"To verify a storage was successful, a router simply waits about 10 "
+"seconds,\n"
+"then sends a lookup to another floodfill router close to the key\n"
+"(but not the one the store was sent to).\n"
+"Lookups sent out one of the outbound client tunnels for the destination "
+"of the LeaseSet being verified.\n"
+"To prevent snooping by the OBEP of the outbound tunnel,\n"
+"lookups are end-to-end garlic encrypted.\n"
+"The replies are specified to return via one of the client's inbound "
+"tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:574
+msgid ""
+"As of release 0.9.7, replies for both RouterInfo and LeaseSet lookups (a "
+"DatabaseStoreMessage or a DatabaseSearchReplyMessage)\n"
+"will be encrypted,\n"
+"to hide the reply from the inbound gateway (IBGW) of the reply tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:582
+msgid "Exploration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:583
+#, python-format
+msgid ""
+"<i>Exploration</i> is a special form of netdb lookup, where a router "
+"attempts to learn about\n"
+"new routers.\n"
+"It does this by sending a floodfill router a <a "
+"href=\"%(i2np)s\">I2NP</a> DatabaseLookupMessage, looking for a random "
+"key.\n"
+"As this lookup will fail, the floodfill would normally respond with a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage containing "
+"hashes of floodfill routers close to the key.\n"
+"This would not be helpful, as the requesting router probably already "
+"knows those floodfills,\n"
+"and it would be impractical to add ALL floodfill routers to the \"don't "
+"include\" field of the lookup.\n"
+"For an exploration query, the requesting router adds a router hash of all"
+" zeros to the\n"
+"\"don't include\" field of the DatabaseLookupMessage.\n"
+"The floodfill will then respond only with non-floodfill routers close to "
+"the requested key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:597
+msgid "Notes on Lookup Responses"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:598
+msgid ""
+"The response to a lookup request is either a Database Store Message (on "
+"success) or a\n"
+"Database Search Reply Message (on failure). The DSRM contains a 'from' "
+"router hash field\n"
+"to indicate the source of the reply; the DSM does not.\n"
+"The DSRM 'from' field is unauthenticated and may be spoofed or invalid.\n"
+"There are no other response tags. Therefore, when making multiple "
+"requests in parallel, it is\n"
+"difficult to monitor the performance of the various floodfill routers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:608
+msgid "MultiHoming"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:610
+msgid ""
+"Destinations may be hosted on multiple routers simultaneously, by using "
+"the same\n"
+"private and public keys (traditionally stored in eepPriv.dat files).\n"
+"As both instances will periodically publish their signed LeaseSets to the"
+" floodfill peers,\n"
+"the most recently published LeaseSet will be returned to a peer "
+"requesting a database lookup.\n"
+"As LeaseSets have (at most) a 10 minute lifetime, should a particular "
+"instance go down,\n"
+"the outage will be 10 minutes at most, and generally much less than that."
+"\n"
+"The multihoming function has been verified and is in use by several "
+"services on the network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:620
+msgid "Threat Analysis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:621
+#, python-format
+msgid ""
+"Also discussed on <a href=\"%(threatmodel)s#floodfill\">the threat model "
+"page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:625
+msgid ""
+"A hostile user may attempt to harm the network by\n"
+"creating one or more floodfill routers and crafting them to offer\n"
+"bad, slow, or no responses.\n"
+"Some scenarios are discussed below."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:632
+msgid "General Mitigation Through Growth"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:633
+#, python-format
+msgid ""
+"There are currently around %(ffcount)s floodfill routers in the network.\n"
+"Most of the following attacks will become more difficult, or have less "
+"impact,\n"
+"as the network size and number of floodfill routers increase."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:640
+msgid "General Mitigation Through Redundancy"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:641
+#, python-format
+msgid ""
+"Via flooding, all netdb entries are stored on the %(floodsize)s floodfill"
+" routers closest to the key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:646
+msgid "Forgeries"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:647
+msgid ""
+"All netdb entries are signed by their creators, so no router may forge a\n"
+"RouterInfo or LeaseSet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:652
+msgid "Slow or Unresponsive"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:653
+#, python-format
+msgid ""
+"Each router maintains an expanded set of statistics in the\n"
+"<a href=\"%(peerselection)s\">peer profile</a> for each floodfill router,"
+"\n"
+"covering various quality metrics for that peer.\n"
+"The set includes:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:660
+msgid "Average response time"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:661
+msgid "Percentage of queries answered with the data requested"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:662
+msgid "Percentage of stores that were successfully verified"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:663
+msgid "Last successful store"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:664
+msgid "Last successful lookup"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:665
+msgid "Last response"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:668
+msgid ""
+"Each time a router needs to make a determination on which floodfill "
+"router is closest to a key,\n"
+"it uses these metrics to determine which floodfill routers are \"good\".\n"
+"The methods, and thresholds, used to determine \"goodness\" are "
+"relatively new, and\n"
+"are subject to further analysis and improvement.\n"
+"While a completely unresponsive router will quickly be identified and "
+"avoided,\n"
+"routers that are only sometimes malicious may be much harder to deal with."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:678
+msgid "Sybil Attack (Full Keyspace)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:679
+#, python-format
+msgid ""
+"An attacker may mount a <a href=\"%(url)s\">Sybil attack</a>\n"
+"by creating a large number of floodfill routers spread throughout the "
+"keyspace."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:684
+#, python-format
+msgid ""
+"(In a related example, a researcher recently created a\n"
+"<a href=\"%(url)s\">large number of Tor relays</a>.)\n"
+"If successful, this could be an effective DOS attack on the entire "
+"network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:690
+msgid ""
+"If the floodfills are not sufficiently misbehaving to be marked as "
+"\"bad\" using the peer profile\n"
+"metrics described above, this is a difficult scenario to handle.\n"
+"Tor's response can be much more nimble in the relay case, as the "
+"suspicious relays\n"
+"can be manually removed from the consensus.\n"
+"Some possible responses for the I2P network are listed below, however "
+"none of them is completely satisfactory:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:698
+msgid ""
+"Compile a list of bad router hashes or IPs, and announce the list through"
+" various means\n"
+"(console news, website, forum, etc.); users would have to manually "
+"download the list and\n"
+"add it to their local \"blacklist\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:703
+msgid ""
+"Ask everyone in the network to enable floodfill manually (fight Sybil "
+"with more Sybil)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:704
+msgid "Release a new software version that includes the hardcoded \"bad\" list"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:705
+msgid ""
+"Release a new software version that improves the peer profile metrics and"
+" thresholds,\n"
+"in an attempt to automatically identify the \"bad\" peers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:709
+msgid ""
+"Add software that disqualifies floodfills if too many of them are in a "
+"single IP block"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:710
+msgid ""
+"Implement an automatic subscription-based blacklist controlled by a "
+"single individual or group.\n"
+"This would essentially implement a portion of the Tor \"consensus\" "
+"model.\n"
+"Unfortunately it would also give a single individual or group the power "
+"to\n"
+"block participation of any particular router or IP in the network,\n"
+"or even to completely shutdown or destroy the entire network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:719
+msgid "This attack becomes more difficult as the network size grows."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:725
+msgid "Sybil Attack (Partial Keyspace)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:726
+#, python-format
+msgid ""
+"An attacker may mount a <a href=\"%(url)s\">Sybil attack</a>\n"
+"by creating a small number (8-15) of floodfill routers clustered closely "
+"in the keyspace,\n"
+"and distribute the RouterInfos for these routers widely.\n"
+"Then, all lookups and stores for a key in that keyspace would be directed"
+"\n"
+"to one of the attacker's routers.\n"
+"If successful, this could be an effective DOS attack on a particular "
+"eepsite, for example."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:735
+msgid ""
+"As the keyspace is indexed by the cryptographic (SHA256) Hash of the key,"
+"\n"
+"an attacker must use a brute-force method to repeatedly generate router "
+"hashes\n"
+"until he has enough that are sufficiently close to the key.\n"
+"The amount of computational power required for this, which is dependent "
+"on network\n"
+"size, is unknown."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:743
+msgid ""
+"As a partial defense against this attack,\n"
+"the algorithm used to determine Kademlia \"closeness\" varies over time.\n"
+"Rather than using the Hash of the key (i.e. H(k)) to determine closeness,"
+"\n"
+"we use the Hash of the key appended with the current date string, i.e. "
+"H(k + YYYYMMDD).\n"
+"A function called the \"routing key generator\" does this, which "
+"transforms the original key into a \"routing key\".\n"
+"In other words, the entire netdb keyspace \"rotates\" every day at UTC "
+"midnight.\n"
+"Any partial-keyspace attack would have to be regenerated every day, for\n"
+"after the rotation, the attacking routers would no longer be close\n"
+"to the target key, or to each other."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:755
+msgid ""
+"This attack becomes more difficult as the network size grows.\n"
+"However, recent research demonstrates that the keyspace rotation is not "
+"particularly effective.\n"
+"An attacker can precompute numerous router hashes in advance,\n"
+"and only a few routers are sufficient to \"eclipse\" a portion\n"
+"of the keyspace within a half hour after rotation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:763
+msgid ""
+"One consequence of daily keyspace rotation is that the distributed "
+"network database\n"
+"may become unreliable for a few minutes after the rotation --\n"
+"lookups will fail because the new \"closest\" router has not received a "
+"store yet.\n"
+"The extent of the issue, and methods for mitigation\n"
+"(for example netdb \"handoffs\" at midnight)\n"
+"are a topic for further study."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:773
+msgid "Bootstrap Attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:774
+msgid ""
+"An attacker could attempt to boot new routers into an isolated\n"
+"or majority-controlled network by taking over a reseed website,\n"
+"or tricking the developers into adding his reseed website\n"
+"to the hardcoded list in the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:781
+msgid "Several defenses are possible, and most of these are planned:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:785
+msgid ""
+"Disallow fallback from HTTPS to HTTP for reseeding.\n"
+"A MITM attacker could simply block HTTPS, then respond to the HTTP."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:789
+msgid "Bundling reseed data in the installer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:792
+msgid "Defenses that are implemented:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:796
+msgid ""
+"Changing the reseed task to fetch a subset of RouterInfos from\n"
+"each of several reseed sites rather than using only a single site"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:800
+msgid ""
+"Creating an out-of-network reseed monitoring service that\n"
+"periodically polls reseed websites and verifies that the\n"
+"data are not stale or inconsistent with other views of the network"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:805
+msgid ""
+"As of release 0.9.14, reseed data is bundled into a signed zip file and\n"
+"the signature is verified when downloaded."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:813
+msgid "Query Capture"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:814
+#, python-format
+msgid ""
+"See also <a href=\"#lookup\">lookup</a>\n"
+"(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Sections "
+"2.2-2.3 for terms below in italics)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:819
+msgid ""
+"Similar to a bootstrap attack, an attacker using a floodfill router could"
+" attempt to \"steer\"\n"
+"peers to a subset of routers controlled by him by returning their "
+"references."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:824
+msgid ""
+"This is unlikely to work via exploration, because exploration is a low-"
+"frequency task.\n"
+"Routers acquire a majority of their peer references through normal tunnel"
+" building activity.\n"
+"Exploration results are generally limited to a few router hashes,\n"
+"and each exploration query is directed to a random floodfill router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:831
+#, python-format
+msgid ""
+"As of release 0.8.9, <i>iterative lookups</i> are implemented.\n"
+"For floodfill router references returned in a\n"
+"<a href=\"%(i2np)s\">I2NP</a> DatabaseSearchReplyMessage\n"
+"response to a lookup,\n"
+"these references are followed if they are closer (or the next closest) to"
+" the lookup key.\n"
+"The requesting router does not trust that the references are\n"
+"closer to the key (i.e. they are <i>verifiably correct</i>.\n"
+"The lookup also does not stop when no closer key is found, but continues "
+"by querying the\n"
+"next-closet node, until the timeout or maximum number of queries is "
+"reached.\n"
+"This prevents a malicious floodfill from black-holing a part of the key "
+"space.\n"
+"Also, the daily keyspace rotation requires an attacker to regenerate a "
+"router info\n"
+"within the desired key space region.\n"
+"This design ensures that the query capture attack described in\n"
+"<a href=\"%(pdf)s\">Hashing it out in Public</a>\n"
+"is much more difficult."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:850
+msgid "DHT-Based Relay Selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:851
+#, python-format
+msgid "(Reference: <a href=\"%(pdf)s\">Hashing it out in Public</a> Section 3)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:855
+#, python-format
+msgid ""
+"This doesn't have much to do with floodfill, but see\n"
+"the <a href=\"%(peerselection)s\">peer selection page</a>\n"
+"for a discussion of the vulnerabilities of peer selection for tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:861
+msgid "Information Leaks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:862
+#, python-format
+msgid ""
+"(Reference: <a href=\"%(pdf)s\">In Search of an Anonymous and Secure "
+"Lookup</a> Section 3)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:866
+#, python-format
+msgid ""
+"This paper addresses weaknesses in the \"Finger Table\" DHT lookups used "
+"by Torsk and NISAN.\n"
+"At first glance, these do not appear to apply to I2P. First, the use of "
+"DHT by Torsk and NISAN\n"
+"is significantly different from that in I2P. Second, I2P's network "
+"database lookups are only\n"
+"loosely correlated to the <a href=\"%(peerselection)s\">peer "
+"selection</a> and\n"
+"<a href=\"%(tunnelrouting)s\">tunnel building</a> processes; only "
+"previously-known peers\n"
+"are used for tunnels.\n"
+"Also, peer selection is unrelated to any notion of DHT key-closeness."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:877
+msgid ""
+"Some of this may actually be more interesting when the I2P network gets "
+"much larger.\n"
+"Right now, each router knows a large proportion of the network, so "
+"looking up a particular\n"
+"Router Info in the network database is not strongly indicative of a "
+"future intent to use\n"
+"that router in a tunnel. Perhaps when the network is 100 times larger, "
+"the lookup may be\n"
+"more correlative. Of course, a larger network makes a Sybil attack that "
+"much harder."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:885
+#, python-format
+msgid ""
+"However, the general issue of DHT information leakage in I2P needs "
+"further investigation.\n"
+"The floodfill routers are in a position to observe queries and gather "
+"information.\n"
+"Certainly, at a level of <i>f</i> = 0.2 (20&#37; malicious nodes, as "
+"specifed in the paper)\n"
+"we expect that many of the Sybil threats we describe\n"
+"(<a href=\"%(threatmodel)s#sybil\">here</a>,\n"
+"<a href=\"#sybil\">here</a> and\n"
+"<a href=\"#sybil-partial\">here</a>)\n"
+"become problematic for several reasons."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:899
+msgid "Moved to the netdb discussion page"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:903
+msgid "End-to-end encryption of additional netDb lookups and responses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/network-database.html:907
+msgid "Better methods for tracking lookup responses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:2
+msgid "Peer Profiling and Selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:3
+msgid "July 2010"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:8
+msgid "Peer Profiling"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:10
+#, python-format
+msgid ""
+"<b>Peer profiling</b> is the process of collecting data based on the "
+"<b>observed</b> performance\n"
+"of other routers or peers, and classifying those peers into groups.\n"
+"Profiling does <b>not</b> use any claimed performance data published by "
+"the peer itself\n"
+"in the <a href=\"%(netdb)s\">network database</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:17
+msgid "Profiles are used for two purposes:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:19
+msgid "Selecting peers to relay our traffic through, which is discussed below"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:20
+#, python-format
+msgid ""
+"Choosing peers from the set of floodfill routers to use for network "
+"database storage and queries,\n"
+"which is discussed on the <a href=\"%(netdb)s\">network database</a> page"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:27
+#: i2p2www/pages/site/docs/how/peer-selection.html:187
+#: i2p2www/pages/site/docs/tunnels/implementation.html:289
+msgid "Peer Selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:28
+msgid ""
+"<b>Peer selection</b> is the process of choosing which routers\n"
+"on the network we want to relay our messages to go through (which peers "
+"will we \n"
+"ask to join our tunnels).  To accomplish this, we keep track of how each\n"
+"peer performs (the peer's \"profile\") and use that data to estimate how"
+" \n"
+"fast they are, how often they will be able to accept our requests, and \n"
+"whether they seem to be overloaded or otherwise unable to perform what\n"
+"they agree to reliably."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:38
+#, python-format
+msgid ""
+"Unlike some other anonymous networks, in I2P,\n"
+"claimed bandwidth is untrusted and is <b>only</b> used to avoid those "
+"peers\n"
+"advertising very low bandwidth insufficient for routing tunnels.\n"
+"All peer selection is done through profiling.\n"
+"This prevents simple attacks based on peers claiming high bandwidth\n"
+"in order to capture large numbers of tunnels.\n"
+"It also makes\n"
+"<a href=\"%(threatmodel)s#timing\">timing attacks</a>\n"
+"more difficult."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:50
+msgid ""
+"Peer selection is done quite frequently, as a router may maintain a large"
+" number\n"
+"of client and exploratory tunnels, and a tunnel lifetime is only 10 "
+"minutes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:56
+msgid "Further Information"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:57
+#, python-format
+msgid ""
+"For more information see the paper\n"
+"<a href=\"%(pdf)s\">Peer Profiling and Selection in the I2P Anonymous "
+"Network</a>\n"
+"presented at <a href=\"%(url)s\">PET-CON 2009.1</a>.\n"
+"See <a href=\"#notes\">below</a> for notes on minor changes since the "
+"paper was published."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:65
+msgid "Profiles"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:66
+#, python-format
+msgid ""
+"Each peer has a set of data points collected about them, including "
+"statistics \n"
+"about how long it takes for them to reply to a network database query, "
+"how \n"
+"often their tunnels fail, and how many new peers they are able to "
+"introduce \n"
+"us to, as well as simple data points such as when we last heard from them"
+" or\n"
+"when the last communication error occurred.  The specific data points "
+"gathered\n"
+"can be found in the <a href=\"%(url)s\">code</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:75
+msgid ""
+"Profiles are fairly small, a few KB. To control memory usage, the profile"
+" expiration time\n"
+"lessens as the number of profiles grows.\n"
+"Profiles are kept in memory until router shutdown, when they are written "
+"to disk.\n"
+"At startup, the profiles are read so the router need not reinitialize all"
+" profiles,\n"
+"thus allowing a router to quickly re-integrate into the network after "
+"startup."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:85
+msgid "Peer Summaries"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:86
+msgid ""
+"While the profiles themselves can be considered a summary of a peer's \n"
+"performance, to allow for effective peer selection we break each summary "
+"down \n"
+"into four simple values, representing the peer's speed, its capacity, how"
+" well \n"
+"integrated into the network it is, and whether it is failing."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:93
+msgid "Speed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:94
+msgid ""
+"The speed calculation\n"
+"simply goes through the profile and estimates how much data we can\n"
+"send or receive on a single tunnel through the peer in a minute.  For "
+"this estimate it just looks at\n"
+"performance in the previous minute."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:101
+msgid "Capacity"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:102
+msgid ""
+"The capacity calculation\n"
+"simply goes through the profile and estimates how many tunnels the peer\n"
+"would agree to participate in over a given time period.  For this "
+"estimate it looks at \n"
+"how many tunnel build requests\n"
+"the peer has accepted, rejected, and dropped, and how many\n"
+"of the agreed-to tunnels later failed.\n"
+"While the calculation is time-weighted so that recent activity counts "
+"more than later activity,\n"
+"statistics up to 48 hours old may be included."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:113
+msgid ""
+"Recognizing and avoiding unreliable and unreachable\n"
+"peers is critically important.\n"
+"Unfortunately, as the tunnel building and testing require the "
+"participation of several peers,\n"
+"it is difficult to positively identify the cause of a dropped build "
+"request or test failure.\n"
+"The router assigns a probability of failure to each of the\n"
+"peers, and uses that probability in the capacity calculation.\n"
+"Drops and test failures are weighted much higher than rejections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:123
+msgid "Peer organization"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:124
+msgid ""
+"As mentioned above, we drill through each peer's profile to come up with "
+"a \n"
+"few key calculations, and based upon those, we organize each peer into "
+"three\n"
+"groups - fast, high capacity, and standard."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:130
+msgid "The groupings are not mutually exclusive, nor are they unrelated:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:134
+msgid ""
+"A peer is considered \"high capacity\" if its capacity calculation meets "
+"or \n"
+"exceeds the median of all peers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:138
+msgid ""
+"A peer is considered \"fast\" if they are already \"high capacity\" and "
+"their \n"
+"speed calculation meets or exceeds the median of all peers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:142
+msgid "A peer is considered \"standard\" if it is not \"high capacity\""
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:145
+#, python-format
+msgid ""
+"These groupings are implemented in the router's\n"
+"<a href=\"%(url)s\">ProfileOrganizer</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:150
+msgid "Group size limits"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:151
+msgid "The size of the groups may be limited."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:156
+msgid ""
+"The fast group is limited to 30 peers.\n"
+"If there would be more, only the ones with the highest speed rating are "
+"placed in the group."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:160
+msgid ""
+"The high capacity group is limited to 75 peers (including the fast group)"
+"\n"
+"If there would be more, only the ones with the highest capacity rating "
+"are placed in the group."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:164
+msgid ""
+"The standard group has no fixed limit, but is somewhat smaller than the "
+"number of RouterInfos\n"
+"stored in the local network database.\n"
+"On an active router in today's network, there may be about 1000 "
+"RouterInfos and 500 peer profiles\n"
+"(including those in the fast and high capacity groups)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:172
+msgid "Recalculation and Stability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:173
+msgid ""
+"Summaries are recalculated, and peers are resorted into groups, every 45 "
+"seconds."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:177
+msgid ""
+"The groups tend to be fairly stable, that is, there is not much \"churn\""
+" in the rankings\n"
+"at each recalculation.\n"
+"Peers in the fast and high capacity groups get more tunnels build through"
+" them, which increases their speed and capacity ratings,\n"
+"which reinforces their presence in the group."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:188
+msgid "The router selects peers from the above groups to build tunnels through."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:193
+msgid "Peer Selection for Client Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:194
+msgid ""
+"Client tunnels are used for application traffic, such as for HTTP proxies"
+" and web servers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:198
+msgid ""
+"To reduce the susceptibility to <a href=\"http://blog.torproject.org/blog"
+"/one-cell-enough\">some attacks</a>,\n"
+"and increase performance,\n"
+"peers for building client tunnels are chosen randomly from the smallest "
+"group, which is the \"fast\" group.\n"
+"There is no bias toward selecting peers that were previously participants"
+" in a tunnel for the same client."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:206
+msgid "Peer Selection for Exploratory Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:207
+msgid ""
+"Exploratory tunnels are used for router administrative purposes, such as "
+"network database traffic\n"
+"and testing client tunnels.\n"
+"Exploratory tunnels are also used to contact previously unconnected "
+"routers, which is why\n"
+"they are called \"exploratory\".\n"
+"These tunnels are usually low-bandwidth."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:215
+msgid ""
+"Peers for building exploratory tunnels are generally chosen randomly from"
+" the standard group.\n"
+"If the success rate of these build attempts is low compared to the client"
+" tunnel build success rate,\n"
+"the router will select a weighted average of peers randomly from the high"
+" capacity group instead.\n"
+"This helps maintain a satisfactory build success rate even when network "
+"performance is poor.\n"
+"There is no bias toward selecting peers that were previously participants"
+" in an exploratory tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:223
+msgid ""
+"As the standard group includes a very large subset of all peers the "
+"router knows about,\n"
+"exploratory tunnels are essentially built through a random selection of "
+"all peers,\n"
+"until the build success rate becomes too low."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:231
+msgid "Restrictions"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:232
+msgid ""
+"To prevent some simple attacks, and for performance, there are the "
+"following restrictions:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:236
+msgid "Two peers from the same /16 IP space may not be in the same tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:239
+msgid ""
+"A peer may participate in a maximum of 33&#37; of all tunnels created by "
+"the router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:242
+msgid "Peers with extremely low bandwidth are not used."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:245
