So, what are the benefits of Node to Node copy (NNCP)? What are my doubts? I have many doubts, now that I've been experimenting with NNCP for a while.
NNCP is a way to securely store-and-forward files, mail and other commands. As such, it can replace Unix to Unix copy (UUCP). Since almost nobody uses UUCP these days, the question remains: what for?
NNCP is based on the exchange of public keys, so you can’t reach strangers this way. Email, for example, allows you to reach strangers. A positive take would be that NNCP is allow-list based. If you send mail via NNCP, the nodes have to both agree to it before data can be exchanged.
Since NNCP is based on public key cryptography, intermediaries cannot decrypt the data. They can still discover who sends data to whom. Of course it isn't trivial to do, but it is possible. My laptop sends encrypted data to my server; you call my server and pick up the encrypted data; so if the server is under surveillance, the two nodes communicating with each other are identified. That doesn't give away your home address, but regular logs can reveal the IP numbers used, so you need to cover your tracks at a lower level, too, if you want to escape surveillance. Alternatively, you can raise the stakes by using multiple hops to servers in different jurisdictions, with no liabilities by the service providers. Don't pick two servers in different countries where the hosting providers are all in the same country. When you do have a chain of independent nodes, this will make it harder to identify the two nodes communicating with each other, but that's it. It just raises the bar.
Sending encrypted mail is similar to a one-hop setup. On the mail server, the data is encrypted. Sender and recipient are known. Of course an email address looks much easier to understand than a node identifier, but for a computer, surely the two are very similar.
Perhaps you'd think that the ability to have the NNCP network work offline via the sneakernet is what sets it apart. But take a USB stick, have a directory per recipient, store encrypted files in these directories, carry it over to your friends, same thing, no? It's a bit more obvious, but it's not much more secure.
The only benefit, then, is tooling. Even if using the sneakernet, carrying around data on USB sticks, the existing tools still work. End users can use regular mail; end users can send files and request files and NNCP integration makes sure that nobody has to learn how `gpg` works.
But make no mistake: `gpg` has public keys and private keys in key rings and a command line tool to manage it all, whereas NNCP just as the `nncp.hjson` file per node with a private key and the public keys of its neighbouring nodes and no command line tool to manage it.
Now I'm wondering about the reasons for picking NNCP.
If you're using `mail` on the command line to send and receive mail, having your email server hooked up for NNCP makes it comfortable to send and receive encrypted mail. If you have a mail client like Delta Chat with `gpg` automatic cryptography integration, however, that works just as well. Regular mail servers impose size limits on mails send, however, so that makes sending large files with automatic splitting and collating more challenging.
If you're carrying or sending USB sticks around, using NNCP for file transfers and remote executions is slightly more interesting than using `gpg` to encrypt files because there are no limits imposed on the remote executions. You could run a BBS, run a news server, or try something new and NNCP doesn't care as long as the nodes at the end of the line know how to handle it. In theory you could just use emails for this and that's what the old Play by E-Mail (PBEM) games would do: parse emails received and send reports back. If a player uses a special tool that tool needs to emit properly formatted emails. MIME messages can indicate the type of data they contain, so it can all be made to work.
There are currently the only two benefits I can think of:
All of this to avoid the size limits of email, the parsing and emitting of special email formats, the operation of `gpg`, and so on.
If you can think of unique benefits for NNCP, let me know.
#NNCP