+msgid "Peers for which a recent connection attempt failed are not used."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:252
+msgid "Peer Ordering in Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:253
+#, python-format
+msgid ""
+"Peers are ordered within tunnels to\n"
+"to deal with the <a href=\"%(pdf)s\">predecessor attack</a>\n"
+"<a href=\"%(pdf2008)s\">(2008 update)</a>.\n"
+"More information is on the <a href=\"%(tunnelimpl)s#ordering\">tunnel "
+"page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:268
+msgid "Continue to analyze an tune speed and capacity calculations as necessary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:271
+msgid ""
+"Implement a more aggressive ejection strategy if necessary to control "
+"memory usage as the network grows"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:274
+msgid "Evaluate group size limits"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:277
+msgid "Use GeoIP data to include or exclude certain peers, if configured"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:283
+#, python-format
+msgid ""
+"For those reading the paper\n"
+"<a href=\"%(pdf)s\">Peer Profiling and Selection in the I2P Anonymous "
+"Network</a>,\n"
+"please keep in mind the following minor changes in I2P since the paper's "
+"publication:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:289
+msgid "The Integration calculation is still not used"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:290
+msgid "In the paper, \"groups\" are called \"tiers\""
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:291
+msgid "The \"Failing\" tier is no longer used"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:292
+msgid "The \"Not Failing\" tier is now named \"Standard\""
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:301
+msgid "One Cell Enough"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:303
+msgid "Tor Entry Guards"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:305
+msgid "Murdoch 2007 Paper"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:307
+msgid "Tune-up for Tor"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/peer-selection.html:309
+msgid "Low-resource Routing Attacks Against Tor"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:2
+msgid "I2P: A scalable framework for anonymous communication"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:5
+#: i2p2www/pages/site/docs/how/tech-intro.html:20
+#: i2p2www/pages/site/docs/transport/ssu.html:332
+msgid "Introduction"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:7
+msgid "I2P Operation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:12
+#: i2p2www/pages/site/docs/how/tech-intro.html:397
+msgid "Transport protocols"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:13
+#: i2p2www/pages/site/docs/how/tech-intro.html:454
+msgid "Cryptography"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:21
+msgid ""
+"I2P is a scalable, self organizing, resilient packet switched anonymous \n"
+"network layer, upon which any number of different anonymity or security "
+"conscious \n"
+"applications can operate. Each of these applications may make their own "
+"anonymity, \n"
+"latency, and throughput tradeoffs without worrying about the proper "
+"implementation \n"
+"of a free route mixnet, allowing them to blend their activity with the "
+"larger \n"
+"anonymity set of users already running on top of I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:30
+msgid ""
+"Applications available already provide the full range of typical Internet"
+" activities -\n"
+"<b>anonymous</b> web browsing, web hosting, chat, file sharing, e-mail,\n"
+"blogging and content syndication, newsgroups, as well as several other "
+"applications under development."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:36
+msgid "Web browsing: using any existing browser that supports using a proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:37
+msgid "Chat: IRC, Jabber, <a href=\"#app.i2pmessenger\">I2P-Messenger</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:38
+msgid ""
+"File sharing: <a href=\"#app.i2psnark\">I2PSnark</a>, <a "
+"href=\"#app.robert\">Robert</a>, <a href=\"#app.imule\">iMule</a>, \n"
+"<a href=\"#app.i2phex\">I2Phex</a>, <a href=\"#app.pybit\">PyBit</a>, <a "
+"href=\"#app.i2pbt\">I2P-bt</a>\n"
+"and others."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:43
+msgid ""
+"E-mail: <a href=\"#app.i2pmail\">susimail</a> and <a href=\"#app.i2pbote"
+"\">I2P-Bote</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:44
+msgid ""
+"Blog: using e.g. the pebble plugin or the distributed blogging software "
+"<a href=\"#app.syndie\">Syndie</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:45
+msgid ""
+"Distributed Data Store: Save your data redundantly in the Tahoe-LAFS "
+"cloud over I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:46
+msgid "Newsgroups: using any newsgroup reader that supports using a proxy."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:49
+msgid ""
+"Unlike web sites hosted within content distribution networks like <a "
+"href=\"#similar.freenet\">Freenet</a> \n"
+"or <a href=\"http://www.ovmj.org/GNUnet/\">GNUnet</a>, the services "
+"hosted on \n"
+"I2P are fully interactive - there are traditional web-style search "
+"engines, \n"
+"bulletin boards, blogs you can comment on, database driven sites, and "
+"bridges \n"
+"to query static systems like Freenet without needing to install it "
+"locally."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:57
+msgid ""
+"With all of these anonymity enabled applications, I2P takes on the role \n"
+"of the message oriented middleware - applications say that they want to "
+"send \n"
+"some data to a cryptographic identifier (a \"destination\") and I2P takes"
+" care \n"
+"of making sure it gets there securely and anonymously. I2P also bundles a"
+" \n"
+"simple <a href=\"#app.streaming\">streaming</a> library to allow I2P's "
+"anonymous \n"
+"best-effort messages to transfer as reliable, in-order streams, "
+"transparently \n"
+"offering a TCP based congestion control algorithm tuned for the high "
+"bandwidth \n"
+"delay product of the network. While there have been several simple SOCKS "
+"proxies \n"
+"available to tie existing applications into the network, their value has "
+"been \n"
+"limited as nearly every application routinely exposes what, in an "
+"anonymous \n"
+"context, is sensitive information. The only safe way to go is to fully "
+"audit \n"
+"an application to ensure proper operation and to assist in that we "
+"provide \n"
+"a series of APIs in various languages which can be used to make the most "
+"out \n"
+"of the network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:74
+#, python-format
+msgid ""
+"I2P is not a research project - academic, commercial, or governmental, "
+"but \n"
+"is instead an engineering effort aimed at doing whatever is necessary to "
+"provide \n"
+"a sufficient level of anonymity to those who need it. It has been in "
+"active \n"
+"development since early 2003 with one full time developer and a dedicated"
+" \n"
+"group of part time contributors from all over the world. All of the work "
+"done \n"
+"on I2P is open source and freely available on the <a "
+"href=\"%(site)s\">website</a>, \n"
+"with the majority of the code released outright into the public domain, "
+"though \n"
+"making use of a few cryptographic routines under BSD-style licenses. The "
+"people \n"
+"working on I2P do not control what people release client applications "
+"under, \n"
+"and there are several GPL'ed applications available (<a "
+"href=\"#app.i2ptunnel\">I2PTunnel</a>, \n"
+"<a href=\"#app.i2pmail\">susimail</a>, <a "
+"href=\"#app.i2psnark\">I2PSnark</a>, <a href=\"#app.i2pbote\">I2P-"
+"Bote</a>, \n"
+"<a href=\"#app.i2phex\">I2Phex</a> and others.).\n"
+"<a href=\"%(halloffame)s\">Funding</a> for I2P comes entirely from "
+"donations,\n"
+"and does not receive any tax breaks in any jurisdiction at this time,\n"
+"as many of the developers are themselves anonymous."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:92
+msgid "Operation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:94
+msgid ""
+"To understand I2P's operation, it is essential to understand a few key "
+"concepts. \n"
+"First, I2P makes a strict separation between the software participating "
+"in \n"
+"the network (a \"router\") and the anonymous endpoints (\"destinations\")"
+" associated \n"
+"with individual applications. The fact that someone is running I2P is not"
+" \n"
+"usually a secret. What is hidden is information on what the user is "
+"doing, \n"
+"if anything at all, as well as what router a particular destination is "
+"connected \n"
+"to. End users will typically have several local destinations on their "
+"router \n"
+"- for instance, one proxying in to IRC servers, another supporting the "
+"user's \n"
+"anonymous webserver (\"eepsite\"), another for an I2Phex instance, "
+"another for \n"
+"torrents, etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:107
+msgid ""
+"Another critical concept to understand is the \"tunnel\".\n"
+"A tunnel is a directed path through an explicitly selected list of "
+"routers.\n"
+"Layered encryption is used, so each of the routers can only decrypt a "
+"single layer.\n"
+"The decrypted information contains the IP of the next router, along with\n"
+"the encrypted information to be forwarded.\n"
+"Each tunnel has a starting point (the first router, also known as "
+"\"gateway\")\n"
+"and an end point. Messages can be sent only in one way. To send messages "
+"back,\n"
+"another tunnel is required."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:118
+#: i2p2www/pages/site/docs/tunnels/implementation.html:105
+msgid "Inbound and outbound tunnel schematic"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:120
+msgid "Figure 1: Two types of tunnels exist: inbound and outbound."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:123
+msgid ""
+"Two types of tunnels exist:\n"
+"<b>\"outbound\" tunnels</b> send messages away from the tunnel creator,\n"
+"while <b>\"inbound\" tunnels</b> bring messages to the tunnel creator.\n"
+"Combining these two tunnels allows users to send messages to each other.\n"
+"The sender (\"Alice\" in the above image) sets up an outbound tunnel,\n"
+"while the receiver (\"Bob\" in the above image) creates an inbound "
+"tunnel.\n"
+"The gateway of an inbound tunnel can receive messages from any other user"
+"\n"
+"and will send them on until the endpoint (\"Bob\").\n"
+"The endpoint of the outbound tunnel will need to send the message\n"
+"on to the gateway of the inbound tunnel.\n"
+"To do this, the sender (\"Alice\") adds instructions to her encrypted "
+"message.\n"
+"Once the endpoint of the outbound tunnel decrypts the message,\n"
+"it will have instructions to forward the message to the correct\n"
+"inbound gateway (the gateway to \"Bob\")."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:140
+msgid ""
+"A third critical concept to understand is I2P's <b>\"network "
+"database\"</b> (or \"netDb\") \n"
+"- a pair of algorithms used to share network metadata. The two types of "
+"metadata \n"
+"carried are <b>\"routerInfo\"</b> and <b>\"leaseSets\"</b> - the "
+"routerInfo gives routers the \n"
+"data necessary for contacting a particular router (their public keys, "
+"transport \n"
+"addresses, etc), while the leaseSet gives routers the information "
+"necessary \n"
+"for contacting a particular destination. A leaseSet contains a number of "
+"\"leases\".\n"
+"Each of this leases specifies a tunnel gateway, which allows reaching a "
+"specific destination.\n"
+"The full information contained in a lease:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:151
+msgid "Inbound gateway for a tunnel that allows reaching a specific destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:152
+msgid "Time when a tunnel expires."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:153
+msgid ""
+"Pair of public keys to be able to encrypt messages (to send through the "
+"tunnel and reach the destination)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:155
+msgid ""
+"Routers themselves send their routerInfo to the netDb directly, while "
+"leaseSets are sent through outbound tunnels\n"
+"(leaseSets need to be sent anonymously, to avoid correlating a router "
+"with his leaseSets)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:160
+msgid ""
+"We can combine the above concepts to build successful connections in the "
+"network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:164
+msgid ""
+"To build up her own inbound and outbound tunnels, Alice does a lookup in "
+"the netDb to collect routerInfo.\n"
+"This way, she gathers lists of peers she can use as hops in her tunnels.\n"
+"She can then send a build message to the first hop, requesting the "
+"construction of a tunnel and asking\n"
+"that router to send the construction message onward, until the tunnel has"
+" been constructed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:171
+msgid "Request information on other routers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:173
+msgid "Build tunnel using router information"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:175
+msgid "Figure 2: Router information is used to build tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:178
+msgid ""
+"When Alice wants to send a message to Bob, she first does a lookup in the"
+" \n"
+"netDb to find Bob's leaseSet, giving her his current inbound tunnel "
+"gateways. \n"
+"She then picks one of her outbound tunnels and sends the message down it "
+"with \n"
+"instructions for the outbound tunnel's endpoint to forward the message on"
+" \n"
+"to one of Bob's inbound tunnel gateways. When the outbound tunnel "
+"endpoint \n"
+"receives those instructions, it forwards the message as requested, and "
+"when \n"
+"Bob's inbound tunnel gateway receives it, it is forwarded down the tunnel"
+" \n"
+"to Bob's router. If Alice wants Bob to be able to reply to the message, "
+"she \n"
+"needs to transmit her own destination explicitly as part of the message "
+"itself.\n"
+"This can be done by introducing a higher-level layer, which is done in "
+"the\n"
+"<a href=\"#app.streaming\">streaming</a> library.\n"
+"Alice may also cut down on the response time by bundling her most \n"
+"recent LeaseSet with the message so that Bob doesn't need to do a netDb "
+"lookup \n"
+"for it when he wants to reply, but this is optional."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:195
+msgid "Connect tunnels using LeaseSets"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:195
+msgid "Connect tunnels using leaseSets"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:197
+msgid "Figure 3: LeaseSets are used to connect outbound and inbound tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:200
+msgid ""
+"While the tunnels themselves have layered encryption to prevent "
+"unauthorized \n"
+"disclosure to peers inside the network (as the transport layer itself "
+"does \n"
+"to prevent unauthorized disclosure to peers outside the network), it is "
+"necessary \n"
+"to add an additional end to end layer of encryption to hide the message "
+"from \n"
+"the outbound tunnel endpoint and the inbound tunnel gateway. This \"<a "
+"href=\"#op.garlic\">garlic \n"
+"encryption</a>\" lets Alice's router wrap up multiple messages into a "
+"single \n"
+"\"garlic message\", encrypted to a particular public key so that "
+"intermediary \n"
+"peers cannot determine either how many messages are within the garlic, "
+"what \n"
+"those messages say, or where those individual cloves are destined. For "
+"typical \n"
+"end to end communication between Alice and Bob, the garlic will be "
+"encrypted \n"
+"to the public key published in Bob's leaseSet, allowing the message to be"
+" \n"
+"encrypted without giving out the public key to Bob's own router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:215
+msgid ""
+"Another important fact to keep in mind is that I2P is entirely message "
+"based \n"
+"and that some messages may be lost along the way. Applications using I2P "
+"can \n"
+"use the message oriented interfaces and take care of their own congestion"
+" \n"
+"control and reliability needs, but most would be best served by reusing "
+"the \n"
+"provided <a href=\"#app.streaming\">streaming</a> library to view I2P as "
+"a streams \n"
+"based network."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:225
+msgid ""
+"Both inbound and outbound tunnels work along similar principles.\n"
+"The tunnel gateway accumulates a number of tunnel messages, eventually "
+"preprocessing \n"
+"them into something for tunnel delivery. Next, the gateway encrypts that "
+"preprocessed \n"
+"data and forwards it to the first hop. That peer and subsequent tunnel "
+"participants \n"
+"add on a layer of encryption after verifying that it isn't a duplicate "
+"before \n"
+"forward it on to the next peer. Eventually, the message arrives at the "
+"endpoint \n"
+"where the messages are split out again and forwarded on as requested. The"
+" \n"
+"difference arises in what the tunnel's creator does - for inbound "
+"tunnels, \n"
+"the creator is the endpoint and they simply decrypt all of the layers "
+"added, \n"
+"while for outbound tunnels, the creator is the gateway and they pre-"
+"decrypt \n"
+"all of the layers so that after all of the layers of per-hop encryption "
+"are \n"
+"added, the message arrives in the clear at the tunnel endpoint."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:240
+msgid ""
+"The choice of specific peers to pass on messages as well as their "
+"particular \n"
+"ordering is important to understanding both I2P's anonymity and "
+"performance \n"
+"characteristics. While the network database (below) has its own criteria "
+"for \n"
+"picking what peers to query and store entries on, tunnel creators may use"
+" any peers \n"
+"in the network in any order (and even any number of times) in a single "
+"tunnel. \n"
+"If perfect latency and capacity data were globally known, selection and "
+"ordering \n"
+"would be driven by the particular needs of the client in tandem with "
+"their \n"
+"threat model. Unfortunately, latency and capacity data is not trivial to "
+"gather \n"
+"anonymously, and depending upon untrusted peers to provide this "
+"information \n"
+"has its own serious anonymity implications."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:253
+msgid ""
+"From an anonymity perspective, the simplest technique would be to pick "
+"peers \n"
+"randomly from the entire network, order them randomly and use those peers"
+" \n"
+"in that order for all eternity. From a performance perspective, the "
+"simplest \n"
+"technique would be to pick the fastest peers with the necessary spare "
+"capacity, \n"
+"spreading the load across different peers to handle transparent failover,"
+" \n"
+"and to rebuild the tunnel whenever capacity information changes. While "
+"the \n"
+"former is both brittle and inefficient, the later requires inaccessible "
+"information \n"
+"and offers insufficient anonymity. I2P is instead working on offering a "
+"range \n"
+"of peer selection strategies, coupled with anonymity aware measurement "
+"code \n"
+"to organize the peers by their profiles."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:266
+msgid ""
+"As a base, I2P is constantly profiling the peers with which it interacts"
+" \n"
+"with by measuring their indirect behavior - for instance, when a peer "
+"responds \n"
+"to a netDb lookup in 1.3 seconds, that round trip latency is recorded in "
+"the \n"
+"profiles for all of the routers involved in the two tunnels (inbound and "
+"outbound) \n"
+"through which the request and response passed, as well as the queried "
+"peer's \n"
+"profile. Direct measurement, such as transport layer latency or "
+"congestion, \n"
+"is not used as part of the profile, as it can be manipulated and "
+"associated \n"
+"with the measuring router, exposing them to trivial attacks. While "
+"gathering \n"
+"these profiles, a series of calculations are run on each to summarize its"
+" \n"
+"performance - its latency, capacity to handle lots of activity, whether "
+"they \n"
+"are currently overloaded, and how well integrated into the network they "
+"seem \n"
+"to be. These calculations are then compared for active peers to organize "
+"the \n"
+"routers into four tiers - fast and high capacity, high capacity, not "
+"failing, \n"
+"and failing. The thresholds for those tiers are determined dynamically, "
+"and \n"
+"while they currently use fairly simple algorithms, alternatives exist."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:284
+msgid ""
+"Using this profile data, the simplest reasonable peer selection strategy"
+" \n"
+"is to pick peers randomly from the top tier (fast and high capacity), and"
+" \n"
+"this is currently deployed for client tunnels. Exploratory tunnels (used "
+"for \n"
+"netDb and tunnel management) pick peers randomly from the \"not failing\""
+" tier \n"
+"(which includes routers in 'better' tiers as well), allowing the peer to "
+"sample \n"
+"routers more widely, in effect optimizing the peer selection through "
+"randomized \n"
+"hill climbing. These strategies alone do however leak information "
+"regarding \n"
+"the peers in the router's top tier through predecessor and netDb "
+"harvesting \n"
+"attacks. In turn, several alternatives exist which, while not balancing "
+"the \n"
+"load as evenly, will address the attacks mounted by particular classes of"
+" \n"
+"adversaries."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:298
+msgid ""
+"By picking a random key and ordering the peers according to their XOR "
+"distance \n"
+"from it, the information leaked is reduced in predecessor and harvesting "
+"attacks \n"
+"according to the peers' failure rate and the tier's churn. Another simple"
+" \n"
+"strategy for dealing with netDb harvesting attacks is to simply fix the "
+"inbound \n"
+"tunnel gateway(s) yet randomize the peers further on in the tunnels. To "
+"deal \n"
+"with predecessor attacks for adversaries which the client contacts, the "
+"outbound \n"
+"tunnel endpoints would also remain fixed. The selection of which peer to "
+"fix \n"
+"on the most exposed point would of course need to have a limit to the "
+"duration, \n"
+"as all peers fail eventually, so it could either be reactively adjusted "
+"or \n"
+"proactively avoided to mimic a measured mean time between failures of "
+"other \n"
+"routers. These two strategies can in turn be combined, using a fixed "
+"exposed \n"
+"peer and an XOR based ordering within the tunnels themselves. A more "
+"rigid \n"
+"strategy would fix the exact peers and ordering of a potential tunnel, "
+"only \n"
+"using individual peers if all of them agree to participate in the same "
+"way \n"
+"each time. This varies from the XOR based ordering in that the "
+"predecessor \n"
+"and successor of each peer is always the same, while the XOR only makes "
+"sure \n"
+"their order doesn't change."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:318
+#, python-format
+msgid ""
+"As mentioned before, I2P currently (release 0.8) includes the tiered \n"
+"random strategy above, with XOR-based ordering. A \n"
+"more detailed discussion of the mechanics involved in tunnel operation, "
+"management, \n"
+"and peer selection can be found in the <a href=\"%(tunnelimpl)s\">tunnel "
+"spec</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:326
+#, python-format
+msgid ""
+"As mentioned earlier, I2P's netDb works to share the network's metadata.\n"
+"This is detailed in <a href=\"%(netdb)s\">the network database</a> page,\n"
+"but a basic explanation is available below."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:332
+msgid ""
+"A percentage of I2P users are appointed as 'floodfill peers'.\n"
+"Currently, I2P installations that have a lot of bandwidth and are fast "
+"enough,\n"
+"will appoint themselves as floodfill as soon as the number of existing "
+"floodfill routers\n"
+"drops too low."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:339
+#, python-format
+msgid ""
+"Other I2P routers will store their data and lookup data by sending simple"
+" 'store' and 'lookup' queries to the floodfills.\n"
+"If a floodfill router receives a 'store' query, it will spread the "
+"information to other floodfill routers\n"
+"using the <a href=\"http://en.wikipedia.org/wiki/Kademlia\">Kademlia "
+"algorithm</a>.\n"
+"The 'lookup' queries currently function differently, to avoid an "
+"important\n"
+"<a href=\"%(netdb)s#lookup\">security issue</a>.\n"
+"When a lookup is done, the floodfill router will not forward the lookup "
+"to other peers,\n"
+"but will always answer by itself (if it has the requested data)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:349
+msgid "Two types of information are stored in the network database."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:353
+msgid ""
+"A <b>RouterInfo</b> stores information on a specific I2P router and how "
+"to contact it"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:354
+msgid ""
+"A <b>LeaseSet</b> stores information on a specific destination (e.g. I2P "
+"website, e-mail server...)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:356
+msgid ""
+"All of this information is signed by the publishing party and verified by"
+" any I2P router using or storing the information.\n"
+"In addition, the data contains timing information, to avoid storage of "
+"old entries and possible attacks.\n"
+"This is also why I2P bundles the necessary code for maintaining the "
+"correct time, occasionally querying some SNTP servers \n"
+"(the <a href=\"http://www.pool.ntp.org/\">pool.ntp.org</a> round robin by"
+" default)\n"
+"and detecting skew between routers at the transport layer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:364
+msgid "Some additional remarks are also important."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:369
+msgid "Unpublished and encrypted leasesets:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:370
+msgid ""
+"One could only want specific people to be able to reach a destination.\n"
+"This is possible by not publishing the destination in the netDb. You will"
+" however have to transmit the destination by other means.\n"
+"An alternative are the 'encrypted leaseSets'. These leaseSets can only be"
+" decoded by people with access to the decryption key."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:377
+msgid "Bootstrapping:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:378
+msgid ""
+"Bootstrapping the netDb is quite simple. Once a router manages to receive"
+" a single routerInfo of a reachable peer,\n"
+"it can query that router for references to other routers in the network.\n"
+"Currently, a number of users post their routerInfo files to a website to "
+"make this information available.\n"
+"I2P automatically connects to one of these websites to gather routerInfo "
+"files and bootstrap."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:386
+msgid "Lookup scalability:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:387
+msgid ""
+"Lookups in the I2P network are not forwarded to other netDb routers.\n"
+"Currently, this is not a major problem, since the network is not very "
+"large.\n"
+"However, as the network grows, not all routerInfo and leaseSet files will"
+" be present\n"
+"on each netDb router. This will cause a deterioration of the percentage "
+"of successful lookups.\n"
+"Because of this, refinements to the netDb will be done in the next "
+"releases."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:398
+msgid ""
+"Communication between routers needs to provide confidentiality and "
+"integrity \n"
+"against external adversaries while authenticating that the router "
+"contacted \n"
+"is the one who should receive a given message. The particulars of how "
+"routers \n"
+"communicate with other routers aren't critical - three separate protocols"
+" \n"
+"have been used at different points to provide those bare necessities."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:406
+#, python-format
+msgid ""
+"I2P started with a TCP-based protocol which \n"
+"has since been disabled. Then, to accommodate the need for high degree "
+"communication \n"
+"(as a number of routers will end up speaking with many others), I2P moved"
+" \n"
+"from a TCP based transport to a <a href=\"%(ssu)s\">UDP-based one</a> - "
+"\"Secure \n"
+"Semireliable UDP\", or \"SSU\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:414
+#, python-format
+msgid "As described in the <a href=\"%(ssu)s\">SSU spec</a>:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:418
+msgid ""
+"The goal of this protocol is to provide secure, authenticated, \n"
+"semireliable and unordered message delivery, exposing only a minimal "
+"amount \n"
+"of data easily discernible to third parties. It should support high "
+"degree \n"
+"communication as well as TCP-friendly congestion control and may include"
+" \n"
+"PMTU detection. It should be capable of efficiently moving bulk data at "
+"rates \n"
+"sufficient for home users. In addition, it should support techniques for "
+"addressing \n"
+"network obstacles, like most NATs or firewalls."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:428
+#, python-format
+msgid ""
+"Following the introduction of SSU, after issues with congestion collapse"
+" \n"
+"appeared, a new NIO-based TCP transport called <a "
+"href=\"%(ntcp)s\">NTCP</a> \n"
+"was implemented. It is enabled by default for outbound connections only. "
+"Those \n"
+"who configure their NAT/firewall to allow inbound connections and specify"
+" \n"
+"the external host and port (dyndns/etc is ok) on /config.jsp can receive "
+"inbound \n"
+"connections. As NTCP is NIO based, so it doesn't suffer from the 1 thread"
+" \n"
+"per connection issues of the old TCP transport."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:438
+msgid ""
+"I2P supports multiple transports simultaneously. A particular transport \n"
+"for an outbound connection is selected with \"bids\". Each transport bids"
+" for \n"
+"the connection and the relative value of these bids assigns the priority."
+" \n"
+"Transports may reply with different bids, depending on whether there is "
+"already \n"
+"an established connection to the peer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:446
+#, python-format
+msgid ""
+"The current implementation ranks NTCP as the highest-priority transport \n"
+"for outbound connections in most situations. SSU is enabled for both "
+"outbound \n"
+"and inbound connections. Your firewall and your I2P router must be "
+"configured \n"
+"to allow inbound NTCP connections. For further information see the <a "
+"href=\"%(ntcp)s\">NTCP \n"
+"page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:455
+msgid ""
+"A bare minimum set of cryptographic primitives are combined together to \n"
+"provide I2P's layered defenses against a variety of adversaries. At the "
+"lowest \n"
+"level, inter router communication is protected by the transport layer "
+"security \n"
+"- SSU encrypts each packet with AES256/CBC with both an explicit IV and "
+"MAC \n"
+"(HMAC-MD5-128) after agreeing upon an ephemeral session key through a "
+"2048bit \n"
+"Diffie-Hellman exchange, station-to-station authentication with the other"
+" \n"
+"router's DSA key, plus each network message has their own hash for local "
+"integrity \n"
+"checking. <a href=\"#op.tunnels\">Tunnel</a> messages passed over the "
+"transports \n"
+"have their own layered AES256/CBC encryption with an explicit IV and "
+"verified \n"
+"at the tunnel endpoint with an additional SHA256 hash. Various other "
+"messages \n"
+"are passed along inside \"garlic messages\", which are encrypted with "
+"ElGamal/AES+SessionTags \n"
+"(explained below)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:470
+msgid "Garlic messages"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:471
+msgid ""
+"Garlic messages are an extension of \"onion\" layered encryption, "
+"allowing \n"
+"the contents of a single message to contain multiple \"cloves\" - fully "
+"formed \n"
+"messages alongside their own instructions for delivery. Messages are "
+"wrapped \n"
+"into a garlic message whenever the message would otherwise be passing in "
+"cleartext \n"
+"through a peer who should not have access to the information - for "
+"instance, \n"
+"when a router wants to ask another router to participate in a tunnel, "
+"they \n"
+"wrap the request inside a garlic, encrypt that garlic to the receiving "
+"router's \n"
+"2048bit ElGamal public key, and forward it through a tunnel. Another "
+"example \n"
+"is when a client wants to send a message to a destination - the sender's "
+"router \n"
+"will wrap up that data message (alongside some other messages) into a "
+"garlic, \n"
+"encrypt that garlic to the 2048bit ElGamal public key published in the "
+"recipient's \n"
+"leaseSet, and forward it through the appropriate tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:486
+msgid ""
+"The \"instructions\" attached to each clove inside the encryption layer "
+"includes \n"
+"the ability to request that the clove be forwarded locally, to a remote "
+"router, \n"
+"or to a remote tunnel on a remote router. There are fields in those "
+"instructions \n"
+"allowing a peer to request that the delivery be delayed until a certain "
+"time \n"
+"or condition has been met, though they won't be honored until the <a "
+"href=\"#future.variablelatency\">nontrivial \n"
+"delays</a> are deployed. It is possible to explicitly route garlic "
+"messages \n"
+"any number of hops without building tunnels, or even to reroute tunnel "
+"messages \n"
+"by wrapping them in garlic messages and forwarding them a number of hops "
+"prior \n"
+"to delivering them to the next hop in the tunnel, but those techniques "
+"are \n"
+"not currently used in the existing implementation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:499
+msgid "Session tags"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:500
+msgid ""
+"As an unreliable, unordered, message based system, I2P uses a simple "
+"combination \n"
+"of asymmetric and symmetric encryption algorithms to provide data "
+"confidentiality \n"
+"and integrity to garlic messages. As a whole, the combination is referred"
+" \n"
+"to as ElGamal/AES+SessionTags, but that is an excessively verbose way to "
+"describe \n"
+"the simple use of 2048bit ElGamal, AES256, SHA256 and 32 byte nonces."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:539
+msgid ""
+"Session tags themselves have a very short lifetime, after which they are"
+" \n"
+"discarded if not used. In addition, the quantity stored for each key is "
+"limited, \n"
+"as are the number of keys themselves - if too many arrive, either new or "
+"old \n"
+"messages may be dropped. The sender keeps track whether messages using "
+"session \n"
+"tags are getting through, and if there isn't sufficient communication it "
+"may \n"
+"drop the ones previously assumed to be properly delivered, reverting back"
+" \n"
+"to the full expensive ElGamal encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:549
+msgid ""
+"One alternative is to transmit only a single session tag, and from that,"
+" \n"
+"seed a deterministic PRNG for determining what tags to use or expect. By "
+"keeping \n"
+"this PRNG roughly synchronized between the sender and recipient (the "
+"recipient \n"
+"precomputes a window of the next e.g. 50 tags), the overhead of "
+"periodically \n"
+"bundling a large number of tags is removed, allowing more options in the "
+"space/time \n"
+"tradeoff, and perhaps reducing the number of ElGamal encryptions "
+"necessary. \n"
+"However, it would depend upon the strength of the PRNG to provide the "
+"necessary \n"
+"cover against internal adversaries, though perhaps by limiting the amount"
+" \n"
+"of times each PRNG is used, any weaknesses can be minimized. At the "
+"moment, \n"
+"there are no immediate plans to move towards these synchronized PRNGs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:562
+msgid "Future"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:563
+msgid ""
+"While I2P is currently functional and sufficient for many scenarios, "
+"there \n"
+"are several areas which require further improvement to meet the needs of "
+"those \n"
+"facing more powerful adversaries as well as substantial user experience "
+"optimization."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:569
+msgid "Restricted route operation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:570
+msgid ""
+"I2P is an overlay network designed to be run on top of a functional "
+"packet \n"
+"switched network, exploiting the end to end principle to offer anonymity "
+"and \n"
+"security. While the Internet no longer fully embraces the end to end "
+"principle\n"
+"(due to the usage of NAT), \n"
+"I2P does require a substantial portion of the network to be reachable - "
+"there \n"
+"may be a number of peers along the edges running using restricted routes,"
+" \n"
+"but I2P does not include an appropriate routing algorithm for the "
+"degenerate \n"
+"case where most peers are unreachable. It would, however work on top of a"
+" \n"
+"network employing such an algorithm."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:582
+msgid ""
+"Restricted route operation, where there are limits to what peers are "
+"reachable \n"
+"directly, has several different functional and anonymity implications, "
+"dependent \n"
+"upon how the restricted routes are handled. At the most basic level, "
+"restricted \n"
+"routes exist when a peer is behind a NAT or firewall which does not allow"
+" \n"
+"inbound connections. This was largely addressed in I2P 0.6.0.6 by "
+"integrating \n"
+"distributed hole punching into the transport layer, allowing people "
+"behind \n"
+"most NATs and firewalls to receive unsolicited connections without any "
+"configuration. \n"
+"However, this does not limit the exposure of the peer's IP address to "
+"routers \n"
+"inside the network, as they can simply get introduced to the peer through"
+" \n"
+"the published introducer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:595
+msgid ""
+"Beyond the functional handling of restricted routes, there are two levels"
+" \n"
+"of restricted operation that can be used to limit the exposure of one's "
+"IP \n"
+"address - using router-specific tunnels for communication, and offering "
+"'client \n"
+"routers'. For the former, routers can either build a new pool of tunnels "
+"or \n"
+"reuse their exploratory pool, publishing the inbound gateways to some of "
+"them \n"
+"as part of their routerInfo in place of their transport addresses. When a"
+" \n"
+"peer wants to get in touch with them, they see those tunnel gateways in "
+"the \n"
+"netDb and simply send the relevant message to them through one of the "
+"published \n"
+"tunnels. If the peer behind the restricted route wants to reply, it may "
+"do \n"
+"so either directly (if they are willing to expose their IP to the peer) "
+"or \n"
+"indirectly through their outbound tunnels. When the routers that the peer"
+" \n"
+"has direct connections to want to reach it (to forward tunnel messages, "
+"for \n"
+"instance), they simply prioritize their direct connection over the "
+"published \n"
+"tunnel gateway. The concept of 'client routers' simply extends the "
+"restricted \n"
+"route by not publishing any router addresses. Such a router would not "
+"even \n"
+"need to publish their routerInfo in the netDb, merely providing their "
+"self \n"
+"signed routerInfo to the peers that it contacts (necessary to pass the "
+"router's \n"
+"public keys). Both levels of restricted route operation are planned for "
+"I2P \n"
+"2.0."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:617
+msgid ""
+"There are tradeoffs for those behind restricted routes, as they would "
+"likely \n"
+"participate in other people's tunnels less frequently, and the routers "
+"which \n"
+"they are connected to would be able to infer traffic patterns that would "
+"not \n"
+"otherwise be exposed. On the other hand, if the cost of that exposure is "
+"less \n"
+"than the cost of an IP being made available, it may be worthwhile. This, "
+"of \n"
+"course, assumes that the peers that the router behind a restricted route "
+"contacts \n"
+"are not hostile - either the network is large enough that the probability"
+" \n"
+"of using a hostile peer to get connected is small enough, or trusted (and"
+" \n"
+"perhaps temporary) peers are used instead."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:629
+msgid "Variable latency"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:630
+msgid ""
+"Even though the bulk of I2P's initial efforts have been on low latency "
+"communication, \n"
+"it was designed with variable latency services in mind from the "
+"beginning. \n"
+"At the most basic level, applications running on top of I2P can offer the"
+" \n"
+"anonymity of medium and high latency communication while still blending "
+"their \n"
+"traffic patterns in with low latency traffic. Internally though, I2P can "
+"offer \n"
+"its own medium and high latency communication through the garlic "
+"encryption \n"
+"- specifying that the message should be sent after a certain delay, at a "
+"certain \n"
+"time, after a certain number of messages have passed, or another mix "
+"strategy. \n"
+"With the layered encryption, only the router that the clove exposed the "
+"delay \n"
+"request would know that the message requires high latency, allowing the "
+"traffic \n"
+"to blend in further with the low latency traffic. Once the transmission "
+"precondition \n"
+"is met, the router holding on to the clove (which itself would likely be "
+"a \n"
+"garlic message) simply forwards it as requested - to a router, to a "
+"tunnel, \n"
+"or, most likely, to a remote client destination."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:647
+msgid ""
+"There are a substantial number of ways to exploit this capacity for high"
+" \n"
+"latency comm in I2P, but for the moment, doing so has been scheduled for "
+"the \n"
+"I2P 3.0 release. In the meantime, those requiring the anonymity that high"
+" \n"
+"latency comm can offer should look towards the application layer to "
+"provide \n"
+"it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:655
+msgid "Open questions"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:657
+msgid "How to get rid of the timing constraint?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:658
+msgid "Can we deal with the sessionTags more efficiently?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:659
+msgid ""
+"What, if any, batching/mixing strategies should be made available on the "
+"tunnels?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:660
+msgid ""
+"What other tunnel peer selection and ordering strategies should be "
+"available?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:663
+msgid "Similar systems"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:665
+msgid ""
+"I2P's architecture builds on the concepts of message oriented middleware,"
+" \n"
+"the topology of DHTs, the anonymity and cryptography of free route "
+"mixnets, \n"
+"and the adaptability of packet switched networking. The value comes not "
+"from \n"
+"novel concepts of algorithms though, but from careful engineering "
+"combining \n"
+"the research results of existing systems and papers. While there are a "
+"few \n"
+"similar efforts worth reviewing, both for technical and functional "
+"comparisons, \n"
+"two in particular are pulled out here - Tor and Freenet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:675
+#, python-format
+msgid "See also the <a href=\"%(comparisons)s\">Network Comparisons Page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:680
+#: i2p2www/pages/site/docs/how/tech-intro.html:745
+msgid "website"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:682
+msgid ""
+"At first glance, Tor and I2P have many functional and anonymity related \n"
+"similarities. While I2P's development began before we were aware of the "
+"early \n"
+"stage efforts on Tor, many of the lessons of the original onion routing "
+"and \n"
+"ZKS efforts were integrated into I2P's design. Rather than building an "
+"essentially \n"
+"trusted, centralized system with directory servers, I2P has a self "
+"organizing \n"
+"network database with each peer taking on the responsibility of profiling"
+" \n"
+"other routers to determine how best to exploit available resources. "
+"Another \n"
+"key difference is that while both I2P and Tor use layered and ordered "
+"paths \n"
+"(tunnels and circuits/streams), I2P is fundamentally a packet switched "
+"network, \n"
+"while Tor is fundamentally a circuit switched one, allowing I2P to "
+"transparently \n"
+"route around congestion or other network failures, operate redundant "
+"pathways, \n"
+"and load balance the data across available resources. While Tor offers "
+"the \n"
+"useful outproxy functionality by offering integrated outproxy discovery "
+"and \n"
+"selection, I2P leaves such application layer decisions up to applications"
+" \n"
+"running on top of I2P - in fact, I2P has even externalized the TCP-like "
+"streaming \n"
+"library itself to the application layer, allowing developers to "
+"experiment \n"
+"with different strategies, exploiting their domain specific knowledge to "
+"offer \n"
+"better performance."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:703
+msgid ""
+"From an anonymity perspective, there is much similarity when the core "
+"networks \n"
+"are compared. However, there are a few key differences. When dealing with"
+" \n"
+"an internal adversary or most external adversaries, I2P's simplex tunnels"
+" \n"
+"expose half as much traffic data than would be exposed with Tor's duplex "
+"circuits \n"
+"by simply looking at the flows themselves - an HTTP request and response "
+"would \n"
+"follow the same path in Tor, while in I2P the packets making up the "
+"request \n"
+"would go out through one or more outbound tunnels and the packets making "
+"up \n"
+"the response would come back through one or more different inbound "
+"tunnels. \n"
+"While I2P's peer selection and ordering strategies should sufficiently "
+"address \n"
+"predecessor attacks, should a switch to bidirectional tunnels be "
+"necessary,\n"
+"we could simply build an inbound and outbound tunnel along the same "
+"routers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:717
+msgid ""
+"Another anonymity issue comes up in Tor's use of telescopic tunnel "
+"creation, \n"
+"as simple packet counting and timing measurements as the cells in a "
+"circuit \n"
+"pass through an adversary's node exposes statistical information "
+"regarding \n"
+"where the adversary is within the circuit. I2P's unidirectional tunnel "
+"creation \n"
+"with a single message so that this data is not exposed. Protecting the "
+"position \n"
+"in a tunnel is important, as an adversary would otherwise be able to "
+"mount \n"
+"a series of powerful predecessor, intersection, and traffic confirmation "
+"attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:727
+msgid ""
+"Tor's support for a second tier of \"onion proxies\" does offer a non-"
+"trivial \n"
+"degree of anonymity while requiring a low cost of entry, while I2P will "
+"not \n"
+"offer this topology until <a href=\"#future.restricted\">2.0</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:733
+msgid ""
+"On the whole, Tor and I2P complement each other in their focus - Tor "
+"works \n"
+"towards offering high speed anonymous Internet outproxying, while I2P "
+"works \n"
+"towards offering a decentralized resilient network in itself. In theory, "
+"both \n"
+"can be used to achieve both purposes, but given limited development "
+"resources, \n"
+"they both have their strengths and weaknesses. The I2P developers have "
+"considered \n"
+"the steps necessary to modify Tor to take advantage of I2P's design, but "
+"concerns \n"
+"of Tor's viability under resource scarcity suggest that I2P's packet "
+"switching \n"
+"architecture will be able to exploit scarce resources more effectively."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:747
+msgid ""
+"Freenet played a large part in the initial stages of I2P's design - "
+"giving \n"
+"proof to the viability of a vibrant pseudonymous community completely "
+"contained \n"
+"within the network, demonstrating that the dangers inherent in outproxies"
+" \n"
+"could be avoided. The first seed of I2P began as a replacement "
+"communication \n"
+"layer for Freenet, attempting to factor out the complexities of a "
+"scalable, \n"
+"anonymous and secure point to point communication from the complexities "
+"of \n"
+"a censorship resistant distributed data store. Over time however, some of"
+" \n"
+"the anonymity and scalability issues inherent in Freenet's algorithms "
+"made \n"
+"it clear that I2P's focus should stay strictly on providing a generic "
+"anonymous \n"
+"communication layer, rather than as a component of Freenet. Over the "
+"years, \n"
+"the Freenet developers have come to see the weaknesses in the older "
+"design, \n"
+"prompting them to suggest that they will require a \"premix\" layer to "
+"offer \n"
+"substantial anonymity. In other words, Freenet needs to run on top of a "
+"mixnet \n"
+"such as I2P or Tor, with \"client nodes\" requesting and publishing data "
+"through \n"
+"the mixnet to the \"server nodes\" which then fetch and store the data "
+"according \n"
+"to Freenet's heuristic distributed data storage algorithms."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:766
+msgid ""
+"Freenet's functionality is very complementary to I2P's, as Freenet "
+"natively \n"
+"provides many of the tools for operating medium and high latency systems,"
+" \n"
+"while I2P natively provides the low latency mix network suitable for "
+"offering \n"
+"adequate anonymity. The logic of separating the mixnet from the "
+"censorship-\n"
+"resistant distributed data store still seems self-evident from an "
+"engineering, \n"
+"anonymity, security, and resource allocation perspective, so hopefully "
+"the \n"
+"Freenet team will pursue efforts in that direction, if not simply reusing"
+" \n"
+"(or helping to improve, as necessary) existing mixnets like I2P or Tor."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:777
+msgid ""
+"It is worth mentioning that there has recently been discussion and work \n"
+"by the Freenet developers on a \"globally scalable darknet\" using "
+"restricted \n"
+"routes between peers of various trust. While insufficient information has"
+" \n"
+"been made publicly available regarding how such a system would operate "
+"for \n"
+"a full review, from what has been said the anonymity and scalability "
+"claims \n"
+"seem highly dubious. In particular, the appropriateness for use in "
+"hostile \n"
+"regimes against state level adversaries has been tremendously overstated,"
+" \n"
+"and any analysis on the implications of resource scarcity upon the "
+"scalability \n"
+"of the network has seemingly been avoided. Further questions regarding "
+"susceptibility \n"
+"to traffic analysis, trust and other topics do exist, but a more in-depth"
+" \n"
+"review of this \"globally scalable darknet\" will have to wait until the "
+"Freenet \n"
+"team makes more information available."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:793
+msgid ""
+"I2P itself doesn't really do much - it simply sends messages to remote "
+"destinations \n"
+"and receives messages targeting local destinations - most of the "
+"interesting \n"
+"work goes on at the layers above it. By itself, I2P could be seen as an "
+"anonymous \n"
+"and secure IP layer, and the bundled <a href=\"#app.streaming\">streaming"
+" library</a> \n"
+"as an implementation of an anonymous and secure TCP layer on top of it. "
+"Beyond \n"
+"that, <a href=\"#app.i2ptunnel\">I2PTunnel</a> exposes a generic TCP "
+"proxying \n"
+"system for either getting into or out of the I2P network, plus a variety "
+"of \n"
+"network applications provide further functionality for end users."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:804
+msgid "Streaming library"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:805
+msgid ""
+"The I2P streaming library can be viewed as a generic streaming interface "
+"(mirroring TCP sockets),\n"
+"and the implementation supports a <a "
+"href=\"http://en.wikipedia.org/wiki/Sliding_Window_Protocol\">sliding "
+"window protocol</a>\n"
+"with several optimizations, to take into account the high delay over I2P."
+"\n"
+"Individual streams may adjust the maximum packet size and \n"
+"other options, though the default of 4KB compressed seems a reasonable "
+"tradeoff \n"
+"between the bandwidth costs of retransmitting lost messages and the "
+"latency \n"
+"of multiple messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:815
+msgid ""
+"In addition, in consideration of the relatively high cost of subsequent \n"
+"messages, the streaming library's protocol for scheduling and delivering "
+"messages \n"
+"has been optimized to allow individual messages passed to contain as much"
+" \n"
+"information as is available. For instance, a small HTTP transaction "
+"proxied \n"
+"through the streaming library can be completed in a single round trip - "
+"the \n"
+"first message bundles a SYN, FIN and the small payload (an HTTP request "
+"typically \n"
+"fits) and the reply bundles the SYN, FIN, ACK and the small payload (many"
+" \n"
+"HTTP responses fit). While an additional ACK must be transmitted to tell "
+"the \n"
+"HTTP server that the SYN/FIN/ACK has been received, the local HTTP proxy "
+"can \n"
+"deliver the full response to the browser immediately."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:828
+msgid ""
+"On the whole, however, the streaming library bears much resemblance to an"
+" \n"
+"abstraction of TCP, with its sliding windows, congestion control "
+"algorithms \n"
+"(both slow start and congestion avoidance), and general packet behavior "
+"(ACK, \n"
+"SYN, FIN, RST, etc)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:835
+msgid "Naming library and addressbook"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:836
+#, python-format
+msgid ""
+"For more information see the <a href=\"%(naming)s\">Naming and "
+"Addressbook</a> page."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:840
+#: i2p2www/pages/site/docs/how/tech-intro.html:914
+#: i2p2www/pages/site/docs/how/tech-intro.html:961
+#: i2p2www/pages/site/docs/how/tech-intro.html:993
+#: i2p2www/pages/site/docs/how/tech-intro.html:1001
+#: i2p2www/pages/site/docs/how/tech-intro.html:1009
+#: i2p2www/pages/site/docs/how/tech-intro.html:1019
+#: i2p2www/pages/site/docs/how/tech-intro.html:1027
+#: i2p2www/pages/site/docs/how/tech-intro.html:1049
+#, python-format
+msgid "Developed by: %(dev)s"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:842
+msgid ""
+"Naming within I2P has been an oft-debated topic since the very beginning"
+" \n"
+"with advocates across the spectrum of possibilities. However, given I2P's"
+" \n"
+"inherent demand for secure communication and decentralized operation, the"
+" \n"
+"traditional DNS-style naming system is clearly out, as are \"majority "
+"rules\" \n"
+"voting systems. Instead, I2P ships with a generic naming library and a "
+"base \n"
+"implementation designed to work off a local name to destination mapping, "
+"as \n"
+"well as an optional add-on application called the \"addressbook\". The "
+"addressbook \n"
+"is a web-of-trust-driven secure, distributed, and human readable naming "
+"system, \n"
+"sacrificing only the call for all human readable names to be globally "
+"unique \n"
+"by mandating only local uniqueness. While all messages in I2P are "
+"cryptographically \n"
+"addressed by their destination, different people can have local "
+"addressbook \n"
+"entries for \"Alice\" which refer to different destinations. People can "
+"still \n"
+"discover new names by importing published addressbooks of peers specified"
+" \n"
+"in their web of trust, by adding in the entries provided through a third "
+"party, \n"
+"or (if some people organize a series of published addressbooks using a "
+"first \n"
+"come first serve registration system) people can choose to treat these "
+"addressbooks \n"
+"as name servers, emulating traditional DNS."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:862
+msgid ""
+"I2P does not promote the use of DNS-like services though, as the damage \n"
+"done by hijacking a site can be tremendous - and insecure destinations "
+"have \n"
+"no value. DNSsec itself still falls back on registrars and certificate "
+"authorities, \n"
+"while with I2P, requests sent to a destination cannot be intercepted or "
+"the \n"
+"reply spoofed, as they are encrypted to the destination's public keys, "
+"and \n"
+"a destination itself is just a pair of public keys and a certificate. "
+"DNS-style \n"
+"systems on the other hand allow any of the name servers on the lookup "
+"path \n"
+"to mount simple denial of service and spoofing attacks. Adding on a "
+"certificate \n"
+"authenticating the responses as signed by some centralized certificate "
+"authority \n"
+"would address many of the hostile nameserver issues but would leave open "
+"replay \n"
+"attacks as well as hostile certificate authority attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:876
+msgid ""
+"Voting style naming is dangerous as well, especially given the "
+"effectiveness \n"
+"of Sybil attacks in anonymous systems - the attacker can simply create an"
+" \n"
+"arbitrarily high number of peers and \"vote\" with each to take over a "
+"given \n"
+"name. Proof-of-work methods can be used to make identity non-free, but as"
+" \n"
+"the network grows the load required to contact everyone to conduct online"
+" \n"
+"voting is implausible, or if the full network is not queried, different "
+"sets \n"
+"of answers may be reachable."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:886
+msgid ""
+"As with the Internet however, I2P is keeping the design and operation of"
+" \n"
+"a naming system out of the (IP-like) communication layer. The bundled "
+"naming \n"
+"library includes a simple service provider interface which alternate "
+"naming \n"
+"systems can plug into, allowing end users to drive what sort of naming "
+"tradeoffs \n"
+"they prefer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:895
+msgid ""
+"The old Syndie bundled with I2P has been replaced by the new Syndie which"
+"\n"
+"is distributed separately. For more information see the <a "
+"href=\"http://syndie.i2p2.de/\">Syndie</a>\n"
+"pages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:901
+msgid ""
+"Syndie is a safe, anonymous blogging / content publication / content "
+"aggregation \n"
+"system. It lets you create information, share it with others, and read "
+"posts \n"
+"from those you're interested in, all while taking into consideration your"
+" \n"
+"needs for security and anonymity. Rather than building its own content "
+"distribution \n"
+"network, Syndie is designed to run on top of existing networks, "
+"syndicating \n"
+"content through eepsites, Tor hidden services, Freenet freesites, normal "
+"websites, \n"
+"usenet newsgroups, email lists, RSS feeds, etc. Data published with "
+"Syndie \n"
+"is done so as to offer pseudonymous authentication to anyone reading or "
+"archiving \n"
+"it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:916
+msgid ""
+"I2PTunnel is probably I2P's most popular and versatile client "
+"application, \n"
+"allowing generic proxying both into and out of the I2P network. I2PTunnel"
+" \n"
+"can be viewed as four separate proxying applications - a \"client\" which"
+" receives \n"
+"inbound TCP connections and forwards them to a given I2P destination, an "
+"\"httpclient\" \n"
+"(aka \"eepproxy\") which acts like an HTTP proxy and forwards the "
+"requests to \n"
+"the appropriate I2P destination (after querying the naming service if "
+"necessary), \n"
+"a \"server\" which receives inbound I2P streaming connections on a "
+"destination \n"
+"and forwards them to a given TCP host+port, and an \"httpserver\" which "
+"extends \n"
+"the \"server\" by parsing the HTTP request and responses to allow safer "
+"operation. \n"
+"There is an additional \"socksclient\" application, but its use is not "
+"encouraged \n"
+"for reasons previously mentioned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:930
+msgid ""
+"I2P itself is not an outproxy network - the anonymity and security "
+"concerns \n"
+"inherent in a mix net which forwards data into and out of the mix have "
+"kept \n"
+"I2P's design focused on providing an anonymous network which capable of "
+"meeting \n"
+"the user's needs without requiring external resources. However, the "
+"I2PTunnel \n"
+"\"httpclient\" application offers a hook for outproxying - if the "
+"hostname requested \n"
+"doesn't end in \".i2p\", it picks a random destination from a user-"
+"provided \n"
+"set of outproxies and forwards the request to them. These destinations "
+"are \n"
+"simply I2PTunnel \"server\" instances run by volunteers who have "
+"explicitly \n"
+"chosen to run outproxies - no one is an outproxy by default, and running "
+"an \n"
+"outproxy doesn't automatically tell other people to proxy through you. "
+"While \n"
+"outproxies do have inherent weaknesses, they offer a simple proof of "
+"concept \n"
+"for using I2P and provide some functionality under a threat model which "
+"may \n"
+"be sufficient for some users."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:946
+msgid ""
+"I2PTunnel enables most of the applications in use. An \"httpserver\" "
+"pointing \n"
+"at a webserver lets anyone run their own anonymous website (or "
+"\"eepsite\") \n"
+"- a webserver is bundled with I2P for this purpose, but any webserver can"
+" \n"
+"be used. Anyone may run a \"client\" pointing at one of the anonymously "
+"hosted \n"
+"IRC servers, each of which are running a \"server\" pointing at their "
+"local \n"
+"IRCd and communicating between IRCds over their own \"client\" tunnels. "
+"End \n"
+"users also have \"client\" tunnels pointing at <a "
+"href=\"#app.i2pmail\">I2Pmail's</a> \n"
+"POP3 and SMTP destinations (which in turn are simply \"server\" instances"
+" pointing \n"
+"at POP3 and SMTP servers), as well as \"client\" tunnels pointing at "
+"I2P's CVS \n"
+"server, allowing anonymous development. At times people have even run "
+"\"client\" \n"
+"proxies to access the \"server\" instances pointing at an NNTP server."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:963
+msgid ""
+"i2p-bt is a port of the mainline python BitTorrent client to run both the"
+" \n"
+"tracker and peer communication over I2P. Tracker requests are forwarded "
+"through \n"
+"the eepproxy to eepsites specified in the torrent file while tracker "
+"responses \n"
+"refer to peers by their destination explicitly, allowing i2p-bt to open "
+"up \n"
+"a <a href=\"#app.streaming\">streaming lib</a> connection to query them "
+"for \n"
+"blocks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:972
+msgid ""
+"In addition to i2p-bt, a port of bytemonsoon has been made to I2P, making"
+" \n"
+"a few modifications as necessary to strip any anonymity-compromising "
+"information \n"
+"from the application and to take into consideration the fact that IPs "
+"cannot \n"
+"be used for identifying peers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:980
+msgid ""
+"I2PSnark developed: jrandom, et al, ported from <a\n"
+"href=\"http://www.klomp.org/mark/\">mjw</a>'s <a\n"
+"href=\"http://www.klomp.org/snark/\">Snark</a> client"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:986
+msgid ""
+"Bundled with the I2P install, I2PSnark offers a simple anonymous "
+"BitTorrent \n"
+"client with multitorrent capabilities, exposing all of the functionality "
+"through \n"
+"a plain HTML web interface."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:995
+#, python-format
+msgid ""
+"Robert is a Bittorrent client written in Python.\n"
+"It is hosted on <a "
+"href=\"http://%(bob)s/Robert.html\">http://%(bob)s/Robert.html</a> <!-- "
+"TODO: expand -->"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1003
+#, python-format
+msgid ""
+"PyBit is a Bittorrent client written in Python.\n"
+"It is hosted on <a href=\"%(pybit)s\">%(pybit)s</a> <!-- TODO: expand -->"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1011
+msgid ""
+"I2Phex is a fairly direct port of the Phex Gnutella filesharing client to"
+" \n"
+"run entirely on top of I2P. While it has disabled some of Phex's "
+"functionality, \n"
+"such as integration with Gnutella webcaches, the basic file sharing and "
+"chatting \n"
+"system is fully functional."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1021
+msgid ""
+"iMule is a fairly direct port of the aMule filesharing client \n"
+"running entirely inside I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1029
+#, python-format
+msgid ""
+"I2Pmail is more a service than an application - postman offers both "
+"internal \n"
+"and external email with POP3 and SMTP service through I2PTunnel instances"
+" \n"
+"accessing a series of components developed with mastiejaner, allowing "
+"people \n"
+"to use their preferred mail clients to send and receive mail "
+"pseudonymously. \n"
+"However, as most mail clients expose substantial identifying information,"
+" \n"
+"I2P bundles susi23's web based susimail client which has been built "
+"specifically \n"
+"with I2P's anonymity needs in mind. The I2Pmail/mail.i2p service offers "
+"transparent \n"
+"virus filtering as well as denial of service prevention with hashcash "
+"augmented \n"
+"quotas. In addition, each user has control of their batching strategy "
+"prior \n"
+"to delivery through the mail.i2p outproxies, which are separate from the "
+"mail.i2p \n"
+"SMTP and POP3 servers - both the outproxies and inproxies communicate "
+"with \n"
+"the mail.i2p SMTP and POP3 servers through I2P itself, so compromising "
+"those \n"
+"non-anonymous locations does not give access to the mail accounts or "
+"activity \n"
+"patterns of the user. At the moment the developers work on a "
+"decentralized \n"
+"mailsystem, called \"v2mail\". More information can be found on the "
+"eepsite \n"
+"<a href=\"http://%(postman)s/\">%(postman)s</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1051
+msgid ""
+"I2P-Bote is a distributed e-mail application. It does not use the "
+"traditional\n"
+"e-mail concept of sending an e-mail to a server and retrieving it from a "
+"server.\n"
+"Instead, it uses a Kademlia Distributed Hash Table to store mails.\n"
+"One user can push a mail into the DHT, while another can request the "
+"e-mail from the DHT.\n"
+"And all the mails sent within the I2P-Bote network are automatically "
+"encrypted end-to-end. <br>\n"
+"Furthermore, I2P-Bote offers a remailer function on top of I2P, for "
+"increased high-latency anonymity."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tech-intro.html:1061
+msgid ""
+"I2P-Messenger is an end-to-end encrypted serverless communication "
+"application.\n"
+"For communication between two users, they need to give each other their "
+"destination keys, to allow the other to connect.\n"
+"It supports file transfer and has a search for other users, based on "
+"Seedless."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:2
+msgid "I2P's Threat Model"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:3
+msgid "November 2010"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:7
+msgid "low"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:8
+msgid "medium"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:9
+msgid "high"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:34
+msgid "Damage Potential"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:35
+msgid "Reliability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:36
+msgid "Exploitability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:37
+msgid "Affected Users"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:38
+msgid "Discoverability"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:39
+msgid "Severity"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:40
+#: i2p2www/pages/site/docs/protocol/i2np.html:93
+msgid "Priority"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:45
+msgid "Index of Attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:47
+#: i2p2www/pages/site/docs/how/threat-model.html:206
+msgid "Brute force attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:48
+#: i2p2www/pages/site/docs/how/threat-model.html:250
+msgid "Timing attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:49
+#: i2p2www/pages/site/docs/how/threat-model.html:287
+msgid "Intersection attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:50
+#: i2p2www/pages/site/docs/how/threat-model.html:367
+msgid "Denial of service attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:51
+#: i2p2www/pages/site/docs/how/threat-model.html:466
+msgid "Tagging attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:52
+#: i2p2www/pages/site/docs/how/threat-model.html:484
+msgid "Partitioning attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:53
+#: i2p2www/pages/site/docs/how/threat-model.html:524
+msgid "Predecessor attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:54
+#: i2p2www/pages/site/docs/how/threat-model.html:569
+msgid "Harvesting attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:55
+#: i2p2www/pages/site/docs/how/threat-model.html:616
+msgid "Identification Through Traffic Analysis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:56
+#: i2p2www/pages/site/docs/how/threat-model.html:676
+msgid "Sybil attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:57
+#: i2p2www/pages/site/docs/how/threat-model.html:725
+msgid "Buddy Exhaustion attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:58
+#: i2p2www/pages/site/docs/how/threat-model.html:750
+msgid "Cryptographic attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:59
+msgid "Floodfill attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:60
+#: i2p2www/pages/site/docs/how/threat-model.html:811
+msgid "Other Network Database attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:61
+msgid "Attacks on centralized resources"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:62
+#: i2p2www/pages/site/docs/how/threat-model.html:877
+msgid "Development attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:63
+msgid "Implementation attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:64
+#: i2p2www/pages/site/docs/how/threat-model.html:961
+msgid "Other Defenses"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:69
+msgid "What do we mean by \"anonymous\"?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:71
+msgid ""
+"Your level of anonymity can be described as \"how hard it is for someone\n"
+"to find out information you don't want them to know?\" - who you are, "
+"where\n"
+"you are located, who you communicate with, or even when you communicate."
+"  \n"
+"\"Perfect\" anonymity is not a useful concept here - software will not "
+"make \n"
+"you indistinguishable from people that don't use computers or who are not"
+" on\n"
+"the Internet.  Instead, we are working to provide sufficient anonymity to"
+" meet the\n"
+"real needs of whomever we can - from those simply browsing websites, to "
+"those exchanging\n"
+"data, to those fearful of discovery by powerful organizations or states."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:82
+msgid ""
+"The question of whether I2P provides sufficient anonymity for your \n"
+"particular needs is a hard one, but this page will hopefully assist in \n"
+"answering that question by exploring how I2P operates under various "
+"attacks\n"
+"so that you may decide whether it meets your needs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:89
+msgid ""
+"We welcome further research and analysis on I2P's resistance to the "
+"threats described below.\n"
+"More review of existing literature (much of it focused on Tor) and "
+"original\n"
+"work focused on I2P is needed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:95
+msgid "Network Topology Summary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:96
+#, python-format
+msgid ""
+"I2P builds off the ideas of many <a href=\"%(comparisons)s\">other</a> \n"
+"<a href=\"%(links)s\">systems</a>, but a few key points should be kept in"
+" mind when \n"
+"reviewing related literature:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:102
+msgid ""
+"<b>I2P is a free route mixnet</b> - the message creator explicitly "
+"defines the\n"
+"path that messages will be sent out (the outbound tunnel), and the "
+"message \n"
+"recipient explicitly defines the path that messages will be received on "
+"(the\n"
+"inbound tunnel)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:108
+msgid ""
+"<b>I2P has no official entry and exit points</b> - all peers fully "
+"participate in the \n"
+"mix, and there are no network layer in- or out-proxies (however, at the \n"
+"application layer, a few proxies do exist)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:113
+msgid ""
+"<b>I2P is fully distributed</b> - there are no central controls or "
+"authorities.\n"
+"One could modify some routers to operate mix cascades (building tunnels "
+"and giving\n"
+"out the keys necessary to control the forwarding at the tunnel endpoint) "
+"or directory \n"
+"based profiling and selection, all without breaking compatibility with "
+"the rest of \n"
+"the network, but doing so is of course not necessary (and may even harm "
+"one's\n"
+"anonymity)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:123
+#, python-format
+msgid ""
+"We have documented plans to implement <a "
+"href=\"%(todo)s#stop\">nontrivial delays</a>\n"
+"and <a href=\"%(todo)s#batching\">batching strategies</a> \n"
+"whose existence is only known to the particular hop or tunnel gateway "
+"that \n"
+"receives the message, allowing a mostly low latency mixnet to provide "
+"cover \n"
+"traffic for higher latency communication (e.g. email).\n"
+"However we are aware that significant delays are required to provide "
+"meaningful\n"
+"protection, and that implementation of such delays will be a significant "
+"challenge.\n"
+"It is not clear at this time whether we will actually implement these "
+"delay features."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:134
+msgid ""
+"In theory, routers along the message path may inject an \n"
+"arbitrary number of hops before forwarding the message to the next peer, "
+"though\n"
+"the current implementation does not."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:141
+msgid "The Threat Model"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:142
+msgid ""
+"I2P design started in 2003, not long after the advent of\n"
+"<a href=\"http://www.onion-router.net\">[Onion Routing]</a>,\n"
+"<a href=\"http://freenetproject.org/\">[Freenet]</a>, and\n"
+"<a href=\"https://www.torproject.org/\">[Tor]</a>.\n"
+"Our design benefits substantially from the research published around that"
+" time.\n"
+"I2P uses several onion routing techniques, so we continue to benefit\n"
+"from the significant academic interest in Tor."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:152
+msgid ""
+"Taking from the attacks and analysis put forth in the \n"
+"<a href=\"http://freehaven.net/anonbib/topic.html\">anonymity "
+"literature</a> (largely \n"
+"<a href=\"http://citeseer.ist.psu.edu/454354.html\">Traffic Analysis: "
+"Protocols, Attacks, Design \n"
+"Issues and Open Problems</a>), the following briefly describes a wide "
+"variety \n"
+"of attacks as well as many of I2Ps defenses.  We update\n"
+"this list to include new attacks as they are identified."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:161
+msgid ""
+"Included are some attacks that may be unique to I2P.\n"
+"We do not have good answers for all these attacks, however\n"
+"we continue to do research and improve our defenses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:167
+msgid ""
+"In addition, many of these attacks are significantly easier than\n"
+"they should be, due to the modest size of the current network.\n"
+"While we are aware of some limitations that need to be addressed,\n"
+"I2P is designed to support hundreds of thousands, or millions, of\n"
+"participants.\n"
+"As we continue to spread the word and grow the network,\n"
+"these attacks will become much harder."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:177
+#, python-format
+msgid ""
+"The\n"
+"<a href=\"%(comparisons)s\">network comparisons</a> and\n"
+"<a href=\"%(garlicrouting)s\">\"garlic\" terminology</a> pages may also "
+"be helpful\n"
+"to review."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:210
+msgid ""
+"A brute force attack can be mounted by a global passive or active "
+"adversary, \n"
+"watching all the messages pass between all of the nodes and attempting to"
+" correlate\n"
+"which message follows which path.  Mounting this attack against I2P "
+"should be \n"
+"nontrivial, as all peers in the network are frequently sending messages "
+"(both\n"
+"end to end and network maintenance messages), plus an end to end message "
+"changes\n"
+"size and data along its path.  In addition, the external adversary does "
+"not have\n"
+"access to the messages either, as inter-router communication is both "
+"encrypted\n"
+"and streamed (making two 1024 byte messages indistinguishable from one "
+"2048 byte\n"
+"message)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:222
+msgid ""
+"However, a powerful attacker can use brute force to detect trends - if "
+"they \n"
+"can send 5GB to an I2P destination and monitor everyone's network "
+"connection,\n"
+"they can eliminate all peers who did not receive 5GB of data.  Techniques"
+" to \n"
+"defeat this attack exist, but may be prohibitively expensive (see: \n"
+"<a "
+"href=\"http://citeseer.ist.psu.edu/freedman02tarzan.html\">Tarzan</a>'s "
+"mimics\n"
+"or constant rate traffic).  Most users are not concerned with this "
+"attack, as \n"
+"the cost of mounting it are extreme (and often require illegal activity)."
+"  \n"
+"However, the attack is still possible, for example by an observer at\n"
+"a large ISP or an Internet exchange point.\n"
+"Those who want to defend against it \n"
+"would want to take appropriate countermeasures, such as\n"
+"setting low bandwidth limits, and using unpublished or encrypted "
+"leasesets for eepsites.\n"
+"Other countermeasures, such as nontrivial delays and restricted routes, "
+"are\n"
+"not currently implemented."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:239
+#, python-format
+msgid ""
+"As a partial defense against a single router or group of routers trying "
+"to route all the network's traffic,\n"
+"routers contain limits as to how many tunnels can be routed through a "
+"single peer.\n"
+"As the network grows, these limits are subject to further adjustment.\n"
+"Other mechanisms for peer rating, selection and avoidance\n"
+"are discussed on the\n"
+"<a href=\"%(peerselection)s\">peer selection page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:254
+msgid ""
+"I2P's messages are unidirectional and do not necessarily imply that a "
+"reply\n"
+"will be sent.  However, applications on top of I2P will most likely have\n"
+"recognizable patterns within the frequency of their messages - for "
+"instance, an \n"
+"HTTP request will be a small message with a large sequence of reply "
+"messages \n"
+"containing the HTTP response.  Using this data as well as a broad view of"
+" the \n"
+"network topology, an attacker may be able to disqualify some links as "
+"being too \n"
+"slow to have passed the message along."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:264
+msgid ""
+"This sort of attack is powerful, but its applicability to I2P is non "
+"obvious,\n"
+"as the variation on message delays due to queuing, message processing, "
+"and \n"
+"throttling will often meet or exceed the time of passing a message along "
+"a \n"
+"single link - even when the attacker knows that a reply will be sent as "
+"soon as\n"
+"the message is received.  There are some scenarios which will expose "
+"fairly \n"
+"automatic replies though - the streaming library does (with the SYN+ACK) "
+"as does the \n"
+"message mode of guaranteed delivery (with the "
+"DataMessage+DeliveryStatusMessage)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:274
+#, python-format
+msgid ""
+"Without protocol scrubbing or higher latency, global active adversaries "
+"can \n"
+"gain substantial information.  As such, people concerned with these "
+"attacks could\n"
+"increase the latency (using <a href=\"%(todo)s#stop\">nontrivial "
+"delays</a> or \n"
+"<a href=\"%(todo)s#batching\">batching strategies</a>), include protocol "
+"scrubbing, or\n"
+"other advanced tunnel routing <a "
+"href=\"%(todo)s#batching\">techniques</a>,\n"
+"but these are unimplemented in I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:283
+#, python-format
+msgid ""
+"References: <a href=\"%(pdf)s\">Low-Resource Routing Attacks Against "
+"Anonymous Systems</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:291
+msgid ""
+"Intersection attacks against low latency systems are extremely powerful -"
+"\n"
+"periodically make contact with the target and keep track of what peers "
+"are on\n"
+"the network.  Over time, as node churn occurs the attacker will gain \n"
+"significant information about the target by simply intersecting the sets "
+"of\n"
+"peers that are online when a message successfully goes through.  The cost"
+" of \n"
+"this attack is significant as the network grows, but may be feasible in "
+"some\n"
+"scenarios."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:301
+#, python-format
+msgid ""
+"In summary, if an attacker is at both ends of your tunnel at the same "
+"time,\n"
+"he may be successful.\n"
+"I2P does not have a full defense to this for low latency communication.\n"
+"This is an inherent weakness of low-latency onion routing.\n"
+"Tor provides a <a href=\"%(url)s\">similar disclaimer</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:309
+msgid "Partial defenses implemented in I2P:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:313
+#, python-format
+msgid "<a href=\"%(tunnelimpl)s#ordering\">strict ordering</a> of peers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:316
+#, python-format
+msgid ""
+"<a href=\"%(peerselection)s\">peer profiling and selection</a> from a "
+"small group that changes slowly"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:319
+msgid "Limits on the number of tunnels routed through a single peer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:322
+msgid ""
+"Prevention of peers from the same /16 IP range from being members of a "
+"single tunnel"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:325
+msgid ""
+"For eepsites or other hosted services, we support\n"
+"simultaneous hosting on multiple routers, or\n"
+"<a href=\"#intersection\">multihoming</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:332
+msgid ""
+"Even in total, these defenses are not a complete solution.\n"
+"Also, we have made some design choices that may significantly increase "
+"our vulnerability:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:337
+msgid "We do not use low-bandwidth \"guard nodes\""
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:340
+msgid ""
+"We use tunnel pools comprised of several tunnels, and traffic can shift "
+"from tunnel to tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:343
+msgid "Tunnels are not long-lived; new tunnels are built every 10 minutes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:346
+msgid ""
+"Tunnel lengths are configurable.\n"
+"While 3-hop tunnels are recommended for full protection, several "
+"applications and\n"
+"services use 2-hop tunnels by default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:353
+#, python-format
+msgid ""
+"In the future, it could\n"
+"for peers who can afford significant delays (per <a "
+"href=\"%(todo)s#stop\">nontrivial\n"
+"delays</a> and <a href=\"%(todo)s#batching\">batching strategies</a>).  "
+"In addition,\n"
+"this is only relevant for destinations that other people know about - a "
+"private\n"
+"group whose destination is only known to trusted peers does not have to "
+"worry,\n"
+"as an adversary can't \"ping\" them to mount the attack.</p>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:362
+#, python-format
+msgid "Reference: <a href=\"%(oce)s\">One Cell Enough</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:369
+msgid ""
+"There are a whole slew of denial of service attacks available against "
+"I2P,\n"
+"each with different costs and consequences:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:375
+msgid ""
+"<b>Greedy user attack:</b> This is simply\n"
+"people trying to consume significantly more resources than they are \n"
+"willing to contribute. The defense against this is:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:381
+#, python-format
+msgid ""
+"Set defaults so that most users provide resources to the network.\n"
+"In I2P, users route traffic by default. In sharp distinction to\n"
+"<a href=\"%(comparisons)s\">other networks</a>,\n"
+"over 95&#37; of I2P users relay traffic for others."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:387
+msgid ""
+"Provide easy configuration options so that users may increase their\n"
+"contribution (share percentage) to the network. Display easy-to-"
+"understand\n"
+"metrics such as \"share ratio\" so that users may see what they are "
+"contributing."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:392
+msgid ""
+"Maintain a strong community with blogs, forums, IRC, and other means of "
+"communication."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:399
+#, python-format
+msgid ""
+"<b>Starvation attack:</b> A hostile user may attempt to harm the network "
+"by\n"
+"creating a significant number of peers in the network who are not "
+"identified as\n"
+"being under control of the same entity (as with Sybil). These nodes then"
+" \n"
+"decide not to provide any resources to the network, causing existing "
+"peers \n"
+"to search through a larger network database or request more tunnels than"
+" \n"
+"should be necessary. \n"
+"Alternatively, the nodes may provide intermittent service by periodically"
+"\n"
+"dropping selected traffic, or refusing connections to certain peers.\n"
+"This behavior may be indistinguishable from that of a heavily-loaded or "
+"failing node.\n"
+"I2P addresses these issues by maintaining <a "
+"href=\"%(peerselection)s\">profiles</a> on the \n"
+"peers, attempting to identify underperforming ones and simply ignoring \n"
+"them, or using them rarely.\n"
+"We have significantly enhanced the\n"
+"ability to recognize and avoid troublesome peers; however there are still"
+"\n"
+"significant efforts required in this area."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:419
+#, python-format
+msgid ""
+"<b>Flooding attack:</b> A hostile user may attempt to flood the network,\n"
+"a peer, a destination, or a tunnel.  Network and peer flooding is "
+"possible,\n"
+"and I2P does nothing to prevent standard IP layer flooding.  The flooding"
+" of\n"
+"a destination with messages by sending a large number to the target's "
+"various\n"
+"inbound tunnel gateways is possible, but the destination will know this "
+"both\n"
+"by the contents of the message and because the tunnel's tests will fail."
+"  The\n"
+"same goes for flooding just a single tunnel.  I2P has no defenses for a "
+"network\n"
+"flooding attack.  For a destination and tunnel flooding attack, the "
+"target\n"
+"identifies which tunnels are unresponsive and builds new ones.  New code "
+"could\n"
+"also be written to add even more tunnels if the client wishes to handle "
+"the\n"
+"larger load.  If, on the other hand, the load is more than the client can"
+"\n"
+"deal with, they can instruct the tunnels to throttle the number of "
+"messages or\n"
+"bytes they should pass on (once the <a "
+"href=\"%(todo)s#batching\">advanced tunnel\n"
+"operation</a> is implemented)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:438
+msgid ""
+"<b>CPU load attack:</b> There are currently some methods for people to \n"
+"remotely request that a peer perform some cryptographically expensive \n"
+"operation, and a hostile attacker could use these to flood that peer with"
+"\n"
+"a large number of them in an attempt to overload the CPU.  Both using "
+"good \n"
+"engineering practices and potentially requiring nontrivial certificates \n"
+"(e.g. HashCash) to be attached to these expensive requests should "
+"mitigate\n"
+"the issue, though there may be room for an attacker to exploit various\n"
+"bugs in the implementation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:451
+#, python-format
+msgid ""
+"<b>Floodfill DOS attack:</b> A hostile user may attempt to harm the "
+"network by\n"
+"becoming a floodfill router. The current defenses against unreliable,\n"
+"intermittent, or malicious floodfill routers are poor.\n"
+"A floodfill router may provide bad or no response to lookups, and\n"
+"it may also interfere with inter-floodfill communication.\n"
+"Some defenses and\n"
+"<a href=\"%(peerselection)s\">peer profiling</a> are implemented,\n"
+"however there is much more to do.\n"
+"For more information see the\n"
+"<a href=\"%(netdb)s#threat\">network database page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:470
+#, python-format
+msgid ""
+"Tagging attacks - modifying a message so that it can later be identified"
+" \n"
+"further along the path - are by themselves impossible in I2P, as messages"
+" \n"
+"passed through tunnels are signed.  However, if an attacker is the "
+"inbound \n"
+"tunnel gateway as well as a participant further along in that tunnel, "
+"with\n"
+"collusion they can identify the fact that they are in the same tunnel "
+"(and \n"
+"prior to adding <a href=\"%(todo)s#tunnelId\">unique hop ids</a> and "
+"other updates,\n"
+"colluding peers within the same tunnel can recognize that fact without "
+"any \n"
+"effort).  An attacker in an outbound tunnel and any part of an inbound "
+"tunnel cannot \n"
+"collude however, as the tunnel encryption pads and modifies the data "
+"separately\n"
+"for the inbound and outbound tunnels.  External attackers cannot do "
+"anything,\n"
+"as the links are encrypted and messages signed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:488
+msgid ""
+"Partitioning attacks - finding ways to segregate (technically or "
+"analytically)\n"
+"the peers in a network - are important to keep in mind when dealing with "
+"a \n"
+"powerful adversary, since the size of the network plays a key role in "
+"determining\n"
+"your anonymity.  Technical partitioning by cutting links between peers to"
+" create\n"
+"fragmented networks is addressed by I2P's built in network database, "
+"which \n"
+"maintains statistics about various peers so as to allow any existing "
+"connections\n"
+"to other fragmented sections to be exploited so as to heal the network.  "
+"However,\n"
+"if the attacker does disconnect all links to uncontrolled peers, "
+"essentially\n"
+"isolating the target, no amount of network database healing will fix it."
+"  At\n"
+"that point, the only thing the router can hope to do is notice that a "
+"significant\n"
+"number of previously reliable peers have become unavailable and alert the"
+" client\n"
+"that it is temporarily disconnected (this detection code is not "
+"implemented at\n"
+"the moment)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:504
+#, python-format
+msgid ""
+"Partitioning the network analytically by looking for differences in how "
+"routers \n"
+"and destinations behave and grouping them accordingly is also a very "
+"powerful\n"
+"attack.  For instance, an attacker <a href=\"#harvesting\">harvesting</a>"
+" the network\n"
+"database will know when a particular destination has 5 inbound tunnels in"
+" their\n"
+"LeaseSet while others have only 2 or 3, allowing the adversary to "
+"potentially \n"
+"partition clients by the number of tunnels selected.  Another partition "
+"is \n"
+"possible when dealing with the <a href=\"%(todo)s#stop\">nontrivial "
+"delays</a> and \n"
+"<a href=\"%(todo)s#batching\">batching strategies</a>, as the tunnel "
+"gateways and the\n"
+"particular hops with non-zero delays will likely stand out.  However, "
+"this data\n"
+"is only exposed to those specific hops, so to partition effectively on "
+"that \n"
+"matter, the attacker would need to control a significant portion of the "
+"network\n"
+"(and still that would only be a probabilistic partition, as they wouldn't"
+" know\n"
+"which other tunnels or messages have those delays)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:520
+#, python-format
+msgid ""
+"Also discussed on the <a href=\"%(netdb)s#threat\">network database "
+"page</a> (bootstrap attack)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:528
+msgid ""
+"The predecessor attack is passively gathering statistics in an attempt to"
+" see\n"
+"what peers are 'close' to the destination by participating in their "
+"tunnels and\n"
+"keeping track of the previous or next hop (for outbound or inbound "
+"tunnels, \n"
+"respectively).  Over time, using a perfectly random sample of peers and "
+"random\n"
+"ordering, an attacker would be able to see which peer shows up as "
+"'closer' \n"
+"statistically more than the rest, and that peer would in turn be where "
+"the\n"
+"target is located."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:538
+#, python-format
+msgid ""
+"I2P avoids this in four ways: first, the peers selected to participate in"
+"\n"
+"tunnels are not randomly sampled throughout the network - they are "
+"derived from\n"
+"the <a href=\"%(peerselection)s\">peer selection</a> algorithm which "
+"breaks them\n"
+"into tiers.  Second, with <a href=\"%(tunnelimpl)s#ordering\">strict "
+"ordering</a> of peers\n"
+"in a tunnel, the fact that a peer shows up more frequently does not mean "
+"they're\n"
+"the source.  Third, with <a href=\"%(tunnelimpl)s#length\">permuted "
+"tunnel length</a>\n"
+"(not enabled by default)\n"
+"even 0 hop tunnels can provide plausible deniability as the occasional \n"
+"variation of the gateway will look like normal tunnels.  Fourth, with \n"
+"<a href=\"%(todo)s#fullRestrictedRoutes\">restricted routes</a> "
+"(unimplemented), only the peer with\n"
+"a restricted connection to the target will ever contact the target, while"
+" \n"
+"attackers will merely run into that gateway."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:555
+#, python-format
+msgid ""
+"The current <a href=\"%(tunnelcreation)s\">tunnel build method</a>\n"
+"was specifically designed to combat the predecessor attack.\n"
+"See also <a href=\"#intersection\">the intersection attack</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:561
+#, python-format
+msgid ""
+"References: <a href=\"%(pdf2008)s\">%(pdf2008)s</a>\n"
+"which is an update to the 2004 predecessor attack paper\n"
+"<a href=\"%(pdf2004)s\">%(pdf2004)s</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:573
+msgid ""
+"\"Harvesting\" means compiling a list of users running I2P.\n"
+"It can be used for legal attacks and to help\n"
+"other attacks by simply running a peer, seeing who it connects to, and \n"
+"harvesting whatever references to other peers it can find."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:580
+msgid ""
+"I2P itself is not designed with effective defenses against\n"
+"this attack, since there is the distributed network database \n"
+"containing just this information.\n"
+"The following factors make the attack somewhat harder in practice:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:587
+msgid ""
+"Network growth will make it more difficult to obtain a given proportion "
+"of the network"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:590
+msgid "Floodfill routers implement query limits as DOS protection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:593
+msgid ""
+"\"Hidden mode\", which prevents a router from publishing its information "
+"to the netDb,\n"
+"(but also prevents it from relaying data) is not widely used now but "
+"could be."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:599
+#, python-format
+msgid ""
+"In future implementations,\n"
+"<a href=\"%(todo)s#nat\">basic</a> and \n"
+"<a href=\"%(todo)s#fullRestrictedRoutes\">comprehensive</a> restricted "
+"routes,\n"
+"this attack loses much of its power, as the \"hidden\" peers do not "
+"publish their\n"
+"contact addresses in the network database - only the tunnels through "
+"which \n"
+"they can be reached (as well as their public keys, etc)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:608
+msgid ""
+"In the future, routers could use GeoIP to identify if they are in a "
+"particular\n"
+"country where identification as an I2P node would be risky.\n"
+"In that case, the router could automatically enable hidden mode, or\n"
+"enact other restricted route methods."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:620
+#, python-format
+msgid ""
+"By inspecting the traffic into and out of a router, a malicious ISP\n"
+"or state-level firewall could identify that a computer is running I2P.\n"
+"As discussed <a href=\"#harvesting\">above</a>, I2P is not specifically "
+"designed\n"
+"to hide that a computer is running I2P. However, several design decisions"
+" made\n"
+"in the design of the\n"
+"<a href=\"%(transport)s\">transport layer and protocols</a>\n"
+"make it somewhat difficult to identify I2P traffic:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:630
+msgid "Random port selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:633
+msgid "Point-to-Point Encryption of all traffic"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:636
+msgid ""
+"DH key exchange with no protocol bytes or other unencrypted constant "
+"fields"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:639
+#, python-format
+msgid ""
+"Simultaneous use of both\n"
+"<a href=\"%(ntcp)s\">TCP</a> and\n"
+"<a href=\"%(ssu)s\">UDP</a> transports.\n"
+"UDP may be much harder for some Deep Packet Inspection (DPI) equipment to"
+" track."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:647
+msgid ""
+"In the near future, we plan to directly address traffic analysis issues "
+"by further obfuscation of I2P transport protocols, possibly including:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:651
+msgid ""
+"Padding at the transport layer to random lengths, especially during the "
+"connection handshake"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:654
+msgid ""
+"Study of packet size distribution signatures, and additional padding as "
+"necessary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:657
+msgid ""
+"Development of additional transport methods that mimic SSL or other "
+"common protocols"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:660
+msgid ""
+"Review of padding strategies at higher layers to see how they affect "
+"packet sizes at the transport layer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:663
+msgid ""
+"Review of methods implemented by various state-level firewalls to block "
+"Tor"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:666
+msgid "Working directly with DPI and obfuscation experts"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:671
+#, python-format
+msgid ""
+"Reference: <a href=\"%(pdf)s\">Breaking and Improving Protocol "
+"Obfuscation</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:680
+msgid ""
+"Sybil describes a category of attacks where the adversary creates "
+"arbitrarily\n"
+"large numbers of colluding nodes and uses the increased numbers to help \n"
+"mounting other attacks.  For instance, if an attacker is in a network "
+"where peers\n"
+"are selected randomly and they want an 80&#37; chance to be one of those "
+"peers, they\n"
+"simply create five times the number of nodes that are in the network and "
+"roll \n"
+"the dice.  When identity is free, Sybil can be a very potent technique "
+"for a \n"
+"powerful adversary.  The primary technique to address this is simply to "
+"make \n"
+"identity 'non free' - <a "
+"href=\"http://www.pdos.lcs.mit.edu/tarzan/\">Tarzan</a>\n"
+"(among others) uses the fact that IP addresses are limited, while \n"
+"IIP used \n"
+"<a href=\"http://www.hashcash.org/\">HashCash</a> to 'charge' for "
+"creating a new\n"
+"identity.  We currently have not implemented any particular technique to "
+"address\n"
+"Sybil, but do include placeholder certificates in the router's and \n"
+"destination's data structures which can contain a HashCash certificate of"
+" \n"
+"appropriate value when necessary (or some other certificate proving "
+"scarcity)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:698
+msgid "Requiring HashCash Certificates in various places has two major problems:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:702
+msgid "Maintaining backward compatibility"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:705
+msgid ""
+"The classic HashCash problem -\n"
+"selecting HashCash values that are meaningful proofs of work on high-end "
+"machines,\n"
+"while still being feasible on low-end machines such as mobile devices."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:712
+msgid ""
+"Various limitations on the number of routers in a given IP range restrict"
+"\n"
+"the vulnerability to attackers that don't have the ability to put "
+"machines\n"
+"in several IP blocks.\n"
+"However, this is not a meaningful defense against a powerful adversary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:719
+#, python-format
+msgid ""
+"See the <a href=\"%(netdb)s#threat\">network database page</a>\n"
+"for more Sybil discussion."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:729
+#, python-format
+msgid ""
+"(Reference: <a href=\"%(pdf)s\">In Search of an Anonymouns and Secure "
+"Lookup</a> Section 5.2)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:733
+#, python-format
+msgid ""
+"By refusing to accept or forward tunnel build requests, except to a "
+"colluding peer, a router could ensure\n"
+"that a tunnel is formed wholly from its set of colluding routers.\n"
+"The chances of success are enhanced if there is a large number of "
+"colluding routers,\n"
+"i.e. a <a href=\"#sybil\">Sybil attack</a>.\n"
+"This is somewhat mitigated by our\n"
+"<a href=\"%(peerselection)s\">peer profiling</a> methods used to monitor "
+"the performance\n"
+"of peers.\n"
+"However, this is a powerful attack as the number of routers approaches\n"
+"<i>f</i> = 0.2, or 20&#37; malicious nodes, as specifed in the paper.\n"
+"The malicous routers could also maintain connections to the target router"
+" and provide\n"
+"excellent forwarding bandwidth for traffic over those connections, in an "
+"attempt\n"
+"to manipulate the profiles managed by the target and appear attractive.\n"
+"Further research and defenses may be necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:754
+#, python-format
+msgid ""
+"We use strong cryptography with long keys, and\n"
+"we assume the security of the industry-standard cryptographic primitives "
+"used in I2P, as documented\n"
+"<a href=\"%(cryptography)s\">on the low-level cryptography page</a>. \n"
+"Security features include the immediate detection of \n"
+"altered messages along the path, the inability to decrypt messages not "
+"addressed to you,\n"
+"and defense against man-in-the-middle attacks.\n"
+"The key sizes chosen in 2003 were quite conservative at the time, and are"
+" still longer than\n"
+"those used in <a href=\"https://torproject.org/\">other anonymity "
+"networks</a>.\n"
+"We don't think the current key lengths are our biggest weakness,\n"
+"especially for traditional, non-state-level adversaries;\n"
+"bugs and the small size of the network are much more worrisome.\n"
+"Of course, all cryptographic algorithms eventually become obsolete due to"
+"\n"
+"the advent of faster processors, cryptographic research, and advancements"
+" in\n"
+"methods such as rainbow tables, clusters of video game hardware, etc.\n"
+"Unfortunately, I2P was not designed with easy mechanisms to lengthen keys"
+" or change\n"
+"shared secret values while maintaining backward compatibility."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:773
+#, python-format
+msgid ""
+"Upgrading the various data structures and protocols to support longer "
+"keys\n"
+"will have to be tackled eventually, and this will be a\n"
+"<a href=\"%(cryptography)s\">major undertaking</a>, just as it will be "
+"for \n"
+"<a href=\"https://torproject.org/\">others</a>.\n"
+"Hopefully, through careful planning, we can minimize the disruption, and\n"
+"implement mechanisms to make it easier for future transitions."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:782
+msgid ""
+"In the future, several I2P protocols and data structures\n"
+"support securely padding messages to arbitrary sizes, so messages could "
+"be made constant\n"
+"size or garlic messages could be modified randomly so that some cloves "
+"appear to contain\n"
+"more subcloves than they actually do.  At the moment, however, garlic, "
+"tunnel, and \n"
+"end to end messages include simple random padding."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:792
+msgid "Floodfill Anonymity attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:796
+#, python-format
+msgid ""
+"In addition to the floodfill DOS attacks described\n"
+"<a href=\"#ffdos\">above</a>, floodfill routers are uniquely positioned\n"
+"to learn about network participants, due to their role\n"
+"in the netDb, and the high frequency of communication with those "
+"participants.\n"
+"This is somewhat mitigated because floodfill routers only manage a "
+"portion\n"
+"of the total keyspace, and the keyspace rotates daily, as explained \n"
+"on the <a href=\"%(netdb)s#threat\">network database page</a>.\n"
+"The specific mechanisms by which routers communicate with floodfills have"
+" been\n"
+"<a href=\"%(netdb)s#delivery\">carefully designed</a>.\n"
+"However, these threats should be studied further.\n"
+"The specific potential threats and corresponding defenses are a topic for"
+" future research."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:812
+#, python-format
+msgid ""
+"A hostile user may attempt to harm the network by\n"
+"creating one or more floodfill routers and crafting them to offer\n"
+"bad, slow, or no responses.\n"
+"Several scenarios are discussed on the\n"
+"<a href=\"%(netdb)s#threat\">network database page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:822
+msgid "Central Resource Attacks"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:826
+msgid ""
+"There are a few centralized or limited resources (some inside I2P, some "
+"not)\n"
+"that could be attacked or used as a vector for attacks.\n"
+"The absence of jrandom starting November 2007, followed by the loss of "
+"the i2p.net hosting service in January 2008,\n"
+"highlighted numerous centralized resources in the development and "
+"operation of the I2P network,\n"
+"most of which are now distributed.\n"
+"Attacks on externally-reachable resources mainly affect the ability of "
+"new users to find us,\n"
+"not the operation of the network itself."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:836
+#, python-format
+msgid ""
+"The <a href=\"%(site)s\">website</a> is mirrored and uses DNS round-robin"
+" for external public access."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:839
+#, python-format
+msgid ""
+"Routers now support <a href=\"%(faq)s#reseed\">multiple external reseed "
+"locations</a>,\n"
+"however more reseed hosts may be needed, and the handling of unreliable "
+"or malicious\n"
+"reseed hosts may need improvement."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:844
+msgid ""
+"Routers now support multiple update file locations.\n"
+"A malicious update host could feed a huge file, need to limit the size."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:848
+msgid "Routers now support multiple default trusted update signers."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:851
+msgid ""
+"Routers now better handle <a href=\"#ffdos\">multiple unreliable "
+"floodfill peers</a>.\n"
+"Malicious floodfills <a href=\"#ffdos\">needs</a> <a "
+"href=\"#floodfill\">more</a> study."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:855
+#, python-format
+msgid ""
+"The code is now stored in a <a href=\"%(monotone)s\">distributed source "
+"control system</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:858
+msgid ""
+"Routers rely on a single news host, but there is a hardcoded backup URL "
+"pointing to a different host.\n"
+"A malicious news host could feed a huge file, need to limit the size."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:862
+#, python-format
+msgid ""
+"<a href=\"%(naming)s\">Naming system services</a>, including addressbook "
+"subscription providers, add-host services,\n"
+"and jump services, could be malicious. Substantial protections for "
+"subscriptions were implemented\n"
+"in release 0.6.1.31, with additional enhancements in subsequent releases."
+"\n"
+"However, all naming services require some measure of trust, see\n"
+"<a href=\"%(naming)s\">the naming page</a> for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:869
+msgid ""
+"We remain reliant on the DNS service for i2p2.de, losing this would cause"
+" substantial\n"
+"disruption in our ability to attract new users,\n"
+"and would shrink the network (in the short-to-medium term), just as the "
+"loss of i2p.net did."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:881
+msgid ""
+"These attacks aren't directly on the network, but instead go after its "
+"development team \n"
+"by either introducing legal hurdles on anyone contributing to the "
+"development\n"
+"of the software, or by using whatever means are available to get the "
+"developers to \n"
+"subvert the software.  Traditional technical measures cannot defeat these"
+" attacks, and\n"
+"if someone threatened the life or livelihood of a developer (or even just"
+" issuing a \n"
+"court order along with a gag order, under threat of prison), we would "
+"have a big problem."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:890
+msgid "However, two techniques help defend against these attacks:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:894
+#, python-format
+msgid ""
+"All components of the network must be open source to enable inspection, "
+"verification, \n"
+"modification, and improvement.  If a developer is compromised, once it is"
+" noticed \n"
+"the community should demand explanation and cease to accept that "
+"developer's work.\n"
+"All checkins to our <a href=\"%(monotone)s\">distributed source control "
+"system</a>\n"
+"are cryptographically signed, and the release packagers use a trust-list "
+"system\n"
+"to restrict modifications to those previously approved."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:902
+#, python-format
+msgid ""
+"Development over the network itself, allowing developers to stay "
+"anonymous but still \n"
+"secure the development process.  All I2P development can occur through "
+"I2P - using\n"
+"a <a href=\"%(monotone)s\">distributed source control system</a>,\n"
+"a distributed source control system, IRC chat,\n"
+"public web servers,\n"
+"discussion forums (forum.i2p), and the software distribution sites,\n"
+"all available within I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:913
+msgid ""
+"We also maintain relationships with various organizations that offer "
+"legal advice,\n"
+"should any defense be necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:918
+msgid "Implementation attacks (bugs)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:922
+msgid ""
+"Try as we might, most nontrivial applications include errors in the "
+"design or \n"
+"implementation, and I2P is no exception.  There may be bugs that could be"
+" exploited to \n"
+"attack the anonymity or security of the communication running over I2P in"
+" unexpected \n"
+"ways.  To help withstand attacks against the design or protocols in use, "
+"we publish \n"
+"all designs and documentation and solicit review and criticism with \n"
+"the hope that many eyes will improve the system.\n"
+"We do not believe in\n"
+"<a href=\"http://www.haystacknetwork.com/\">security through "
+"obscurity</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:933
+msgid ""
+"In addition, the code is being \n"
+"treated the same way, with little aversion towards reworking or throwing "
+"out \n"
+"something that isn't meeting the needs of the software system (including "
+"ease of \n"
+"modification).  Documentation for the design and implementation of the "
+"network and \n"
+"the software components are an essential part of security, as without "
+"them it is \n"
+"unlikely that developers would be willing to spend the time to learn the "
+"software \n"
+"enough to identify shortcomings and bugs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:943
+msgid ""
+"Our software is likely, in particular, to contain bugs related to denial "
+"of service\n"
+"through out-of-memory errors (OOMs), cross-site-scripting (XSS) issues  "
+"in the router console,\n"
+"and other vulnerabilities to non-standard inputs via the various "
+"protocols."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:949
+#, python-format
+msgid ""
+"I2P is still a small network with a small development community and "
+"almost no\n"
+"interest from academic or research groups.\n"
+"Therefore we lack the analysis that\n"
+"<a href=\"https://torproject.org/\">other anonymity networks</a>\n"
+"may have received. We continue to recruit people to\n"
+"<a href=\"%(volunteer)s\">get involved</a> and help."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:962
+msgid "Blocklists"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:963
+msgid ""
+"To some extent, I2P could be enhanced to avoid peers operating at IP "
+"addresses\n"
+"listed in a blocklist. Several blocklists are commonly available in "
+"standard formats,\n"
+"listing anti-P2P organizations, potential state-level adversaries, and "
+"others."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:969
+msgid ""
+"To the extent that active peers actually do show up in the actual "
+"blocklist,\n"
+"blocking by only a subset of peers would tend to segment the network,\n"
+"exacerbate reachability problems, and decrease overall reliability.\n"
+"Therefore we would want to agree on a particular blocklist and\n"
+"enable it by default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:977
+msgid ""
+"Blocklists are only a part (perhaps a small part) of an array of defenses"
+"\n"
+"against maliciousness.\n"
+"In large part the profiling system does a good job of measuring\n"
+"router behavior so that we don't need to trust anything in netDb.\n"
+"However there is more that can be done. For each of the areas in the\n"
+"list above there are improvements we can make in detecting badness."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:986
+msgid ""
+"If a blocklist is hosted at a central location with automatic updates\n"
+"the network is vulnerable to a\n"
+"<a href=\"#central\">central resource attack</a>.\n"
+"Automatic subscription to a list gives the list provider the power to "
+"shut\n"
+"the i2p network down. Completely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/threat-model.html:994
+msgid ""
+"Currently, a default blocklist is distributed with our software,\n"
+"listing only the IPs of past DOS sources.\n"
+"There is no automatic update mechanism.\n"
+"Should a particular IP range implement serious attacks on the I2P "
+"network,\n"
+"we would have to ask people to update their blocklist manually through\n"
+"out-of-band mechanisms such as forums, blogs, etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:2
+msgid "Tunnel Routing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:3
+msgid "July 2011"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:7
+msgid ""
+"This page contains an overview of I2P tunnel terminology and operation, "
+"with\n"
+"links to more technical pages, details, and specifications."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:12
+#, python-format
+msgid ""
+"As briefly explained in the <a href=\"%(intro)s\">introduction</a>, I2P "
+"builds virtual \"tunnels\" -\n"
+"temporary and unidirectional paths through a sequence of routers.  These"
+" \n"
+"tunnels are classified as either inbound tunnels (where everything \n"
+"given to it goes towards the creator of the tunnel) or outbound tunnels\n"
+"(where the tunnel creator shoves messages away from them).  When Alice\n"
+"wants to send a message to Bob, she will (typically) send it out one of\n"
+"her existing outbound tunnels with instructions for that tunnel's "
+"endpoint\n"
+"to forward it to the gateway router for one of Bob's current inbound \n"
+"tunnels, which in turn passes it to Bob."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:25
+msgid "Alice connecting through her outbound tunnel to Bob via his inbound tunnel"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:27
+msgid "Outbound Gateway"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:28
+msgid "Outbound Participant"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:29
+#: i2p2www/pages/site/docs/tunnels/implementation.html:131
+msgid "Outbound Endpoint"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:30
+#: i2p2www/pages/site/docs/tunnels/implementation.html:140
+msgid "Inbound Gateway"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:31
+msgid "Inbound Participant"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:32
+msgid "Inbound Endpoint"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:36
+msgid "Tunnel vocabulary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:38
+#, python-format
+msgid ""
+"<b>Tunnel gateway</b> - the first router in a tunnel.  For inbound "
+"tunnels,\n"
+"this is the one mentioned in the LeaseSet published in the\n"
+"<a href=\"%(netdb)s\">network database</a>.  For outbound tunnels, the\n"
+"gateway is the originating router.  (e.g. both A and D above)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:44
+msgid ""
+"<b>Tunnel endpoint</b> - the last router in a tunnel.  (e.g. both C and F"
+" above)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:45
+msgid ""
+"<b>Tunnel participant</b> - all routers in a tunnel except for the "
+"gateway or\n"
+"endpoint (e.g. both B and E above)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:49
+msgid ""
+"<b>n-Hop tunnel</b> - a tunnel with a specific number of inter-router "
+"jumps, e.g.:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:51
+msgid "<b>0-hop tunnel</b> - a tunnel where the gateway is also the endpoint"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:52
+msgid ""
+"<b>1-hop tunnel</b> - a tunnel where the gateway talks directly to the "
+"endpoint"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:53
+msgid ""
+"<b>2-(or more)-hop tunnel</b> - a tunnel where there is at least one "
+"intermediate\n"
+"tunnel participant. (the above diagram includes two 2-hop tunnels - one\n"
+"outbound from Alice, one inbound to Bob)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:60
+#, python-format
+msgid ""
+"<b>Tunnel ID</b> - A <a href=\"%(commonstructures)s#type_TunnelId\">4 "
+"byte integer</a>\n"
+"different for each hop in a tunnel, and unique among all tunnels on a "
+"router.\n"
+"Chosen randomly by the tunnel creator."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:67
+msgid "Tunnel Build Information"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:68
+#, python-format
+msgid ""
+"Routers performing the three roles (gateway, participant, endpoint) are "
+"given\n"
+"different pieces of data in the initial\n"
+"<a href=\"%(tunnelcreation)s\">Tunnel Build Message</a>\n"
+"to accomplish their tasks:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:75
+msgid "The tunnel gateway gets:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:77
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:97
+#, python-format
+msgid ""
+"<b>tunnel encryption key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
+"encrypting\n"
+"messages and instructions to the next hop"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:81
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:101
+#, python-format
+msgid ""
+"<b>tunnel IV key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
+"double-encrypting\n"
+"the IV to the next hop"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:85
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:105
+#, python-format
+msgid ""
+"<b>reply key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES public key</a> for "
+"encrypting\n"
+"the reply to the tunnel build request"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:89
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:109
+msgid ""
+"<b>reply IV</b> - the IV for encrypting the reply to the tunnel build "
+"request"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:90
+msgid "<b>tunnel id</b> - 4 byte integer (inbound gateways only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:91
+msgid ""
+"<b>next hop</b> - what router is the next one in the path (unless this is"
+" a 0-hop tunnel, and the gateway is also the endpoint)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:92
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:112
+msgid "<b>next tunnel id</b> - The tunnel ID on the next hop"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:95
+msgid "All intermediate tunnel participants get:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:110
+msgid "<b>tunnel id</b> - 4 byte integer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:111
+msgid "<b>next hop</b> - what router is the next one in the path"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:115
+msgid "The tunnel endpoint gets:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:117
+#, python-format
+msgid ""
+"<b>tunnel encryption key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
+"encrypting\n"
+"messages and instructions to the the endpoint (itself)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:121
+#, python-format
+msgid ""
+"<b>tunnel IV key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES private key</a> for "
+"double-encrypting\n"
+"the IV to the endpoint (itself)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:125
+#, python-format
+msgid ""
+"<b>reply key</b> - an <a "
+"href=\"%(commonstructures)s#type_SessionKey\">AES public key</a> for "
+"encrypting\n"
+"the reply to the tunnel build request (outbound endpoints only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:129
+msgid ""
+"<b>reply IV</b> - the IV for encrypting the reply to the tunnel build "
+"request (outbound endpoints only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:130
+msgid "<b>tunnel id</b> - 4 byte integer (outbound endpoints only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:131
+msgid ""
+"<b>reply router</b> - the inbound gateway of the tunnel to send the reply"
+" through (outbound endpoints only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:132
+msgid ""
+"<b>reply tunnel id</b> - The tunnel ID of the reply router (outbound "
+"endpoints only)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:137
+#, python-format
+msgid ""
+"Details are in the\n"
+"<a href=\"%(tunnelcreation)s\">tunnel creation specification</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:142
+msgid "Tunnel pooling"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:143
+#, python-format
+msgid ""
+"Several tunnels for a particular purpose may be grouped into a \"tunnel "
+"pool\",\n"
+"as described in the\n"
+"<a href=\"%(tunnelimpl)s#tunnel.pooling\">tunnel specification</a>.\n"
+"This provides redundancy and additional bandwidth.\n"
+"The pools used by the router itself are called \"exploratory tunnels\".\n"
+"The pools used by applications are called \"client tunnels\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:154
+msgid "Tunnel length"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:155
+#, python-format
+msgid ""
+"As mentioned above, each client requests that their router provide "
+"tunnels to\n"
+"include at least a certain number of hops.\n"
+"The decision as to how many routers\n"
+"to have in one's outbound and inbound tunnels has an important effect "
+"upon the\n"
+"latency, throughput, reliability, and anonymity provided by I2P - the "
+"more peers\n"
+"that messages have to go through, the longer it takes to get there and "
+"the more\n"
+"likely that one of those routers will fail prematurely.  The less routers"
+" in a\n"
+"tunnel, the easier it is for an adversary to mount traffic analysis "
+"attacks and\n"
+"pierce someone's anonymity.\n"
+"Tunnel lengths are specified by clients via\n"
+"<a href=\"%(i2cp)s#options\">I2CP options</a>.\n"
+"The maximum number of hops in a tunnel is 7."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:171
+msgid "0-hop tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:172
+msgid ""
+"With no remote routers in a tunnel, the user has very basic plausible\n"
+"deniability (since no one knows for sure that the peer that sent them the"
+"\n"
+"message wasn't simply just forwarding it on as part of the tunnel). "
+"However, it\n"
+"would be fairly easy to mount a statistical analysis attack and notice "
+"that\n"
+"messages targeting a specific destination are always sent through a "
+"single\n"
+"gateway.  Statistical analysis against outbound 0-hop tunnels are more "
+"complex,\n"
+"but could show similar information (though would be slightly harder to "
+"mount)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:182
+msgid "1-hop tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:183
+#, python-format
+msgid ""
+"With only one remote router in a tunnel, the user has both plausible\n"
+"deniability and basic anonymity, as long as they are not up against an "
+"internal\n"
+"adversary (as described on <a href=\"%(threatmodel)s\">threat model</a>)."
+" However,\n"
+"if the adversary ran a sufficient number of routers such that the single "
+"remote\n"
+"router in the tunnel is often one of those compromised ones, they would "
+"be able\n"
+"to mount the above statistical traffic analysis attack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:192
+msgid "2-hop tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:193
+msgid ""
+"With two or more remote routers in a tunnel, the costs of mounting the "
+"traffic\n"
+"analysis attack increases, since many remote routers would have to be "
+"compromised\n"
+"to mount it."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:199
+msgid "3-hop (or more) tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:200
+#, python-format
+msgid ""
+"To reduce the susceptibility to <a href=\"%(url)s\">some attacks</a>,\n"
+"3 or more hops are recommended for the highest level of protection.\n"
+"<a href=\"%(url)s\">Recent studies</a>\n"
+"also conclude that more than 3 hops does not provide additional "
+"protection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:208
+msgid "Tunnel default lengths"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:209
+#, python-format
+msgid ""
+"The router uses 2-hop tunnels by default for its exploratory tunnels.\n"
+"Client tunnel defaults are set by the application, using\n"
+"<a href=\"%(i2cp)s#options\">I2CP options</a>.\n"
+"Most applications use 2 or 3 hops as their default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:218
+msgid "Tunnel testing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:219
+#, python-format
+msgid ""
+"All tunnels are periodically tested by their creator by sending a\n"
+"DeliveryStatusMessage out an outbound tunnel and bound for another "
+"inbound tunnel\n"
+"(testing both tunnels at once).  If either fails a number of consecutive "
+"tests, it is marked as no longer\n"
+"functional. If it was used for a client's inbound tunnel, a new leaseSet\n"
+"is created.\n"
+"Tunnel test failures are also reflected in the\n"
+"<a href=\"%(peerselection)s#capacity\">capacity rating in the peer "
+"profile</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:230
+msgid "Tunnel creation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:231
+#, python-format
+msgid ""
+"Tunnel creation is handled by <a href=\"%(garlicrouting)s\">garlic "
+"routing</a>\n"
+"a Tunnel Build Message to a router, requesting that they participate in "
+"the\n"
+"tunnel (providing them with all of the appropriate information, as above,"
+" along\n"
+"with a certificate, which right now is a 'null' cert, but will support "
+"hashcash\n"
+"or other non-free certificates when necessary).\n"
+"That router forwards the message to the next hop in the tunnel.\n"
+"Details are in the\n"
+"<a href=\"%(tunnelcreation)s\">tunnel creation specification</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:245
+#, python-format
+msgid ""
+"Multi-layer encryption is handled by <a href=\"%(garlicrouting)s\">garlic"
+" encryption</a>\n"
+"of tunnel messages.\n"
+"Details are in the\n"
+"<a href=\"%(tunnelimpl)s\">tunnel specification</a>.\n"
+"The IV of each hop is encrypted with a separate key as explained there."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:257
+msgid ""
+"Other tunnel test techniques could be used, such as\n"
+"garlic wrapping a number of tests into cloves, testing individual tunnel\n"
+"participants separately, etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:263
+msgid "Move to 3-hop exploratory tunnels defaults."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:267
+msgid ""
+"In a distant future release,\n"
+"options specifying the pooling, mixing, and chaff generation settings may"
+" be implemented."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:272
+msgid ""
+"In a distant future release,\n"
+"limits on the quantity and size of messages allowed during the\n"
+"tunnel's lifetime may be implemented (e.g. no more than 300 messages or\n"
+"1MB per minute)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:284
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:15
+msgid "Tunnel specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:286
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:17
+msgid "Tunnel creation specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:288
+msgid "Unidirectional tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:290
+msgid "Tunnel message specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:292
+msgid "Garlic routing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:294
+msgid "ElGamal/AES+SessionTag"
+msgstr ""
+
+#: i2p2www/pages/site/docs/how/tunnel-routing.html:296
+msgid "I2CP options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:6
+msgid ""
+"The I2P Client Protocol (I2CP) exposes a strong separation of concerns "
+"between\n"
+"the router and any client that wishes to communicate over the network.  "
+"It enables\n"
+"secure and asynchronous messaging by sending and receiving messages over "
+"a \n"
+"single TCP socket.\n"
+"With I2CP, a client application tells the\n"
+"router who they are (their \"destination\"), what anonymity, reliability,"
+" and \n"
+"latency tradeoffs to make, and where to send messages.  In turn the "
+"router uses\n"
+"I2CP to tell the client when any messages have arrived, and to request "
+"authorization\n"
+"for some tunnels to be used."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:18
+#, python-format
+msgid ""
+"The protocol itself is implemented in Java, to provide the\n"
+"<a href=\"%(url)s\">Client SDK</a>.\n"
+"This SDK is exposed in the i2p.jar package, which implements the client-"
+"side of I2CP.\n"
+"Clients should never need to access the router.jar package, which "
+"contains the\n"
+"router itself and the router-side of I2CP.\n"
+"There is also a <a href=\"%(libi2cp)s\">C library implementation</a>.\n"
+"A non-Java client would also have to implement the\n"
+"<a href=\"%(streaming)s\">streaming library</a> for TCP-style connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:31
+#, python-format
+msgid ""
+"Applications can take advantage of the base I2CP plus the \n"
+"<a href=\"%(streaming)s\">streaming</a> and <a "
+"href=\"%(datagrams)s\">datagram</a> libraries\n"
+"by using the <a href=\"%(sam)s\">Simple Anonymous Messaging</a> or <a "
+"href=\"%(bob)s\">BOB</a> protocols,\n"
+"which do not require clients to deal with any sort of cryptography.\n"
+"Also, clients may access the network by one of several proxies -\n"
+"HTTP, CONNECT, and SOCKS 4/4a/5.\n"
+"Alternatively, Java clients may access those libraries in "
+"ministreaming.jar and streaming.jar.\n"
+"So there are several options for both Java and non-Java applications."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:43
+#, python-format
+msgid ""
+"Client-side end-to-end encryption (encrypting the data over the I2CP "
+"connection)\n"
+"was disabled in I2P release 0.6,\n"
+"leaving in place the <a href=\"%(elgamalaes)s\">ElGamal/AES end-to-end "
+"encryption</a>\n"
+"which is implemented in the router.\n"
+"The only cryptography that client libraries must still implement is\n"
+"<a href=\"%(cryptography)s#DSA\">DSA public/private key signing</a>\n"
+"for <a href=\"%(i2cp)s#msg_CreateLeaseSet\">LeaseSets</a> and\n"
+"<a href=\"%(i2cp)s#struct_SessionConfig\">Session Configurations</a>, and"
+" management of those keys."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:56
+msgid ""
+"In a standard I2P installation, port 7654 is used by external java "
+"clients to communicate\n"
+"with the local router via I2CP.\n"
+"By default, the router binds to address 127.0.0.1. To bind to 0.0.0.0, "
+"set the\n"
+"router advanced configuration option "
+"<tt>i2cp.tcp.bindAllInterfaces=true</tt> and restart.\n"
+"Clients in the same JVM as the router pass messages directly to the "
+"router\n"
+"through an internal JVM interface."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:65
+#, python-format
+msgid ""
+"The router also supports external connections over SSL.\n"
+"While SSL is not the default, it is strongly recommended for any traffic "
+"that may\n"
+"be exposed to the open Internet. The authorization user/password (if "
+"any), the\n"
+"<a href=\"%(commonstructures)s#type_PrivateKey\">Private Key</a> and\n"
+"<a href=\"%(commonstructures)s#type_SigningPrivateKey\">Signing Private "
+"Key</a> for the\n"
+"<a href=\"%(commonstructures)s#struct_Destination\">Destination</a>\n"
+"are all transmitted in-the-clear unless SSL is enabled."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:75
+msgid "I2CP Protocol Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:76
+#, python-format
+msgid "Now on the <a href=\"%(i2cp)s\">I2CP Specification page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:81
+msgid "I2CP Initialization"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:82
+#, python-format
+msgid ""
+"When a client connects to the router, it first sends a single protocol "
+"version byte (0x2A).\n"
+"Then it sends a <a href=\"%(i2cp)s#msg_GetDate\">GetDate Message</a> and "
+"waits for the <a href=\"%(i2cp)s#msg_SetDate\">SetDate Message</a> "
+"response.\n"
+"Next, it sends a <a href=\"%(i2cp)s#msg_CreateSession\">CreateSession "
+"Message</a> containing the session configuration.\n"
+"It next awaits a <a href=\"%(i2cp)s#msg_RequestLeaseSet\">RequestLeaseSet"
+" Message</a> from the router, indicating that inbound tunnels\n"
+"have been built, and responds with a CreateLeaseSetMessage containing the"
+" signed LeaseSet.\n"
+"The client may now initiate or receive connections from other I2P "
+"destinations."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:91
+msgid "I2CP Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:92
+#: i2p2www/pages/site/docs/protocol/i2cp.html:99
+msgid "Router-side Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:93
+#, python-format
+msgid ""
+"The following options are traditionally passed to the router via\n"
+"a <a href=\"%(i2cp)s#struct_SessionConfig\">SessionConfig</a> contained "
+"in a <a href=\"%(i2cp)s#msg_CreateSession\">CreateSession Message</a> or "
+"a <a href=\"%(i2cp)s#msg_ReconfigureSession\">ReconfigureSession "
+"Message</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:104
+#: i2p2www/pages/site/docs/protocol/i2cp.html:479
+msgid "As Of Release"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:105
+#: i2p2www/pages/site/docs/protocol/i2cp.html:480
+msgid "Recommended Arguments"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:106
+#: i2p2www/pages/site/docs/protocol/i2cp.html:481
+msgid "Allowable Range"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:117
+msgid ""
+"The timeout (ms) for all sent messages. Unused.\n"
+"See the protocol specification for per-message settings."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:129
+msgid ""
+"Minimum number of ElGamal/AES Session Tags before we send more.\n"
+"Recommended: approximately tagsToSend * 2/3"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:141
+msgid ""
+"Number of ElGamal/AES Session Tags to send at a time.\n"
+"For clients with relatively low bandwidth per-client-pair (IRC, some UDP "
+"apps), this may be set lower."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:153
+msgid ""
+"Comma-separated list of Base 64 Hashes of peers to build tunnels through;"
+" for debugging only"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:162
+msgid "Should generally be set to true for clients and false for servers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:171
+#: i2p2www/pages/site/docs/protocol/i2cp.html:519
+msgid ""
+"If true, the router just sends the MessagePayload instead\n"
+"of sending a MessageStatus and awaiting a ReceiveMessageBegin."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:183
+msgid ""
+"Guaranteed is disabled;\n"
+"None implemented in 0.8.1; the streaming lib default is None as of 0.8.1,"
+" the client side default is None as of 0.9.4"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:195
+msgid ""
+"For authorization, if required by the router.\n"
+"If the client is running in the same JVM as a router, this option is not "
+"required.\n"
+"Warning - username and password are sent in the clear to the router, "
+"unless using SSL (i2cp.SSL=true).\n"
+"Authorization is only recommended when using SSL."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:217
+msgid "If incoming zero hop tunnel is allowed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:226
+msgid "If outgoing zero hop tunnel is allowed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:232
+#: i2p2www/pages/site/docs/protocol/i2cp.html:241
+#: i2p2www/pages/site/docs/protocol/i2cp.html:250
+#: i2p2www/pages/site/docs/protocol/i2cp.html:262
+#: i2p2www/pages/site/docs/protocol/i2cp.html:274
+#: i2p2www/pages/site/docs/protocol/i2cp.html:283
+#: i2p2www/pages/site/docs/protocol/i2cp.html:292
+#: i2p2www/pages/site/docs/protocol/i2cp.html:307
+#: i2p2www/pages/site/docs/protocol/i2cp.html:343
+#: i2p2www/pages/site/docs/protocol/i2cp.html:355
+#: i2p2www/pages/site/docs/protocol/i2cp.html:368
+#, python-format
+msgid "number from %(from)s to %(to)s"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:233
+#: i2p2www/pages/site/docs/protocol/i2cp.html:242
+#: i2p2www/pages/site/docs/protocol/i2cp.html:369
+msgid "No limit"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:235
+msgid "Number of redundant fail-over for tunnels in"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:244
+msgid "Number of redundant fail-over for tunnels out"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:251
+#: i2p2www/pages/site/docs/protocol/i2cp.html:263
+#: i2p2www/pages/site/docs/protocol/i2cp.html:275
+#: i2p2www/pages/site/docs/protocol/i2cp.html:284
+#: i2p2www/pages/site/docs/protocol/i2cp.html:293
+#: i2p2www/pages/site/docs/protocol/i2cp.html:308
+#: i2p2www/pages/site/docs/protocol/i2cp.html:344
+#: i2p2www/pages/site/docs/protocol/i2cp.html:356
+#: i2p2www/pages/site/docs/protocol/i2cp.html:608
+#, python-format
+msgid "%(from)s to %(to)s"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:253
+#: i2p2www/pages/site/docs/protocol/i2cp.html:265
+msgid ""
+"Number of IP bytes to match to determine if\n"
+"two routers should not be in the same tunnel. 0 to disable."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:277
+msgid "Length of tunnels in"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:286
+msgid "Length of tunnels out"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:295
+msgid ""
+"Random amount to add or subtract to the length of tunnels in.\n"
+"A positive number x means add a random amount from 0 to x inclusive.\n"
+"A negative number -x means add a random amount from -x to x inclusive.\n"
+"The router will limit the total length of the tunnel to 0 to 7 inclusive."
+"\n"
+"The default variance was 1 prior to release 0.7.6."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:310
+msgid ""
+"Random amount to add or subtract to the length of tunnels out.\n"
+"A positive number x means add a random amount from 0 to x inclusive.\n"
+"A negative number -x means add a random amount from -x to x inclusive.\n"
+"The router will limit the total length of the tunnel to 0 to 7 inclusive."
+"\n"
+"The default variance was 1 prior to release 0.7.6."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:325
+msgid ""
+"Name of tunnel - generally used in routerconsole, which will\n"
+"use the first few characters of the Base64 hash of the destination by "
+"default."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:337
+msgid "Name of tunnel - generally ignored unless inbound.nickname is unset."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:346
+msgid ""
+"Priority adjustment for outbound messages.\n"
+"Higher is higher priority."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:358
+msgid ""
+"Number of tunnels in.\n"
+"Limit was increased from 6 to 16 in release 0.9; however, numbers higher "
+"than 6 are\n"
+"incompatible with older releases."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:371
+msgid "Number of tunnels out"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:380
+msgid "Used for consistent peer ordering across restarts."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:399
+msgid ""
+"Any other options prefixed with \"inbound.\" are stored\n"
+"in the \"unknown options\" properties of the inbound tunnel pool's "
+"settings."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:411
+msgid ""
+"Any other options prefixed with \"outbound.\" are stored\n"
+"in the \"unknown options\" properties of the outbound tunnel pool's "
+"settings."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:423
+msgid ""
+"Set to false to disable ever bundling a reply LeaseSet.\n"
+"For clients that do not publish their LeaseSet, this option must be true\n"
+"for any reply to be possible. \"true\" is also recommended for multihomed"
+" servers\n"
+"with long connection times."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:430
+msgid ""
+"Setting to \"false\" may save significant outbound bandwidth, especially "
+"if\n"
+"the client is configured with a large number of inbound tunnels (Leases)."
+"\n"
+"If replies are still required, this may shift the bandwidth burden to\n"
+"the far-end client and the floodfill.\n"
+"There are several cases where \"false\" may be appropriate:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:438
+msgid "Unidirectional communication, no reply required"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:439
+msgid "LeaseSet is published and higher reply latency is acceptable"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:440
+msgid ""
+"LeaseSet is published, client is a \"server\", all connections are "
+"inbound\n"
+"so the connecting far-end destination obviously has the leaseset already."
+"\n"
+"Connections are either short, or it is acceptable for latency on a long-"
+"lived\n"
+"connection to temporarily increase while the other end re-fetches the "
+"LeaseSet\n"
+"after expiration.\n"
+"HTTP servers may fit these requirements."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:453
+msgid ""
+"Note: Large quantity, length, or variance settings may cause significant "
+"performance or reliability problems."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:457
+#, python-format
+msgid ""
+"Note: As of release 0.7.7, option names and values must use UTF-8 "
+"encoding.\n"
+"This is primarily useful for nicknames.\n"
+"Prior to that release, options with multi-byte characters were corrupted."
+"\n"
+"Since options are encoded in a <a "
+"href=\"%(commonstructures)s#type_Mapping\">Mapping</a>,\n"
+"all option names and values are limited to 255 bytes (not characters) "
+"maximum."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:465
+#: i2p2www/pages/site/docs/protocol/i2cp.html:474
+msgid "Client-side Options"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:466
+msgid ""
+"The following options are interpreted on the client side,\n"
+"and will be interpreted if passed to the I2PSession via the "
+"I2PClient.createSession() call.\n"
+"The streaming lib should also pass these options through to I2CP.\n"
+"Other implementations may have different defaults."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:490
+#: i2p2www/pages/site/docs/protocol/i2cp.html:590
+#, python-format
+msgid "%(num)s minimum"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:492
+msgid "(ms) Idle time required (default 30 minutes)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:501
+msgid "Close I2P session when idle"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:510
+msgid "Encrypt the lease"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:531
+msgid "Gzip outbound data"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:540
+msgid "For encrypted leasesets. Base 64 SessionKey (44 characters)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:549
+msgid ""
+"Base 64 private key for encryption.\n"
+"Optionally preceded by the key type and ':'.\n"
+"Only \"ELGAMAL_2048:\" is supported, which is the default.\n"
+"I2CP will generate the public key from the private key.\n"
+"Use for persistent leaseset keys across restarts."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:564
+msgid ""
+"Base 64 private key for signatures.\n"
+"Optionally preceded by the key type and ':'.\n"
+"DSA_SHA1 is the default.\n"
+"Key type must match the signature type in the destination.\n"
+"I2CP will generate the public key from the private key.\n"
+"Use for persistent leaseset keys across restarts."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:580
+msgid ""
+"Guaranteed is disabled;\n"
+"None implemented in 0.8.1; None is the default as of 0.9.4"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:592
+msgid "(ms) Idle time required (default 20 minutes, minimum 5 minutes)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:601
+msgid "Reduce tunnel quantity when idle"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:610
+msgid "Tunnel quantity when reduced (applies to both inbound and outbound)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:619
+msgid ""
+"Connect to the router using SSL.\n"
+"If the client is running in the same JVM as a router, this option is "
+"ignored, and the client connects to that router internally."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:631
+msgid ""
+"Router hostname.\n"
+"If the client is running in the same JVM as a router, this option is "
+"ignored, and the client connects to that router internally."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:643
+msgid ""
+"Router I2CP port.\n"
+"If the client is running in the same JVM as a router, this option is "
+"ignored, and the client connects to that router internally."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:650
+msgid ""
+"Note: All arguments, including numbers, are strings. True/false values "
+"are case-insensitive strings.\n"
+"Anything other than case-insensitive \"true\" is interpreted as false.\n"
+"All option names are case-sensitive."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:656
+msgid "I2CP Payload Data Format and Multiplexing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:657
+#, python-format
+msgid ""
+"The end-to-end messages handled by I2CP (i.e. the data sent by the client"
+" in a\n"
+"<a href=\"%(i2cp)s#msg_SendMessage\">SendMessageMessage</a>\n"
+"and received by the client in a\n"
+"<a href=\"%(i2cp)s#msg_MessagePayload\">MessagePayloadMessage</a>)\n"
+"are gzipped with a standard 10-byte gzip\n"
+"header beginning with 0x1F 0x8B 0x08 as\n"
+"specified by <a href=\"http://www.ietf.org/rfc/rfc1952.txt\">RFC "
+"1952</a>.\n"
+"As of release 0.7.1, I2P uses ignored portions of the gzip header to "
+"include\n"
+"protocol, from-port, and to-port information, thus supporting streaming "
+"and\n"
+"datagrams on the same destination, and allowing query/response using "
+"datagrams\n"
+"to work reliably in the presence of multiple channels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:671
+msgid ""
+"The gzip function cannot be completely turned off, however setting "
+"i2cp.gzip=false\n"
+"turns the gzip effort setting to 0, which may save a little CPU."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:677
+#: i2p2www/pages/site/docs/protocol/i2np.html:32
+msgid "Bytes"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:678
+msgid "Content"
+msgstr "Conteúdo"
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:683
+msgid "Gzip header"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:688
+msgid "Gzip flags"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:693
+msgid "I2P Source port (Gzip mtime)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:698
+msgid "I2P Destination port (Gzip mtime)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:703
+msgid "Gzip xflags"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:708
+msgid "I2P Protocol (6 = Streaming, 17 = Datagram, 18 = Raw Datagrams) (Gzip OS)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:717
+msgid ""
+"Data integrity is verified with the standard gzip CRC-32 as\n"
+"specified by <a href=\"http://www.ietf.org/rfc/rfc1952.txt\">RFC 1952</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:725
+msgid ""
+"The current authorization mechanism could be modified to use hashed "
+"passwords."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:729
+msgid ""
+"The Signing Private Keys is included in the Create Lease Set message,\n"
+"it is not required. Revocation is unimplemented.\n"
+"It should be replaced with random data or removed."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2cp.html:735
+#, python-format
+msgid ""
+"Some improvements may be able to use messages previously defined but not "
+"implemented.\n"
+"For reference, here is the\n"
+"<a href=\"%(pdf1)s\">I2CP Protocol Specification Version 0.9</a>\n"
+"(PDF) dated August 28, 2003.\n"
+"That document also references the\n"
+"<a href=\"%(pdf2)s\">Common Data Structures Specification Version 0.9</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:2
+msgid "I2P Network Protocol"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:3
+msgid "June 2013"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:6
+msgid ""
+"The I2P Network Protocol (I2NP),\n"
+"which is sandwiched between I2CP and the various I2P transport protocols,"
+" manages the\n"
+"routing and mixing of messages between routers, as well as the selection "
+"of what\n"
+"transports to use when communicating with a peer for which there are "
+"multiple\n"
+"common transports supported."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:14
+msgid "I2NP Definition"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:15
+msgid ""
+"I2NP (I2P Network Protocol) messages can be used for one-hop, router-to-"
+"router, point-to-point messages.\n"
+"By encrypting and wrapping messages in other messages, they can be sent "
+"in a secure way\n"
+"through multiple hops to the ultimate destination.\n"
+"Priority is only used locally at the origin, i.e. when queuing for "
+"outbound delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:22
+#, python-format
+msgid ""
+"The priorities listed below may not be current and are subject to change."
+"\n"
+"See the <a href=\"%(outnetmessage)s\">OutNetMessage Javadocs</a>\n"
+"for the current priority settings.\n"
+"Priority queueing implementation may vary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:29
+msgid "Message Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:32
+msgid "Field"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:33
+msgid "Unique ID"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:34
+msgid "Expiration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:35
+#: i2p2www/pages/site/docs/protocol/i2np.html:92
+msgid "Payload Length"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:36
+msgid "Checksum"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:37
+msgid "Payload"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:40
+#, python-format
+msgid ""
+"While the maximum payload size is nominally 64KB, the size is further "
+"constrained by the\n"
+"method of fragmenting I2NP messages into multiple 1KB tunnel messages as "
+"described on\n"
+"<a href=\"%(tunnelimpl)s\">the tunnel implementation page</a>.\n"
+"The maximum number of fragments is 64, and the message may not be "
+"perfectly aligned,\n"
+"So the message must nominally fit in 63 fragments."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:48
+msgid ""
+"The maximum size of an initial fragment is 956 bytes (assuming TUNNEL "
+"delivery mode);\n"
+"the maximum size of a follow-on fragment is 996 bytes.\n"
+"Therefore the maximum size is approximately 956 + (62 * 996) = 62708 "
+"bytes, or 61.2 KB."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:54
+msgid ""
+"In addition, the transports may have additional restrictions.\n"
+"NTCP currently limits to 16KB - 6 = 16378 bytes but this will be "
+"increased in a future release.\n"
+"The SSU limit is approximately 32 KB."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:60
+msgid ""
+"Note that these are not the limits for datagrams that the client sees, as"
+" the\n"
+"router may bundle a reply leaseset and/or session tags together with the "
+"client message\n"
+"in a garlic message. The leaseset and tags together may add about 5.5KB.\n"
+"Therefore the current datagram limit is about 10KB. This limit will be\n"
+"increased in a future release."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:68
+msgid "Message Types"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:69
+msgid ""
+"Higher-numbered priority is higher priority.\n"
+"The majority of traffic is TunnelDataMessages (priority 400),\n"
+"so anything above 400 is essentially high priority, and\n"
+"anything below is low priority.\n"
+"Note also that many of the messages are generally routed\n"
+"through exploratory tunnels, not client tunnels, and\n"
+"therefore may not be in the same queue unless the\n"
+"first hops happen to be on the same peer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:80
+msgid ""
+"Also, not all message types are sent unencrypted.\n"
+"For example, when testing a tunnel, the router wraps a\n"
+"DeliveryStatusMessage, which is wrapped in a GarlicMessage,\n"
+"which is wrapped in a DataMessage."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:90
+msgid "Message"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:91
+msgid "Type"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:94
+msgid "Comments"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:102
+msgid "May vary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:108
+msgid ""
+"Size is 65 + 32*(number of hashes) where typically, the hashes for\n"
+"three floodfill routers are returned."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:117
+msgid "Varies"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:119
+msgid ""
+"Priority may vary.\n"
+"Size is 898 bytes for a typical 2-lease leaseSet.\n"
+"RouterInfo structures are compressed, and size varies; however\n"
+"there is a continuing effort to reduce the amount of data published in a "
+"RouterInfo\n"
+"as we approach release 1.0."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:133
+msgid "Priority may vary on a per-destination basis"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:143
+msgid ""
+"Used for message replies, and for testing tunnels - generally wrapped in "
+"a GarlicMessage"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:151
+msgid ""
+"Generally wrapped in a DataMessage -\n"
+"but when unwrapped, given a priority of 100 by the forwarding router"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:178
+msgid ""
+"The most common message. Priority for tunnel participants, outbound "
+"endpoints, and inbound gateways was\n"
+"reduced to 200 as of release 0.6.1.33.\n"
+"Outbound gateway messages (i.e. those originated locally) remains at 400."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:198
+msgid "Shorter TunnelBuildMessage as of 0.7.12"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:206
+msgid "Shorter TunnelBuildReplyMessage as of 0.7.12"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:209
+#, python-format
+msgid "Others listed in <a href=\"%(pdf)s\">2003 Spec</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:215
+msgid "Obsolete, Unused"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:219
+msgid "Full Protocol Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:220
+#, python-format
+msgid ""
+"<a href=\"%(i2npspec)s\">On the I2NP Specification page</a>.\n"
+"See also the\n"
+"<a href=\"%(commonstructures)s\">Common Data Structure Specification "
+"page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/i2np.html:227
+msgid ""
+"It isn't clear whether the current priority scheme is generally "
+"effective,\n"
+"and whether the priorities for various messages should be adjusted "
+"further.\n"
+"This is a topic for further research, analysis and testing."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:2
+msgid "Protocol Stack"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:7
+#, python-format
+msgid ""
+"Here is the protocol stack for I2P.\n"
+"See also the <a href=\"%(docs)s\">Index to Technical Documentation</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:12
+msgid ""
+"Each of the layers in the stack provides extra capabilities.\n"
+"The capabilities are listed below, starting at the bottom of the protocol"
+" stack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:18
+msgid "Internet Layer:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:20
+msgid ""
+"IP: Internet Protocol, allow addressing hosts on the regular internet and"
+" routing packets across the internet using best-effort delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:23
+msgid "Transport Layer:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:25
+msgid ""
+"TCP: Transmission Control Protocol, allow reliable, in-order delivery of "
+"packets across the internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:27
+msgid ""
+"UDP: User Datagram Protocol, allow unreliable, out-of-order delivery of "
+"packets across the internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:30
+msgid ""
+"<b>I2P Transport Layer:</b> provide encrypted connections between 2 I2P "
+"routers. These are not anonymous yet, this is strictly a hop-to-hop "
+"connection.\n"
+"Two protocols are implemented to provide these capabilities. NTCP builds "
+"on top of TCP, while SSU uses UDP."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:35
+msgid "NIO-based TCP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:37
+msgid "Secure Semi-reliable UDP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:40
+msgid "<b>I2P Tunnel Layer:</b> provide full encrypted tunnel connections."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:42
+#, python-format
+msgid ""
+"<a href=\"%(tunnelmessage)s\">Tunnel messages</a>: tunnel messages are "
+"large messages containing encrypted I2NP (see below) messages and "
+"encrypted instructions for their delivery.\n"
+"The encryption is layered. The first hop will decrypt the tunnel message "
+"and read a part. Another part can still be encrypted (with another key),"
+"\n"
+"so it will be forwarded."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:48
+#, python-format
+msgid ""
+"<a href=\"%(i2np)s\">I2NP messages</a>: I2P Network Protocol messages are"
+" used to pass messages through multiple routers. These I2NP messages are "
+"combined in tunnel messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:53
+msgid ""
+"<b>I2P Garlic Layer:</b> provide encrypted and anonymous end-to-end I2P "
+"message delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:55
+#, python-format
+msgid ""
+"<a href=\"%(i2np)s\">I2NP messages</a>: I2P Network Protocol messages are"
+" wrapped in each other and used to ensure encryption between two tunnels "
+"and are passed along from source to destination, keeping both anonymous."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:61
+msgid ""
+"The following layers are strictly speaking no longer part of the I2P "
+"Protocol stack, they are not part of the core 'I2P router' functionality."
+"\n"
+"However, each of these layers adds additional functionality, to allow "
+"applications simple and convenient I2P usage."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:67
+msgid ""
+"<b>I2P Client Layer:</b> allow any client to use I2P functionality, "
+"without requiring the direct use of the router API."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:69
+#, python-format
+msgid ""
+"<a href=\"%(i2cp)s\">I2CP</a>: I2P Client Protocol, allows secure and "
+"asynchronous messaging over I2P by communicating messages over the I2CP "
+"TCP socket."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:74
+msgid ""
+"<b>I2P End-to-end Transport Layer:</b> allow TCP- or UDP-like "
+"functionality on top of I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:76
+#, python-format
+msgid ""
+"<a href=\"%(streaming)s\">Streaming Library</a>: an implementation of "
+"TCP-like streams over I2P. This allows easier porting of existing "
+"applications to I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:80
+#, python-format
+msgid ""
+"<a href=\"%(datagrams)s\">Datagram Library</a>: an implementation of UDP-"
+"like messages over I2P. This allows easier porting of existing "
+"applications to I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:85
+msgid ""
+"<b>I2P Application Interface Layer:</b> additional (optional) libraries "
+"allowing easier implementations on top of I2P."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:93
+msgid "<b>I2P Application Proxy Layer:</b> proxy systems."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:95
+#, python-format
+msgid "HTTP Client/Server, IRC Client, <a href=\"%(socks)s\">SOCKS</a>, Streamr"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:99
+msgid ""
+"Finally, what could be considered the <b>'I2P application layer'</b>, is "
+"a large number of applications on top of I2P.\n"
+"We can order this based on the I2P stack layer they use."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:104
+msgid "<b>Streaming/datagram applications</b>: i2psnark, Syndie, i2phex..."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:105
+msgid "<b>SAM/BOB applications</b>: IMule, i2p-bt, i2prufus, Robert..."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:106
+#, python-format
+msgid ""
+"<b>Other I2P applications</b>: Syndie, EepGet, <a "
+"href=\"%(plugins)s\">plugins</a>..."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:107
+msgid ""
+"<b>Regular applications</b>: Jetty, Apache, Monotone, CVS, browsers, "
+"e-mail..."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:111
+msgid "I2P Network stack"
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:113
+msgid "Figure 1: The layers in the I2P Network stack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/protocol/index.html:118
+msgid "Note: SAM/SAMv2 can use both the streaming lib and datagrams."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:2
+msgid "Transport Overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:3
+msgid "September 2014"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:6
+msgid "Transports in I2P"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:8
+msgid ""
+"A \"transport\" in I2P is a method for direct, point-to-point "
+"communication\n"
+"between two routers.\n"
+"Transports must provide confidentiality and integrity \n"
+"against external adversaries while authenticating that the router "
+"contacted \n"
+"is the one who should receive a given message."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:16
+msgid ""
+"I2P supports multiple transports simultaneously.\n"
+"There are two transports currently implemented:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:21
+#, python-format
+msgid "<a href=\"%(ntcp)s\">NTCP</a>, a Java New I/O (NIO) TCP transport"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:22
+#, python-format
+msgid " <a href=\"%(ssu)s\">SSU</a>, or Secure Semireliable UDP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:25
+msgid ""
+"Each provides a \"connection\" paradigm, with authentication,\n"
+"flow control, acknowledgments and retransmission."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:31
+msgid "Transport Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:33
+msgid "The transport subsystem in I2P provides the following services:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:37
+#, python-format
+msgid ""
+"Reliable delivery of <a href=\"%(i2np)s\">I2NP</a> messages.\n"
+"Transports support I2NP message delivery ONLY.\n"
+"They are not general-purpose data pipes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:42
+msgid "In-order delivery of messages is NOT guaranteed by all transports."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:43
+msgid ""
+"Maintain a set of router addresses, one or more for each transport,\n"
+"that the router publishes as its global contact information (the "
+"RouterInfo).\n"
+"Each transport may connect using one of these addresses, which may be\n"
+"IPv4 or (as of version 0.9.8) IPv6."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:49
+msgid "Selection of the best transport for each outgoing message"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:50
+msgid "Queueing of outbound messages by priority"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:51
+msgid ""
+"Bandwidth limiting, both outbound and inbound, according to router "
+"configuration"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:52
+msgid "Setup and teardown of transport connections"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:53
+msgid "Encryption of point-to-point communications"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:54
+msgid ""
+"Maintenance of connection limits for each transport, implementation of "
+"various thresholds for these limits,\n"
+"and communication of threshold status to the router so it may make "
+"operational changes based on the status"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:58
+msgid "Firewall port opening using UPnP (Universal Plug and Play)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:59
+msgid "Cooperative NAT/Firewall traversal"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:60
+msgid ""
+"Local IP detection by various methods, including UPnP, inspection of "
+"incoming connections, and enumeration of network devices"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:61
+msgid ""
+"Coordination of firewall status and local IP, and changes to either, "
+"among the transports"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:62
+#: i2p2www/pages/site/docs/transport/ssu.html:36
+msgid ""
+"Communication of firewall status and local IP, and changes to either, to "
+"the router and the user interface"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:63
+msgid ""
+"Determination of a consensus clock, which is used to periodically update "
+"the router's clock, as a backup for NTP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:64
+msgid ""
+"Maintenance of status for each peer, including whether it is connected, "
+"whether it was recently connected,\n"
+"and whether it was reachable in the last attempt"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:68
+msgid "Qualification of valid IP addresses according to a local rule set"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:69
+msgid ""
+"Honoring the automated and manual lists of banned peers maintained by the"
+" router,\n"
+"and refusing outbound and inbound connections to those peers"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:76
+msgid "Transport Addresses"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:78
+msgid ""
+"The transport subsystem maintains a set of router addresses, each of "
+"which lists a transport method, IP, and port.\n"
+"These addresses constitute the advertised contact points, and are "
+"published by the router to the network database.\n"
+"Addresses may also contain an arbitrary set of additional options."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:84
+msgid "Each transport method may publish multiple router addresses."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:88
+msgid "Typical scenarios are:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:90
+msgid ""
+"A router has no published addresses, so it is considered \"hidden\" and "
+"cannot receive incoming connections"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:91
+#, python-format
+msgid ""
+"A router is firewalled, and therefore publishes an SSU address which "
+"contains a list of cooperating\n"
+"peers or \"introducers\" who will assist in NAT traversal (see <a "
+"href=\"%(ssu)s\">the SSU spec</a> for details)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:95
+msgid ""
+"A router is not firewalled or its NAT ports  are open; it publishes both "
+"NTCP and SSU addresses containing\n"
+"directly-accessible IP and ports."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:101
+msgid "Transport Selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:103
+#, python-format
+msgid ""
+"The transport system delivers <a href=\"%(i2np)s\">I2NP messages</a> "
+"only. The transport selected for any message is\n"
+"independent of the upper-layer protocols and contents (router or client "
+"messages, whether an external application was using\n"
+"TCP or UDP to connect to I2P, whether the upper layer was using\n"
+"<a href=\"%(streaming)s\">the streaming library</a>\n"
+"streaming\n"
+"or\n"
+"<a href=\"%(datagrams)s\">datagrams</a>,\n"
+"datagrams\n"
+"etc.)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:117
+msgid ""
+"For each outgoing message, the transport system solicits \"bids\" from "
+"each transport.\n"
+"The transport bidding the lowest (best) value wins the bid and receives "
+"the message for delivery.\n"
+"A transport may refuse to bid."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:123
+msgid "Whether a transport bids, and with what value, depend on numerous factors:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:127
+msgid "Configuration of transport preferences"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:128
+msgid "Whether the transport is already connected to the peer"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:129
+msgid ""
+"The number of current connections compared to various connection limit "
+"thresholds"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:130
+msgid "Whether recent connection attempts to the peer have failed"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:131
+msgid ""
+"The size of the message, as different transports have different size "
+"limits"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:132
+msgid ""
+"Whether the peer can accept incoming connections for that transport, as "
+"advertised in its RouterInfo"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:133
+msgid "Whether the connection would be indirect (requiring introducers) or direct"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:134
+msgid "The peer's transport preference, as advertised in its RouterInfo"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:137
+msgid ""
+"In general, the bid values are selected so that two routers are only "
+"connected by a single transport\n"
+"at any one time. However, this is not a requirement."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:144
+msgid "New Transports and Future Work"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:146
+msgid "Additional transports may be developed, including:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:151
+msgid "A TLS/SSH look-alike transport"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:152
+msgid ""
+"An \"indirect\" transport for routers that are not reachable by all other"
+" routers (one form of \"restricted routes\")"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:153
+msgid "Tor-compatible pluggable transports"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:156
+msgid ""
+"Work continues on adjusting default connection limits for each transport."
+"\n"
+"I2P is designed as a \"mesh network\", where it is assumed that any "
+"router can connect to any other router.\n"
+"This assumption may be broken by routers that have exceeded their "
+"connection limits, and by\n"
+"routers that are behind restrictive state firewalls (restricted routes)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:163
+msgid ""
+"The current connection limits are higher for SSU than for NTCP, based on "
+"the assumption that\n"
+"the memory requirements for an NTCP connection are higher than that for "
+"SSU.\n"
+"However, as NTCP buffers are partially in the kernel and SSU buffers are "
+"on the Java heap,\n"
+"that assumption is difficult to verify."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/index.html:170
+#, python-format
+msgid ""
+"Analyze <a href=\"%(pdf)s\">Breaking and Improving Protocol "
+"Obfuscation</a>\n"
+"and see how transport-layer padding may improve things."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:2
+msgid "NTCP (NIO-based TCP)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:3
+msgid "November 2014"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:6
+#, python-format
+msgid ""
+"NTCP is one of two <a href=\"%(transports)s\">transports</a> currently "
+"implemented in I2P.\n"
+"The other is <a href=\"%(ssu)s\">SSU</a>.\n"
+"NTCP is a Java NIO-based transport introduced in I2P release 0.6.1.22.\n"
+"Java NIO (new I/O) does not suffer from the 1 thread per connection "
+"issues of the old TCP transport.\n"
+"NTCP-over-IPv6 is supported as of version 0.9.8."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:14
+msgid ""
+"By default, NTCP uses the IP/Port\n"
+"auto-detected by SSU. When enabled on config.jsp,\n"
+"SSU will notify/restart NTCP when the external address changes\n"
+"or when the firewall status changes.\n"
+"Now you can enable inbound TCP without a static IP or dyndns service."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:22
+msgid ""
+"The NTCP code within I2P is relatively lightweight (1/4 the size of the "
+"SSU code)\n"
+"because it uses the underlying Java TCP transport for reliable delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:28
+#: i2p2www/pages/site/docs/transport/ssu.html:39
+msgid "Router Address Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:30
+#: i2p2www/pages/site/docs/transport/ssu.html:41
+msgid "The following properties are stored in the network database."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:44
+msgid "NTCP Protocol Specification"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:46
+msgid "Standard Message Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:47
+msgid ""
+"After establishment,\n"
+"the NTCP transport sends individual I2NP messages, with a simple "
+"checksum.\n"
+"The unencrypted message is encoded as follows:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:65
+msgid ""
+"The data is then AES/256/CBC encrypted. The session key for the "
+"encryption\n"
+"is negotiated during establishment (using Diffie-Hellman 2048 bit).\n"
+"The establishment between two routers is implemented in the "
+"EstablishState class\n"
+"and detailed below.\n"
+"The IV for AES/256/CBC encryption is the last 16 bytes of the previous "
+"encrypted message."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:73
+msgid ""
+"0-15 bytes of padding are required to bring the total message length\n"
+"(including the six size and checksum bytes) to a multiple of 16.\n"
+"The maximum message size is currently 16 KB.\n"
+"Therefore the maximum data size is currently 16 KB - 6, or 16378 bytes.\n"
+"The minimum data size is 1."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:81
+msgid "Time Sync Message Format"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:82
+msgid ""
+"One special case is a metadata message where the sizeof(data) is 0.  In\n"
+"that case, the unencrypted message is encoded as:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:93
+msgid ""
+"Total length: 16 bytes. The time sync message is sent at approximately 15"
+" minute intervals.\n"
+"The message is encrypted just as standard messages are."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:99
+msgid "Checksums"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:100
+#, python-format
+msgid ""
+"The standard and time sync messages use the Adler-32 checksum\n"
+"as defined in the <a href=\"%(rfc1950)s\">ZLIB Specification</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:106
+#: i2p2www/pages/site/docs/transport/ssu.html:177
+msgid "Idle Timeout"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:107
+#: i2p2www/pages/site/docs/transport/ssu.html:178
+msgid ""
+"Idle timeout and connection close is at the discretion of each endpoint "
+"and may vary.\n"
+"The current implementation lowers the timeout as the number of "
+"connections approaches the\n"
+"configured maximum, and raises the timeout when the connection count is "
+"low.\n"
+"The recommended minimum timeout is two minutes or more, and the "
+"recommended\n"
+"maximum timeout is ten minutes or more."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:116
+msgid "RouterInfo Exchange"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:117
+msgid ""
+"After establishment, and every 30-60 minutes thereafter,\n"
+"the two routers should generally exchange RouterInfos using a "
+"DatabaseStoreMessage.\n"
+"However, Alice should check if the first queued message is a "
+"DatabaseStoreMessage\n"
+"so as not to send a duplicate message; this is often the case when "
+"connecting to a floodfill router."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:125
+msgid "Establishment Sequence"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:126
+msgid ""
+"In the establish state, there is a 4-phase message sequence to exchange "
+"DH keys and signatures.\n"
+"In the first two messages there is a 2048-bit Diffie Hellman exchange.\n"
+"Then, signatures of the critical data are exchanged to confirm the "
+"connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:142
+msgid "Legend:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:143
+msgid "256 byte DH public keys"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:147
+msgid "timestamps (4 bytes, seconds since epoch)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:148
+msgid "32 byte Session key"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:149
+msgid "2 byte size of Alice identity to follow"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:152
+msgid "DH Key Exchange"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:153
+#, python-format
+msgid ""
+"The initial 2048-bit DH key exchange\n"
+"uses the same shared prime (p) and generator (g) as that used for I2P's\n"
+"<a href=\"%(cryptography)s#elgamal\">ElGamal encryption</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:159
+msgid ""
+"The DH key exchange consists of a number of steps, displayed below.\n"
+"The mapping between these steps and the messages sent between I2P "
+"routers,\n"
+"is marked in bold."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:165
+msgid ""
+"Alice generates a secret integer x. She then calculates <code>X = g^x mod"
+" p</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:166
+msgid "Alice sends X to Bob <b>(Message 1)</b>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:167
+msgid ""
+"Bob generates a secret integer y. He then calculates <code>Y = g^y mod "
+"p</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:168
+msgid "Bob sends Y to Alice.<b>(Message 2)</b>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:169
+msgid "Alice can now compute <code>sessionKey = Y^x mod p</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:170
+msgid "Bob can now compute <code>sessionKey = X^y mod p</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:171
+msgid ""
+"Both Alice and Bob now have a shared key <code>sessionKey = g^(x*y) mod "
+"p</code>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:173
+#, python-format
+msgid ""
+"The sessionKey is then used to exchange identities in <b>Message 3</b> "
+"and <b>Message 4</b>.\n"
+"The exponent (x and y) length for the DH exchange is documented on the\n"
+"<a href=\"%(crypto)s#exponent\">cryptography page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:193
+msgid "Message 1 (Session Request)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:194
+#, python-format
+msgid ""
+"This is the DH request. Alice already has Bob's\n"
+"<a href=\"%(commonstructures)s#struct_RouterIdentity\">Router "
+"Identity</a>,\n"
+"IP address, and port, as contained in his\n"
+"<a href=\"%(commonstructures)s#struct_RouterInfo\">Router Info</a>,\n"
+"which was published to the\n"
+"<a href=\"%(netdb)s\">network database</a>.\n"
+"Alice sends Bob:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:207
+#: i2p2www/pages/site/docs/transport/ntcp.html:250
+#: i2p2www/pages/site/docs/transport/ntcp.html:332
+#: i2p2www/pages/site/docs/transport/ntcp.html:437
+msgid "Size:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:209
+msgid "Contents:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:227
+msgid "256 byte X from Diffie Hellman"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:229
+msgid "SHA256 Hash(X) xored with SHA256 Hash(Bob's `RouterIdentity`)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:236
+#: i2p2www/pages/site/docs/transport/ntcp.html:319
+#: i2p2www/pages/site/docs/transport/ntcp.html:398
+msgid "Notes:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:237
+msgid ""
+"Bob verifies HXxorHI using his own router hash. If it does not verify,\n"
+"Alice has contacted the wrong router, and Bob drops the connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:243
+msgid "Message 2 (Session Created)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:244
+msgid "This is the DH reply. Bob sends Alice:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:252
+#: i2p2www/pages/site/docs/transport/ntcp.html:334
+#: i2p2www/pages/site/docs/transport/ntcp.html:439
+msgid "Unencrypted Contents:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:274
+#: i2p2www/pages/site/docs/transport/ntcp.html:310
+msgid "256 byte Y from Diffie Hellman"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:276
+msgid "SHA256 Hash(X concatenated with Y)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:279
+#: i2p2www/pages/site/docs/transport/ntcp.html:364
+msgid "4 byte timestamp (seconds since the epoch)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:281
+msgid "12 bytes random data"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:285
+#: i2p2www/pages/site/docs/transport/ntcp.html:376
+#: i2p2www/pages/site/docs/transport/ntcp.html:466
+msgid "Encrypted Contents:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:312
+#, python-format
+msgid ""
+"48 bytes <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH "
+"session key and\n"
+"                  the last 16 bytes of Y as the IV"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:320
+msgid ""
+"Alice may drop the connection if the clock skew with Bob is too high as "
+"calculated using tsB."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:325
+msgid "Message 3 (Session Confirm A)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:326
+msgid ""
+"This contains Alice's router identity, and a signature of the critical "
+"data. Alice sends Bob:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:360
+msgid "2 byte size of Alice's router identity to follow (387+)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:362
+msgid "Alice's 387+ byte `RouterIdentity`"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:366
+#: i2p2www/pages/site/docs/transport/ntcp.html:461
+msgid "0-15 bytes random data"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:368
+msgid ""
+"the `Signature` of the following concatenated data:\n"
+"             X, Y, Bob's `RouterIdentity`, tsA, tsB.\n"
+"             Alice signs it with the `SigningPrivateKey` associated with "
+"the `SigningPublicKey` in her `RouterIdentity`"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:389
+#, python-format
+msgid ""
+"448 bytes <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH"
+" session key and\n"
+"                  the last 16 bytes of HXxorHI (i.e., the last 16 bytes "
+"of message #1) as the IV"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:400
+msgid "Bob verifies the signature, and on failure, drops the connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:403
+msgid ""
+"Bob may drop the connection if the clock skew with Alice is too high as "
+"calculated using tsA."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:406
+msgid ""
+"Alice will use the last 16 bytes of the encrypted contents of this "
+"message as the IV for the next message."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:430
+msgid "Message 4 (Session Confirm B)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:431
+msgid "This is a signature of the critical data. Bob sends Alice:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:455
+msgid ""
+"the `Signature` of the following concatenated data:\n"
+"             X, Y, Alice's `RouterIdentity`, tsA, tsB.\n"
+"             Bob signs it with the `SigningPrivateKey` associated with "
+"the `SigningPublicKey` in his `RouterIdentity`"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:479
+#, python-format
+msgid ""
+"Data <a href=\"%(cryptography)s#AES\">AES encrypted</a> using the DH "
+"session key and\n"
+"                  the last 16 bytes of the encrypted contents of message "
+"#2 as the IV\n"
+"                  48 bytes for a DSA signature, may vary for other "
+"signature types"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:488
+msgid "Alice verifies the signature, and on failure, drops the connection."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:491
+msgid ""
+"Bob will use the last 16 bytes of the encrypted contents of this message "
+"as the IV for the next message."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:506
+msgid "After Establishment"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:507
+msgid ""
+"The connection is established, and standard or time sync messages may be "
+"exchanged.\n"
+"All subsequent messages are AES encrypted using the negotiated DH session"
+" key.\n"
+"Alice will use the last 16 bytes of the encrypted contents of message #3 "
+"as the next IV.\n"
+"Bob will use the last 16 bytes of the encrypted contents of message #4 as"
+" the next IV."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:516
+msgid "Check Connection Message"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:517
+msgid ""
+"Alternately, when Bob receives a connection, it could be a\n"
+"check connection (perhaps prompted by Bob asking for someone\n"
+"to verify his listener).\n"
+"Check Connection is not currently used.\n"
+"However, for the record, check connections are formatted as follows.\n"
+"A check info connection will receive 256 bytes containing:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:526
+msgid "32 bytes of uninterpreted, ignored data"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:527
+msgid "1 byte size"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:528
+msgid ""
+"that many bytes making up the local router's IP address (as reached by "
+"the remote side)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:529
+msgid "2 byte port number that the local router was reached on"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:530
+msgid ""
+"4 byte i2p network time as known by the remote side (seconds since the "
+"epoch)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:531
+msgid "uninterpreted padding data, up to byte 223"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:532
+msgid ""
+"xor of the local router's identity hash and the SHA256 of bytes 32 "
+"through bytes 223"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:535
+msgid "Check connection is completely disabled as of release 0.9.12."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:539
+msgid "Discussion"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:540
+#, python-format
+msgid "Now on the <a href=\"%(ntcpdisc)s\">NTCP Discussion Page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:546
+msgid "The maximum message size should be increased to approximately 32 KB."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:550
+msgid ""
+"A set of fixed packet sizes may be appropriate to further hide the data \n"
+"fragmentation to external adversaries, but the tunnel, garlic, and end to"
+" \n"
+"end padding should be sufficient for most needs until then.\n"
+"However, there is currently no provision for padding beyond the next "
+"16-byte boundary,\n"
+"to create a limited number of message sizes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:558
+msgid ""
+"Memory utilization (including that of the kernel) for NTCP should be "
+"compared to that for SSU."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ntcp.html:562
+msgid ""
+"Can the establishment messages be randomly padded somehow, to frustrate\n"
+"identification of I2P traffic based on initial packet sizes?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:2
+msgid "Secure Semireliable UDP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:3
+msgid "October 2016"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:7
+#, python-format
+msgid ""
+"SSU (also called \"UDP\" in much of the I2P documentation and user "
+"interfaces)\n"
+"is one of two <a href=\"%(transports)s\">transports</a> currently "
+"implemented in I2P.\n"
+"The other is <a href=\"%(ntcp)s\">NTCP</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:13
+msgid ""
+"SSU is the newer of the two transports,\n"
+"introduced in I2P release 0.6.\n"
+"In a standard I2P installation, the router uses both NTCP and SSU for "
+"outbound connections.\n"
+"SSU-over-IPv6 is supported as of version 0.9.8."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:20
+msgid ""
+"SSU is called \"semireliable\" because it will repeatedly retransmit "
+"unacknowledged messages,\n"
+"but only up to a maximum number of times. After that, the message is "
+"dropped."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:25
+msgid "SSU Services"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:27
+msgid ""
+"Like the NTCP transport, SSU provides reliable, encrypted, connection-"
+"oriented, point-to-point data transport.\n"
+"Unique to SSU, it also provides IP detection and NAT traversal services, "
+"including:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:33
+msgid ""
+"Cooperative NAT/Firewall traversal using <a "
+"href=\"#introduction\">introducers</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:34
+msgid ""
+"Local IP detection by inspection of incoming packets and <a "
+"href=\"#peerTesting\">peer testing</a>"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:35
+msgid ""
+"Communication of firewall status and local IP, and changes to either to "
+"NTCP"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:47
+#: i2p2www/pages/site/docs/transport/ssu.html:54
+#: i2p2www/pages/site/docs/transport/ssu.html:55
+#: i2p2www/pages/site/docs/transport/ssu.html:57
+#: i2p2www/pages/site/docs/transport/ssu.html:60
+#: i2p2www/pages/site/docs/transport/ssu.html:61
+#: i2p2www/pages/site/docs/transport/ssu.html:67
+msgid "See below"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:74
+msgid "Protocol Details"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:76
+msgid "Congestion control"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:78
+msgid ""
+"SSU's need for only semireliable delivery, TCP-friendly operation,\n"
+"and the capacity for high throughput allows a great deal of latitude in\n"
+"congestion control.  The congestion control algorithm outlined below is\n"
+"meant to be both efficient in bandwidth as well as simple to implement."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:85
+msgid ""
+"Packets are scheduled according to the router's policy, taking care\n"
+"not to exceed the router's outbound capacity or to exceed the measured \n"
+"capacity of the remote peer.  The measured capacity operates along the\n"
+"lines of TCP's slow start and congestion avoidance, with additive "
+"increases\n"
+"to the sending capacity and multiplicative decreases in face of "
+"congestion.\n"
+"Unlike for TCP, routers may give up on some messages after\n"
+"a given period or number of retransmissions while continuing to transmit"
+" \n"
+"other messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:96
+msgid ""
+"The congestion detection techniques vary from TCP as well, since each \n"
+"message has its own unique and nonsequential identifier, and each message"
+"\n"
+"has a limited size - at most, 32KB.  To efficiently transmit this "
+"feedback\n"
+"to the sender, the receiver periodically includes a list of fully ACKed \n"
+"message identifiers and may also include bitfields for partially received"
+"\n"
+"messages, where each bit represents the reception of a fragment.  If \n"
+"duplicate fragments arrive, the message should be ACKed again, or if the\n"
+"message has still not been fully received, the bitfield should be \n"
+"retransmitted with any new updates."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:108
+msgid ""
+"The current implementation does not pad the packets to\n"
+"any particular size, but instead just places a single message fragment "
+"into\n"
+"a packet and sends it off (careful not to exceed the MTU)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:115
+msgid ""
+"As of router version 0.8.12,\n"
+"two MTU values are used for IPv4: 620 and 1484.\n"
+"The MTU value is adjusted based on the percentage of packets that are "
+"retransmitted."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:121
+msgid ""
+"For both MTU values, it is desirable that (MTU &#37; 16) == 12, so that\n"
+"the payload portion after the 28-byte IP/UDP header is a multiple of\n"
+"16 bytes, for encryption purposes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:127
+msgid ""
+"For the small MTU value, it is desirable to pack a 2646-byte\n"
+"Variable Tunnel Build Message efficiently into multiple packets;\n"
+"with a 620-byte MTU, it fits into 5 packets with nicely."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:133
+msgid ""
+"Based on measurements, 1492 fits nearly all reasonably small I2NP "
+"messages\n"
+"(larger I2NP messages may be up to 1900 to 4500 bytes, which isn't going "
+"to fit\n"
+"into a live network MTU anyway)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:139
+msgid ""
+"The MTU values were 608 and 1492 for releases 0.8.9 - 0.8.11.\n"
+"The large MTU was 1350 prior to release 0.8.9."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:144
+msgid ""
+"The maximum receive packet size\n"
+"is 1571 bytes as of release 0.8.12.\n"
+"For releases 0.8.9 - 0.8.11 it was 1535 bytes.\n"
+"Prior to release 0.8.9 it was 2048 bytes."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:151
+msgid ""
+"As of release 0.9.2, if a router's network interface MTU is less than "
+"1484,\n"
+"it will publish that in the network database, and other routers should\n"
+"honor that when a connection is established."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:157
+msgid ""
+"For IPv6, the minimum MTU is 1280. The IPv6 IP/UDP header is 48 bytes,\n"
+"so we use an MTU where (MTN &#37; 16 == 0), which is true for 1280.\n"
+"The maximum IPv6 MTU is 1488.\n"
+" (max was 1472 prior to version 0.9.28)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:164
+msgid "Message Size Limits"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:165
+msgid ""
+"While the maximum message size is nominally 32KB, the practical\n"
+"limit differs. The protocol limits the number of fragments to 7 bits, or "
+"128.\n"
+"The current implementation, however, limits each message to a maximum of "
+"64 fragments,\n"
+"which is sufficient for 64 * 534 = 33.3 KB when using the 608 MTU.\n"
+"Due to overhead for bundled LeaseSets and session keys, the practical "
+"limit\n"
+"at the application level is about 6KB lower, or about 26KB.\n"
+"Further work is necessary to raise the UDP transport limit above 32KB.\n"
+"For connections using the larger MTU, larger messages are possible."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:187
+msgid "Keys"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:189
+msgid ""
+"All encryption used is AES256/CBC with 32 byte keys and 16 byte IVs.\n"
+"When Alice originates a session with Bob,\n"
+"the MAC and session keys are negotiated as part of the DH exchange, and "
+"are then used\n"
+"for the HMAC and encryption, respectively.  During the DH exchange, \n"
+"Bob's publicly knowable introKey is used for the MAC and encryption."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:197
+msgid ""
+"Both the initial message and the subsequent\n"
+"reply use the introKey of the responder (Bob) - the responder does \n"
+"not need to know the introKey of the requester (Alice).  The DSA \n"
+"signing key used by Bob should already be known to Alice when she \n"
+"contacts him, though Alice's DSA key may not already be known by \n"
+"Bob."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:206
+msgid ""
+"Upon receiving a message, the receiver checks the \"from\" IP address and"
+" port\n"
+"with all established sessions - if there are matches,\n"
+"that session's MAC keys are tested in the HMAC.  If none\n"
+"of those verify or if there are no matching IP addresses, the \n"
+"receiver tries their introKey in the MAC.  If that does not verify,\n"
+"the packet is dropped.  If it does verify, it is interpreted \n"
+"according to the message type, though if the receiver is overloaded,\n"
+"it may be dropped anyway."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:217
+msgid ""
+"If Alice and Bob have an established session, but Alice loses the \n"
+"keys for some reason and she wants to contact Bob, she may at any \n"
+"time simply establish a new session through the SessionRequest and\n"
+"related messages.  If Bob has lost the key but Alice does not know\n"
+"that, she will first attempt to prod him to reply, by sending a \n"
+"DataMessage with the wantReply flag set, and if Bob continually \n"
+"fails to reply, she will assume the key is lost and reestablish a \n"
+"new one."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:228
+#, python-format
+msgid ""
+"For the DH key agreement,\n"
+"<a href=\"%(rfc3526)s\">RFC3526</a> 2048bit\n"
+"MODP group (#14) is used:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:238
+#, python-format
+msgid ""
+"These are the same p and g used for I2P's\n"
+"<a href=\"%(cryptography)s#elgamal\">ElGamal encryption</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:243
+msgid "Replay prevention"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:245
+msgid ""
+"Replay prevention at the SSU layer occurs by rejecting packets \n"
+"with exceedingly old timestamps or those which reuse an IV.  To\n"
+"detect duplicate IVs, a sequence of Bloom filters are employed to\n"
+"\"decay\" periodically so that only recently added IVs are detected."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:252
+msgid ""
+"The messageIds used in DataMessages are defined at layers above\n"
+"the SSU transport and are passed through transparently.  These IDs\n"
+"are not in any particular order - in fact, they are likely to be\n"
+"entirely random.  The SSU layer makes no attempt at messageId \n"
+"replay prevention - higher layers should take that into account."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:260
+msgid "Addressing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:262
+msgid ""
+"To contact an SSU peer, one of two sets of information is necessary:\n"
+"a direct address, for when the peer is publicly reachable, or an\n"
+"indirect address, for using a third party to introduce the peer.\n"
+"There is no restriction on the number of addresses a peer may have."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:274
+msgid ""
+"Each of the addresses may also expose a series of options - special\n"
+"capabilities of that particular peer.  For a list of available\n"
+"capabilities, see <a href=\"#capabilities\">below</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:280
+#, python-format
+msgid ""
+"The addresses, options, and capabilities are published in the <a "
+"href=\"%(netdb)s\">network database</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:285
+msgid "Direct Session Establishment"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:286
+msgid ""
+"Direct session establishment is used when no third party is required for "
+"NAT traversal.\n"
+"The message sequence is as follows:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:291
+msgid "Connection establishment (direct)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:292
+msgid ""
+"Alice connects directly to Bob.\n"
+"IPv6 is supported as of version 0.9.8."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:307
+#, python-format
+msgid ""
+"After the SessionConfirmed message is received, Bob sends a small\n"
+"<a href=\"%(i2npspec)s#msg_DeliveryStatus\">DeliveryStatus message</a>\n"
+"as a confirmation.\n"
+"In this message, the 4-byte message ID is set to a random number, and the"
+"\n"
+"8-byte \"arrival time\" is set to the current network-wide ID, which is 2"
+"\n"
+"(i.e. 0x0000000000000002)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:316
+#, python-format
+msgid ""
+"After the status message is sent, the peers usually exchange\n"
+"<a href=\"%(i2npspec)s#msg_DatabaseStore\">DatabaseStore messages</a>\n"
+"containing their\n"
+"<a href=\"%(commonstructures)s#struct_RouterInfo\">RouterInfos</a>,\n"
+"however, this is not required."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:325
+msgid ""
+"It does not appear that the type of the status message or its contents "
+"matters.\n"
+"It was originally added becasue the DatabaseStore message was delayed\n"
+"several seconds; since the store is now sent immediately, perhaps\n"
+"the status message can be eliminated."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:334
+msgid ""
+"Introduction keys are delivered through an external channel \n"
+"(the network database, where they are identical to the router Hash for "
+"now)\n"
+"and must be used when establishing a session key.  For the indirect\n"
+"address, the peer must first contact the relayhost and ask them for\n"
+"an introduction to the peer known at that relayhost under the given\n"
+"tag.  If possible, the relayhost sends a message to the addressed\n"
+"peer telling them to contact the requesting peer, and also gives \n"
+"the requesting peer the IP and port on which the addressed peer is\n"
+"located.  In addition, the peer establishing the connection must \n"
+"already know the public keys of the peer they are connecting to (but\n"
+"not necessary to any intermediary relay peer)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:348
+msgid ""
+"Indirect session establishment by means of a third party introduction\n"
+"is necessary for efficient NAT traversal.  Charlie, a router behind a\n"
+"NAT or firewall which does not allow unsolicited inbound UDP packets,\n"
+"first contacts a few peers, choosing some to serve as introducers.  Each\n"
+"of these peers (Bob, Bill, Betty, etc) provide Charlie with an "
+"introduction\n"
+"tag - a 4 byte random number - which he then makes available to the "
+"public\n"
+"as methods of contacting him.  Alice, a router who has Charlie's "
+"published\n"
+"contact methods, first sends a RelayRequest packet to one or more of the"
+" \n"
+"introducers, asking each to introduce her to Charlie (offering the \n"
+"introduction tag to identify Charlie).  Bob then forwards a RelayIntro\n"
+"packet to Charlie including Alice's public IP and port number, then sends"
+"\n"
+"Alice back a RelayResponse packet containing Charlie's public IP and port"
+"\n"
+"number.  When Charlie receives the RelayIntro packet, he sends off a "
+"small\n"
+"random packet to Alice's IP and port (poking a hole in his NAT/firewall),"
+"\n"
+"and when Alice receives Bob's RelayResponse packet, she begins a new \n"
+"full direction session establishment with the specified IP and port."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:375
+msgid "Connection establishment (indirect using an introducer)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:377
+msgid "Alice first connects to introducer Bob, who relays the request to Charlie."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:395
+msgid ""
+"After the hole punch, the session is established between Alice and "
+"Charlie as in a direct establishment."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:407
+msgid "Peer testing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:409
+msgid ""
+"The automation of collaborative reachability testing for peers is\n"
+"enabled by a sequence of PeerTest messages.  With its proper \n"
+"execution, a peer will be able to determine their own reachability\n"
+"and may update its behavior accordingly.  The testing process is \n"
+"quite simple:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:428
+msgid ""
+"Each of the PeerTest messages carry a nonce identifying the\n"
+"test series itself, as initialized by Alice.  If Alice doesn't \n"
+"get a particular message that she expects, she will retransmit\n"
+"accordingly, and based upon the data received or the messages\n"
+"missing, she will know her reachability.  The various end states\n"
+"that may be reached are as follows:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:438
+msgid ""
+"If she doesn't receive a response from Bob, she will retransmit\n"
+"up to a certain number of times, but if no response ever arrives,\n"
+"she will know that her firewall or NAT is somehow misconfigured, \n"
+"rejecting all inbound UDP packets even in direct response to an\n"
+"outbound packet.  Alternately, Bob may be down or unable to get \n"
+"Charlie to reply."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:447
+msgid ""
+"If Alice doesn't receive a PeerTest message with the \n"
+"expected nonce from a third party (Charlie), she will retransmit\n"
+"her initial request to Bob up to a certain number of times, even\n"
+"if she has received Bob's reply already.  If Charlie's first message \n"
+"still doesn't get through but Bob's does, she knows that she is\n"
+"behind a NAT or firewall that is rejecting unsolicited connection\n"
+"attempts and that port forwarding is not operating properly (the\n"
+"IP and port that Bob offered up should be forwarded)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:458
+msgid ""
+"If Alice receives Bob's PeerTest message and both of Charlie's\n"
+"PeerTest messages but the enclosed IP and port numbers in Bob's \n"
+"and Charlie's second messages don't match, she knows that she is \n"
+"behind a symmetric NAT, rewriting all of her outbound packets with\n"
+"different 'from' ports for each peer contacted.  She will need to\n"
+"explicitly forward a port and always have that port exposed for \n"
+"remote connectivity, ignoring further port discovery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:468
+msgid ""
+"If Alice receives Charlie's first message but not his second,\n"
+"she will retransmit her PeerTest message to Charlie up to a \n"
+"certain number of times, but if no response is received she knows\n"
+"that Charlie is either confused or no longer online."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:476
+msgid ""
+"Alice should choose Bob arbitrarily from known peers who seem\n"
+"to be capable of participating in peer tests.  Bob in turn should\n"
+"choose Charlie arbitrarily from peers that he knows who seem to be\n"
+"capable of participating in peer tests and who are on a different\n"
+"IP from both Bob and Alice.  If the first error condition occurs\n"
+"(Alice doesn't get PeerTest messages from Bob), Alice may decide\n"
+"to designate a new peer as Bob and try again with a different nonce."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:486
+msgid ""
+"Alice's introduction key is included in all of the PeerTest \n"
+"messages so that she doesn't need to already have an established\n"
+"session with Bob and so that Charlie can contact her without knowing\n"
+"any additional information.  Alice may go on to establish a session\n"
+"with either Bob or Charlie, but it is not required."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:514
+msgid "Transmission window, ACKs and Retransmissions"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:515
+#, python-format
+msgid ""
+"The DATA message may contain ACKs of full messages and\n"
+"partial ACKs of individual fragments of a message. See\n"
+"the data message section of\n"
+"<a href=\"%(ssuspec)s\">the protocol specification page</a>\n"
+"for details."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:523
+#, python-format
+msgid ""
+"The details of windowing, ACK, and retransmission strategies are not "
+"specified\n"
+"here. See the Java code for the current implementation.\n"
+"During the establishment phase, and for peer testing, routers\n"
+"should implement exponential backoff for retransmission.\n"
+"For an established connection, routers should implement\n"
+"an adjustable transmission window, RTT estimate and timeout, similar to "
+"TCP\n"
+"or <a href=\"%(streaming)s\">streaming</a>.\n"
+"See the code for initial, min and max parameters."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:535
+msgid "Security"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:536
+msgid ""
+"UDP source addresses may, of course, be spoofed.\n"
+"Additionally, the IPs and ports contained inside specific\n"
+"SSU messages (RelayRequest, RelayResponse, RelayIntro, PeerTest)\n"
+"may not be legitimate.\n"
+"Also, certain actions and responses may need to be rate-limited."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:544
+msgid ""
+"The details of validation are not specified\n"
+"here. Implementers should add defenses where appropriate."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:550
+msgid "Peer capabilities"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:554
+msgid ""
+"If the peer address contains the 'B' capability, that means \n"
+"they are willing and able to participate in peer tests as\n"
+"a 'Bob' or 'Charlie'."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:566
+msgid ""
+"If the peer address contains the 'C' capability, that means\n"
+"they are willing and able to serve as an introducer - serving\n"
+"as a Bob for an otherwise unreachable Alice."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:575
+msgid ""
+"Analysis of current SSU performance, including assessment of window size "
+"adjustment\n"
+"and other parameters, and adjustment of the protocol implementation to "
+"improve\n"
+"performance, is a topic for future work."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:581
+msgid ""
+"The current implementation repeatedly sends acknowledgments for the same "
+"packets,\n"
+"which unnecessarily increases overhead."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:586
+msgid ""
+"The default small MTU value of 620 should be analyzed and possibly "
+"increased.\n"
+"The current MTU adjustment strategy should be evaluated.\n"
+"Does a streaming lib 1730-byte packet fit in 3 small SSU packets? "
+"Probably not."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:592
+msgid "The protocol should be extended to exchange MTUs during the setup."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:596
+msgid "Rekeying is currently unimplemented and may never be."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:600
+msgid ""
+"The potential use of the 'challenge' fields in RelayIntro and "
+"RelayResponse,\n"
+"and use of the padding field in SessionRequest and SessionCreated, is "
+"undocumented."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:605
+msgid ""
+"Instead of a single fragment per packet, a more efficient\n"
+"strategy may be to bundle multiple message fragments into the same "
+"packet,\n"
+"so long as it doesn't exceed the MTU."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:611
+msgid ""
+"A set of fixed packet sizes may be appropriate to further hide the data \n"
+"fragmentation to external adversaries, but the tunnel, garlic, and end to"
+" \n"
+"end padding should be sufficient for most needs until then."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:617
+msgid ""
+"Why are introduction keys the same as the router hash, should it be "
+"changed, would there be any benefit?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:621
+msgid "Capacities appear to be unused."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:625
+msgid ""
+"Signed-on times in SessionCreated and SessionConfirmed appear to be "
+"unused or unverified."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:630
+msgid "Implementation Diagram"
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:631
+msgid ""
+"This diagram\n"
+"should accurately reflect the current implementation, however there may "
+"be small differences."
+msgstr ""
+
+#: i2p2www/pages/site/docs/transport/ssu.html:639
+msgid "Now on the SSU specification page"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:2
+msgid "Tunnel Implementation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:3
+msgid "October 2010"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:7
+msgid "This page documents the current tunnel implementation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:9
+msgid "Tunnel overview"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:11
+msgid ""
+"Within I2P, messages are passed in one direction through a virtual\n"
+"tunnel of peers, using whatever means are available to pass the \n"
+"message on to the next hop.  Messages arrive at the tunnel's \n"
+"</i>gateway</i>, get bundled up and/or fragmented into fixed-size tunnel "
+"messages, \n"
+"and are forwarded on to the next hop in the tunnel, which processes and "
+"verifies\n"
+"the validity of the message and sends it on to the next hop, and so on, "
+"until\n"
+"it reaches the tunnel endpoint.  That <i>endpoint</i> takes the messages\n"
+"bundled up by the gateway and forwards them as instructed - either\n"
+"to another router, to another tunnel on another router, or locally."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:23
+msgid ""
+"Tunnels all work the same, but can be segmented into two different\n"
+"groups - inbound tunnels and outbound tunnels.  The inbound tunnels\n"
+"have an untrusted gateway which passes messages down towards the \n"
+"tunnel creator, which serves as the tunnel endpoint.  For outbound \n"
+"tunnels, the tunnel creator serves as the gateway, passing messages\n"
+"out to the remote endpoint."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:32
+msgid ""
+"The tunnel's creator selects exactly which peers will participate\n"
+"in the tunnel, and provides each with the necessary configuration\n"
+"data.  They may have any number of hops.\n"
+"It is the intent to make\n"
+"it hard for either participants or third parties to determine the length "
+"of \n"
+"a tunnel, or even for colluding participants to determine whether they "
+"are a\n"
+"part of the same tunnel at all (barring the situation where colluding "
+"peers are\n"
+"next to each other in the tunnel)."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:43
+msgid ""
+"In practice, a series of tunnel pools are used for different\n"
+"purposes - each local client destination has its own set of inbound\n"
+"tunnels and outbound tunnels, configured to meet its anonymity and\n"
+"performance needs.  In addition, the router itself maintains a series\n"
+"of pools for participating in the network database and for managing\n"
+"the tunnels themselves."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:52
+msgid ""
+"I2P is an inherently packet switched network, even with these \n"
+"tunnels, allowing it to take advantage of multiple tunnels running \n"
+"in parallel, increasing resilience and balancing load.  Outside of\n"
+"the core I2P layer, there is an optional end to end streaming library \n"
+"available for client applications, exposing TCP-esque operation,\n"
+"including message reordering, retransmission, congestion control, etc."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:61
+#, python-format
+msgid ""
+"An overview of I2P tunnel terminology is\n"
+"<a href=\"%(tunnelrouting)s\">on the tunnel overview page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:66
+msgid "Tunnel Operation (Message Processing)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:69
+#, python-format
+msgid ""
+"After a tunnel is built, <a href=\"%(i2np)s\">I2NP messages</a> are "
+"processed and passed through it.\n"
+"Tunnel operation has four distinct processes, taken on by various \n"
+"peers in the tunnel."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:75
+msgid ""
+"First, the tunnel gateway accumulates a number\n"
+"of I2NP messages and preprocesses them into tunnel messages for\n"
+"delivery."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:80
+msgid ""
+"Next, that gateway encrypts that preprocessed data, then\n"
+"forwards it to the first hop."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:84
+msgid ""
+"That peer, and subsequent tunnel \n"
+"participants, unwrap a layer of the encryption, verifying that it isn't\n"
+"a duplicate, then forward it on to the next peer."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:89
+msgid ""
+"Eventually, the tunnel messages arrive at the endpoint where the I2NP "
+"messages\n"
+"originally bundled by the gateway are reassembled and forwarded on as \n"
+"requested."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:96
+msgid ""
+"Intermediate tunnel participants do not know whether they are in an\n"
+"inbound or an outbound tunnel; they always \"encrypt\" for the next hop.\n"
+"Therefore, we take advantage of symmetric AES encryption\n"
+"to \"decrypt\" at the outbound tunnel gateway,\n"
+"so that the plaintext is revealed at the outbound endpoint."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:110
+msgid "Role"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:111
+msgid "Preprocessing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:112
+msgid "Encryption Operation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:113
+msgid "Postprocessing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:117
+msgid "Outbound Gateway (Creator)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:118
+#: i2p2www/pages/site/docs/tunnels/implementation.html:141
+msgid "Fragment, Batch, and Pad"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:119
+msgid "Iteratively encrypt (using decryption operations)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:120
+#: i2p2www/pages/site/docs/tunnels/implementation.html:127
+#: i2p2www/pages/site/docs/tunnels/implementation.html:143
+#: i2p2www/pages/site/docs/tunnels/implementation.html:150
+msgid "Forward to next hop"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:124
+#: i2p2www/pages/site/docs/tunnels/implementation.html:147
+msgid "Participant"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:126
+msgid "Decrypt (using an encryption operation)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:133
+msgid "Decrypt (using an encryption operation) to reveal plaintext tunnel message"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:134
+msgid "Reassemble Fragments, Forward as instructed to Inbound Gateway or Router"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:142
+#: i2p2www/pages/site/docs/tunnels/implementation.html:149
+msgid "Encrypt"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:154
+msgid "Inbound Endpoint (Creator)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:156
+msgid "Iteratively decrypt to reveal plaintext tunnel message"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:157
+msgid "Reassemble Fragments, Receive data"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:163
+msgid "Gateway Processing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:164
+msgid "Message Preprocessing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:166
+#, python-format
+msgid ""
+"A tunnel gateway's function is to fragment and pack\n"
+"<a href=\"%(i2np)s\">I2NP messages</a> into fixed-size\n"
+"<a href=\"%(tunnelmessage)s\">tunnel messages</a>\n"
+"and encrypt the tunnel messages.\n"
+"Tunnel messages contain the following:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:174
+msgid "A 4 byte Tunnel ID"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:175
+msgid "A 16 byte IV (initialization vector)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:176
+msgid "A checksum"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:177
+msgid "Padding, if necessary"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:178
+msgid "One or more { delivery instruction, I2NP message fragment } pairs"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:181
+msgid ""
+"Tunnel IDs are 4 byte numbers used at each hop - participants know what\n"
+"tunnel ID to listen for messages with and what tunnel ID they should be "
+"forwarded\n"
+"on as to the next hop, and each hop chooses the tunnel ID which they "
+"receive messages\n"
+"on.  Tunnels themselves are short-lived (10 minutes).\n"
+"Even if subsequent tunnels are built using the same sequence of \n"
+"peers, each hop's tunnel ID will change."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:190
+msgid ""
+"To prevent adversaries from tagging the messages along the path by "
+"adjusting\n"
+"the message size, all tunnel messages are a fixed 1024 bytes in size.  To"
+" accommodate \n"
+"larger I2NP messages as well as to support smaller ones more efficiently,"
+" the\n"
+"gateway splits up the larger I2NP messages into fragments contained "
+"within each\n"
+"tunnel message.  The endpoint will attempt to rebuild the I2NP message "
+"from the\n"
+"fragments for a short period of time, but will discard them as necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:199
+#, python-format
+msgid ""
+"Details are in the\n"
+"<a href=\"%(tunnelmessage)s\">tunnel message specification</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:205
+msgid "Gateway Encryption"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:207
+msgid ""
+"After the preprocessing of messages into a padded payload, the gateway "
+"builds\n"
+"a random 16 byte IV value, iteratively encrypting it and the tunnel "
+"message as\n"
+"necessary, and forwards the tuple {tunnelID, IV, encrypted tunnel "
+"message} to the next hop."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:213
+msgid ""
+"How encryption at the gateway is done depends on whether the tunnel is an"
+"\n"
+"inbound or an outbound tunnel.  For inbound tunnels, they simply select a"
+" random\n"
+"IV, postprocessing and updating it to generate the IV for the gateway and"
+" using \n"
+"that IV along side their own layer key to encrypt the preprocessed data."
+"  For outbound \n"
+"tunnels they must iteratively decrypt the (unencrypted) IV and "
+"preprocessed \n"
+"data with the IV and layer keys for all hops in the tunnel.  The result "
+"of the outbound\n"
+"tunnel encryption is that when each peer encrypts it, the endpoint will "
+"recover \n"
+"the initial preprocessed data."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:225
+msgid "Participant Processing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:227
+msgid ""
+"When a peer receives a tunnel message, it checks that the message came "
+"from\n"
+"the same previous hop as before (initialized when the first message comes"
+" through\n"
+"the tunnel).  If the previous peer is a different router, or if the "
+"message has\n"
+"already been seen, the message is dropped.  The participant then encrypts"
+" the \n"
+"received IV with AES256/ECB using their IV key to determine the current "
+"IV, uses \n"
+"that IV with the participant's layer key to encrypt the data, encrypts "
+"the \n"
+"current IV with AES256/ECB using their IV key again, then forwards the "
+"tuple \n"
+"{nextTunnelId, nextIV, encryptedData} to the next hop.  This double "
+"encryption\n"
+"of the IV (both before and after use) help address a certain class of\n"
+"confirmation attacks."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:243
+msgid ""
+"Duplicate message detection is handled by a decaying Bloom filter on "
+"message\n"
+"IVs.  Each router maintains a single Bloom filter to contain the XOR of "
+"the IV and\n"
+"the first block of the message received for all of the tunnels it is "
+"participating\n"
+"in, modified to drop seen entries after 10-20 minutes (when the tunnels "
+"will have\n"
+"expired).  The size of the bloom filter and the parameters used are "
+"sufficient to\n"
+"more than saturate the router's network connection with a negligible "
+"chance of \n"
+"false positive.  The unique value fed into the Bloom filter is the XOR of"
+" the IV \n"
+"and the first block so as to prevent nonsequential colluding peers in the"
+" tunnel \n"
+"from tagging a message by resending it with the IV and first block "
+"switched."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:256
+msgid "Endpoint Processing"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:258
+msgid ""
+"After receiving and validating a tunnel message at the last hop in the "
+"tunnel,\n"
+"how the endpoint recovers the data encoded by the gateway depends upon "
+"whether \n"
+"the tunnel is an inbound or an outbound tunnel.  For outbound tunnels, "
+"the \n"
+"endpoint encrypts the message with its layer key just like any other "
+"participant, \n"
+"exposing the preprocessed data.  For inbound tunnels, the endpoint is "
+"also the \n"
+"tunnel creator so they can merely iteratively decrypt the IV and message,"
+" using the \n"
+"layer and IV keys of each step in reverse order."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:268
+msgid ""
+"At this point, the tunnel endpoint has the preprocessed data sent by the "
+"gateway,\n"
+"which it may then parse out into the included I2NP messages and forwards "
+"them as\n"
+"requested in their delivery instructions."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:275
+msgid "Tunnel Building"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:277
+msgid ""
+"When building a tunnel, the creator must send a request with the "
+"necessary\n"
+"configuration data to each of the hops and wait for all of them to agree "
+"before\n"
+"enabling the tunnel.  The requests are encrypted so that only the peers "
+"who need\n"
+"to know a piece of information (such as the tunnel layer or IV key) has "
+"that\n"
+"data.  In addition, only the tunnel creator will have access to the "
+"peer's\n"
+"reply.  There are three important dimensions to keep in mind when "
+"producing\n"
+"the tunnels: what peers are used (and where), how the requests are sent "
+"(and \n"
+"replies received), and how they are maintained."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:291
+msgid ""
+"Beyond the two types of tunnels - inbound and outbound - there are two "
+"styles\n"
+"of peer selection used for different tunnels - exploratory and client.\n"
+"Exploratory tunnels are used for both network database maintenance and "
+"tunnel\n"
+"maintenance, while client tunnels are used for end to end client messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:299
+msgid "Exploratory tunnel peer selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:301
+msgid ""
+"Exploratory tunnels are built out of a random selection of peers from a "
+"subset\n"
+"of the network.  The particular subset varies on the local router and on "
+"what their\n"
+"tunnel routing needs are.  In general, the exploratory tunnels are built "
+"out of\n"
+"randomly selected peers who are in the peer's \"not failing but active\" "
+"profile\n"
+"category.  The secondary purpose of the tunnels, beyond merely tunnel "
+"routing,\n"
+"is to find underutilized high capacity peers so that they can be promoted"
+" for\n"
+"use in client tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:311
+#, python-format
+msgid ""
+"Exploratory peer selection is discussed further on the\n"
+"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:317
+msgid "Client tunnel peer selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:319
+msgid ""
+"Client tunnels are built with a more stringent set of requirements - the "
+"local\n"
+"router will select peers out of its \"fast and high capacity\" profile "
+"category so\n"
+"that performance and reliability will meet the needs of the client "
+"application.\n"
+"However, there are several important details beyond that basic selection "
+"that \n"
+"should be adhered to, depending upon the client's anonymity needs."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:327
+#, python-format
+msgid ""
+"Client peer selection is discussed further on the\n"
+"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:332
+msgid "Peer Ordering within Tunnels"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:334
+#, python-format
+msgid ""
+"Peers are ordered within tunnels to deal with the\n"
+"<a href=\"%(pdf)s\">predecessor attack</a>\n"
+"<a href=\"%(pdf2008)s\">(2008 update)</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:341
+msgid ""
+"To frustrate the predecessor \n"
+"attack, the tunnel selection keeps the peers selected in a strict order -"
+"\n"
+"if A, B, and C are in a tunnel for a particular tunnel pool, the hop "
+"after A is always B, and the hop after\n"
+"B is always C."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:348
+msgid ""
+"Ordering is implemented by generating a random 32-byte key for each\n"
+"tunnel pool at startup.\n"
+"Peers should not be able to guess the ordering, or an attacker could\n"
+"craft two router hashes far apart to maximize the chance of being at both"
+"\n"
+"ends of a tunnel.\n"
+"Peers are sorted by XOR distance of the\n"
+"SHA256 Hash of (the peer's hash concatenated with the random key) from "
+"the random key"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:363
+msgid ""
+"Because each tunnel pool uses a different random key, ordering is "
+"consistent\n"
+"within a single pool but not between different pools.\n"
+"New keys are generated at each router restart."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:370
+msgid "Request delivery"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:372
+#, python-format
+msgid ""
+"A multi-hop tunnel is built using a single build message which is "
+"repeatedly\n"
+"decrypted and forwarded. In the terminology of\n"
+"<a href=\"%(pdf)s\">Hashing it out in Public</a>,\n"
+"this is \"non-interactive\" telescopic tunnel building."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:379
+#, python-format
+msgid ""
+"This tunnel request preparation, delivery, and response method is\n"
+"<a href=\"%(tunnelcreation)s\">designed</a> to reduce the number of\n"
+"predecessors exposed, cuts the number of messages transmitted, verifies "
+"proper\n"
+"connectivity, and avoids the message counting attack of traditional "
+"telescopic\n"
+"tunnel creation.\n"
+"(This method, which sends messages to extend a tunnel through the "
+"already-established\n"
+"part of the tunnel, is termed \"interactive\" telescopic tunnel building "
+"in\n"
+"the \"Hashing it out\" paper.)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:390
+#, python-format
+msgid ""
+"The details of tunnel request and response messages, and their "
+"encryption,\n"
+"<a href=\"%(tunnelcreation)s\">are specified here</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:395
+msgid ""
+"Peers may reject tunnel creation requests for a variety of reasons, "
+"though\n"
+"a series of four increasingly severe rejections are known: probabilistic "
+"rejection\n"
+"(due to approaching the router's capacity, or in response to a flood of "
+"requests), \n"
+"transient overload, bandwidth overload, and critical failure.  When "
+"received, \n"
+"those four are interpreted by the tunnel creator to help adjust their "
+"profile of\n"
+"the router in question."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:404
+#, python-format
+msgid ""
+"For more information on peer profiling, see the\n"
+"<a href=\"%(peerselection)s\">Peer Profiling and Selection page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:410
+msgid "Tunnel Pools"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:412
+#, python-format
+msgid ""
+"To allow efficient operation, the router maintains a series of tunnel "
+"pools,\n"
+"each managing a group of tunnels used for a specific purpose with their "
+"own\n"
+"configuration.  When a tunnel is needed for that purpose, the router "
+"selects one\n"
+"out of the appropriate pool at random.  Overall, there are two "
+"exploratory tunnel\n"
+"pools - one inbound and one outbound - each using the router's default "
+"configuration.\n"
+"In addition, there is a pair of pools for each local destination -\n"
+"one inbound and one outbound tunnel pool.  Those pools use the "
+"configuration specified\n"
+"when the local destination connects to the router via <a "
+"href=\"%(i2cp)s\">I2CP</a>, or the router's defaults if\n"
+"not specified."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:424
+#, python-format
+msgid ""
+"Each pool has within its configuration a few key settings, defining how "
+"many\n"
+"tunnels to keep active, how many backup tunnels to maintain in case of "
+"failure,\n"
+"how long the tunnels should be, whether those\n"
+"lengths should be randomized, as \n"
+"well as any of the other settings allowed when configuring individual "
+"tunnels.\n"
+"Configuration options are specified on the <a href=\"%(i2cp)s\">I2CP "
+"page</a>."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:434
+msgid "Tunnel Lengths and Defaults"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:436
+msgid "On the tunnel overview page"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:438
+msgid "Anticipatory Build Strategy and Priority"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:440
+msgid ""
+"Tunnel building is expensive, and tunnels expire a fixed time after they "
+"are built.\n"
+"However, when a pool that runs out of tunnels, the Destination is "
+"essentially dead.\n"
+"In addition, tunnel build success rate may vary greatly with both local "
+"and global\n"
+"network conditions.\n"
+"Therefore, it is important to maintain an anticipatory, adaptive build "
+"strategy\n"
+"to ensure that new tunnels are successfully built before they are needed,"
+"\n"
+"without building an excess of tunnels, building them too soon,\n"
+"or consuming too much CPU or bandwidth creating and sending the encrypted"
+" build messages."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:451
+msgid ""
+"For each tuple {exploratory/client, in/out, length, length variance}\n"
+"the router maintains statistics on the time required for a successful\n"
+"tunnel build.\n"
+"Using these statistics, it calculates how long before a tunnel's "
+"expiration\n"
+"it should start attempting to build a replacement.\n"
+"As the expiration time approaches without a successful replacement,\n"
+"it starts multiple build attempts in parallel, and then\n"
+"will increase the number of parallel attempts if necessary."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:462
+msgid ""
+"To cap bandwidth and CPU usage,\n"
+"the router also limits the maximum number of build attempts outstanding\n"
+"across all pools.\n"
+"Critical builds (those for exploratory tunnels, and for pools that have\n"
+"run out of tunnels) are prioritized."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:471
+msgid "Tunnel Message Throttling"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:473
+msgid ""
+"Even though the tunnels within I2P bear a resemblance to a circuit "
+"switched\n"
+"network, everything within I2P is strictly message based - tunnels are "
+"merely\n"
+"accounting tricks to help organize the delivery of messages.  No "
+"assumptions are\n"
+"made regarding reliability or ordering of messages, and retransmissions "
+"are left\n"
+"to higher levels (e.g. I2P's client layer streaming library).  This "
+"allows I2P\n"
+"to take advantage of throttling techniques available to both packet "
+"switched and\n"
+"circuit switched networks.  For instance, each router may keep track of "
+"the \n"
+"moving average of how much data each tunnel is using, combine that with "
+"all of \n"
+"the averages used by other tunnels the router is participating in, and be"
+" able\n"
+"to accept or reject additional tunnel participation requests based on its"
+" \n"
+"capacity and utilization.  On the other hand, each router can simply drop"
+" \n"
+"messages that are beyond its capacity, exploiting the research used on "
+"the \n"
+"normal Internet."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:489
+msgid ""
+"In the current implementation, routers implement a\n"
+"weighted random early discard (WRED) strategy.\n"
+"For all participating routers (internal participant, inbound gateway, and"
+" outbound endpoint),\n"
+"the router will start randomly dropping a portion of messages as the\n"
+"bandwidth limits are approached.\n"
+"As traffic gets closer to, or exceeds, the limits, more messages are "
+"dropped.\n"
+"For an internal participant, all messages are fragmented and padded and "
+"therefore are the same size.\n"
+"At the inbound gateway and outbound endpoint, however, the dropping "
+"decision is made\n"
+"on the full (coalesced) message, and the message size is taken into "
+"account.\n"
+"Larger messages are more likely to be dropped.\n"
+"Also, messages are more likely to be dropped at the outbound endpoint "
+"than the inbound gateway,\n"
+"as those messages are not as \"far along\" in their journey and thus the "
+"network cost of\n"
+"dropping those messages is lower."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:507
+msgid "Mixing/batching"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:509
+msgid ""
+"What strategies could be used at the gateway and at each hop for "
+"delaying,\n"
+"reordering, rerouting, or padding messages?  To what extent should this "
+"be done\n"
+"automatically, how much should be configured as a per tunnel or per hop "
+"setting,\n"
+"and how should the tunnel's creator (and in turn, user) control this "
+"operation?\n"
+"All of this is left as unknown, to be worked out for a distant future "
+"release."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:518
+msgid "Padding"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:519
+msgid ""
+"The padding strategies can be used on a variety of levels, addressing the"
+"\n"
+"exposure of message size information to different adversaries.\n"
+"The current fixed tunnel message size is 1024 bytes.  Within this "
+"however, the fragmented\n"
+"messages themselves are not padded by the tunnel at all, though for end "
+"to end \n"
+"messages, they may be padded as part of the garlic wrapping."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/implementation.html:529
+msgid ""
+"WRED strategies have a significant impact on end-to-end performance,\n"
+"and prevention of network congestion collapse.\n"
+"The current WRED strategy should be carefully evaluated and improved."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/old-implementation.html:2
+msgid "Old Tunnel Implementation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/old-implementation.html:5
+#, python-format
+msgid ""
+"Note: Obsolete - NOT used!  Replaced in 0.6.1.10 - see <a "
+"href=\"%(tunnelimpl)s\">here</a> for the current implementation"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:3
+msgid "November 2016"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:7
+msgid ""
+"This page describes the origins and design of I2P's unidirectional "
+"tunnels.\n"
+"For further information see:"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:13
+msgid "Tunnel overview page"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:19
+msgid "Tunnel design discussion"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:21
+msgid "Peer selection"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:23
+msgid "Meeting 125 (~13:12-13:30)"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:28
+msgid "Review"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:30
+msgid ""
+"While we aren't aware of any published research on the advantages of \n"
+"unidirecdtional tunnels,\n"
+"they appear to make it harder to detect a \n"
+"request/response pattern, which is quite possible to detect over a \n"
+"bidirectional tunnel.\n"
+"Several apps and protocols, notably HTTP,\n"
+"do transfer data in such manner. Having the traffic follow the same \n"
+"route to its destination and back could make it easier for an \n"
+"attacker who has only timing and traffic volume data to infer the path a"
+" \n"
+"tunnel is taking.\n"
+"Having the response come back along a different path arguably \n"
+"makes it harder."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:45
+msgid ""
+"When dealing with \n"
+"an internal adversary or most external adversaries, I2P's undirectional "
+"tunnels\n"
+"expose half as much traffic data than would be exposed with bidirectional"
+" circuits\n"
+"by simply looking at the flows themselves - an HTTP request and response "
+"would \n"
+"follow the same path in Tor, while in I2P the packets making up the "
+"request \n"
+"would go out through one or more outbound tunnels and the packets making "
+"up \n"
+"the response would come back through one or more different inbound "
+"tunnels."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:55
+msgid ""
+"The strategy of using two separate tunnels for inbound and outbound\n"
+"communication is not the only technique available, and it does have "
+"anonymity\n"
+"implications.  On the positive side, by using separate tunnels it lessens"
+" the\n"
+"traffic data exposed for analysis to participants in a tunnel - for "
+"instance,\n"
+"peers in an outbound tunnel from a web browser would only see the traffic"
+" of\n"
+"an HTTP GET, while the peers in an inbound tunnel would see the payload \n"
+"delivered along the tunnel.  With bidirectional tunnels, all participants"
+" would\n"
+"have access to the fact that e.g. 1KB was sent in one direction, then "
+"100KB\n"
+"in the other.  On the negative side, using unidirectional tunnels means "
+"that\n"
+"there are two sets of peers which need to be profiled and accounted for, "
+"and\n"
+"additional care must be taken to address the increased speed of "
+"predecessor\n"
+"attacks.  The tunnel pooling and building process\n"
+"(peer selection and ordering strategies)\n"
+"should minimize the worries of the predecessor attack."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:73
+msgid "Anonymity"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:75
+#, python-format
+msgid ""
+"A recent <a href=\"%(pdf)s\">paper by Hermann and Grothoff</a>\n"
+"declared that I2P's unidirectional tunnels \"seems to be a bad design "
+"decision\"."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:80
+msgid ""
+"The paper's main point is that\n"
+"deanonymizations on unidirectional tunnels take a longer time, which is "
+"an \n"
+"advantage, but that an attacker can be more certain in the unidirectional"
+" case. \n"
+"Therefore, the paper claims it isn't an advantage at all, but a "
+"disadvantage, at least\n"
+"with long-living eepsites."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:88
+msgid ""
+"This conclusion is not fully supported by the paper. Unidirectional "
+"tunnels clearly \n"
+"mitigate other attacks and it's not clear how to trade off the risk of "
+"the \n"
+"attack in the paper\n"
+"with attacks on a bidirectional tunnel architecture."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:95
+msgid ""
+"This conclusion is based on an arbitrary certainty vs. time weighting \n"
+"(tradeoff) that may not be applicable in all cases. For \n"
+"example, somebody could make a list of possible IPs then issue subpoenas "
+"to \n"
+"each. Or the attacker could DDoS each in turn and via a simple \n"
+"intersection attack see if the eepsite goes down or is slowed down. So "
+"close \n"
+"may be good enough, or time may be more important."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:104
+msgid ""
+"The conclusion is based on a specific weighting of the importance of "
+"certainty \n"
+"vs. time, and that weighting may be wrong, and it's definitely debatable,"
+" \n"
+"especially in a real world with subpoenas, search warrants, and other "
+"methods \n"
+"available for final confirmation."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:111
+msgid ""
+"A full analysis of the tradeoffs of unidirectional vs. bidirectional \n"
+"tunnels is clearly outside the scope of the paper, and has not been done"
+" \n"
+"elsewhere. For example, how does this attack compare to the numerous "
+"possible \n"
+"timing attacks published about onion-routed networks? Clearly the authors"
+" have not\n"
+"done that analysis, if it's even possible to do it\n"
+"effectively."
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:120
+msgid ""
+"Tor uses bidirectional tunnels and has had a lot of academic review. I2P"
+" \n"
+"uses unidirectional tunnels and has had very little review. Does the lack"
+" of a \n"
+"research paper defending unidirectional tunnels mean that it is a poor "
+"design \n"
+"choice, or just that it needs more study? Timing attacks and \n"
+"distributed attacks are difficult to defend against in both I2P and Tor. "
+"The \n"
+"design intent (see references above) was that unidirectional tunnels are "
+"more \n"
+"resistant to timing attacks. However, the paper presents a somewhat "
+"different type of timing \n"
+"attack. Is this attack, innovative as it is, sufficient to label I2P's \n"
+"tunnel architecture (and thus I2P as a whole) a \"bad design\", and by \n"
+"implication clearly inferior to Tor, or is it just a design alternative "
+"that \n"
+"clearly needs further investigation and analysis? There are several other"
+" reasons \n"
+"to consider I2P currently inferior to Tor and other projects (small "
+"network \n"
+"size, lack of funding, lack of review) but is unidirectional tunnels "
+"really a \n"
+"reason?"
+msgstr ""
+
+#: i2p2www/pages/site/docs/tunnels/unidirectional.html:137
+msgid ""
+"In summary, \"bad design decision\" is apparently (since the paper does\n"
+"not label bidirectional tunnels \"bad\") shorthand for \"unidirectional \n"
+"tunnels are unequivocally inferior to bidirectional tunnels\", yet this \n"
+"conclusion is not supported by the paper."
+msgstr ""
+
-- 
GitLab