Tox协议官方文档翻译（一）

Introduction 介绍

This document is a textual specification of the Tox protocol and all the supporting modules required to implement it. The goal of this document is to give enough guidance to permit a complete and correct implementation of the protocol.
本文是Tox协议的文本规范以及操作它所需的所有支持模块的文章。本文主旨是给出足够的指导让协议完整和正确的实现。

Objectives 目的

This section provides an overview of goals and non-goals of Tox. It provides the reader with:

• a basic understanding of what problems Tox intends to solve;
• a means to validate whether those problems are indeed solved by the protocol as specified;
• the ability to make better tradeoffs and decisions in their own reimplementation of the protocol.

这一部分提供Tox能够实现的功能和不能实现的功能的整体概述。它为读者阐述了：

• 基本了解Tox打算解决的问题；
• 验证这些问题是否确实通过指定的协议得到了解决 ；
• 能够在自己重新实现协议中做出更好的权衡和决策。

Goals 能够实现

• Authentication: Tox aims to provide authenticated communication. This means that during a communication session, both parties can be sure of the other party’s identity. Users are identified by their public key. The initial key exchange is currently not in scope for the Tox protocol. In the future, Tox may provide a means for initial authentication using a challenge/response or shared secret based exchange.

  If the secret key is compromised, the user’s identity is compromised, and an attacker can impersonate that user. When this happens, the user must create a new identity with a new public key.

  认证： Tox目的在于提供认证通信。这意味着在通信会话期间，双方都可以确定彼此身份，用户通过他们的公钥进行标识。初始密钥交换目前不在Tox协议的范围内。将来，Tox也许会使用质询/响应或基于共享密文的交换来提供初始认证的手段。

  如果密钥被泄露，则用户的身份会受到损害，并且攻击者可以冒充该用户。 发生这种情况时，用户必须使用新的公钥创建新标识。

• End-to-end encryption: The Tox protocol establishes end-to-end encrypted communication links. Shared keys are deterministically derived using a Diffie-Hellman-like method, so keys are never transferred over the network.

• 端对端加密： Tox协议建立了端到端加密通信连接。 使用类似Diffie-Hellman的方法确定性地导出共享密钥，因此密钥永远不会通过网络传输。

• Forward secrecy: Session keys are re-negotiated when the peer connection is established.

• 正向保密： 建立对等连接时，会话密钥重新协商。

• Privacy: When Tox establishes a communication link, it aims to avoid leaking to any third party the identities of the parties involved (i.e. their public keys).

• 隐私： 当Tox建立通信连接时，它旨在避免向任何第三方泄露相关各方的身份（即他们的公钥）。

  Furthermore, it aims to avoid allowing third parties to determine the IP address of a given user.

  此外，它旨在避免允许第三方确定用户的IP地址。

• Resilience:

  • Independence of infrastructure: Tox avoids relying on servers as much as possible. Communications are not transmitted via or stored on central servers. Joining a Tox network requires connecting to a well-known node called a bootstrap node. Anyone can run a bootstrap node, and users need not put any trust in them.
  • Tox tries to establish communication paths in difficult network situations. This includes connecting to peers behind a NAT or firewall. Various techniques help achieve this, such as UDP hole-punching, UPnP, NAT-PMP, other untrusted nodes acting as relays, and DNS tunnels.
  • Resistance to basic denial of service attacks: short timeouts make the network dynamic and resilient against poisoning attempts.

• 弹力：

  • 基础设施的独立性：Tox尽可能避免依赖服务器。 通信不通过中央服务器传输或存储在中央服务器上 。加入Tox网络需要连接到称为引导节点的众所周知的节点。 任何人都可以运行引导节点，而且用户不需要信任它们。
  • Tox尝试在困难的网络环境中建立通信路径。 这包括连接NAT或防火墙后面的通信。 各种技术有助于实现这一点，例如UDP穿孔，UPnP，NAT-PMP，充当中继的其他不可信节点以及DNS隧道。
  • 抵御基本的拒绝服务攻击：短暂的超时使网络具有动态性并可抵御病毒攻击。

• Minimum configuration: Tox aims to be nearly zero-conf. User-friendliness is an important aspect to security. Tox aims to make security easy to achieve for average users.

• 最低配置： Tox目的是接近零配置。 用户友好性是安全性的重要方面。 Tox旨在为普通用户轻松实现安全性。

Non-goals 无法实现

Anonymity is not in scope for the Tox protocol itself, but it provides an easy way to integrate with software providing anonymity, such as Tor.

By default, Tox tries to establish direct connections between peers; as a consequence, each is aware of the other’s IP address, and third parties may be able to determine that a connection has been established between those IP addresses. One of the reasons for making direct connections is that relaying real-time multimedia conversations over anonymity networks is not feasible with the current network infrastructure.

匿名不在Tox协议本身的范围内，但它提供了一种与提供匿名性的软件（如Tor）集成的简便方法。

默认情况下，Tox尝试在两个用户之间建立直接连接；因此，每个人都知道对方的IP地址，并且第三方可能能够确定在这些IP地址之间建立了连接。 直接连接的原因之一是，在目前的网络基础设施下，通过匿名网络中继实时会话是不可行的 。

Threat model 威胁模型

TODO(iphydf): Define one. 不清楚干嘛的

Data types 数据类型

All data types are defined before their first use, and their binary protocol representation is given. The protocol representations are normative and must be implemented exactly as specified. For some types, human-readable representations are suggested. An implementation may choose to provide no such representation or a different one. The implementation is free to choose any in-memory representation of the specified types.

Binary formats are specified in tables with length, type, and content descriptions. If applicable, specific enumeration types are used, so types may be self-explanatory in some cases. The length can be either a fixed number in bytes (e.g. 32), a number in bits (e.g. 7 bit), a choice of lengths (e.g. 4 | 16), or an inclusive range (e.g. [0, 100]). Open ranges are denoted [n,] to mean a minimum length of n with no specified maximum length.

所有数据类型在首次使用之前都已定义，并给出了它们的二进制协议表示。协议表示是规范性的，必须严格按照规定实施。对于某些类型，建议使用直接可读的表示方法进行表示。实现过程中可以选择不提供这样的表示或不同的表示，可以自由选择指定类型的任何内存表示形式。

二进制格式被规定在一定长度，一定类型，和一定内容描述的表中。如果适用，则使用特定的枚举类型，因此在某些情况下类型可能是自动声明的。长度可以是一个以字节为单位的固定数字 （例如32），以位为单位的数字 (例如7 bit)，以长度为单位的数字（例如4|16），或者一个范围（例如[0,100]）未闭合的区间[n,]。

Integers 整数

The protocol uses four bounded unsigned integer types. Bounded means they have an upper bound beyond which incrementing is not defined. The integer types support modular arithmetic, so overflow wraps around to zero. Unsigned means their lower bound is 0. Signed integer types are not used. The binary encoding of all integer types is a fixed-width byte sequence with the integer encoded in Big Endian unless stated otherwise.

该协议使用四个有界无符号整数类型。 有界意味着它们具有上限，超过该上限未定义递增。 整数类型支持模运算，因此溢出包围为零。 无符号表示其下限为0，不使用有符号整数类型。 除非另有说明，否则所有整数类型的二进制编码是固定宽度的字节序列，其中整数使用Big Endian编码。

Strings 字符串

A String is a data structure used for human readable text. Strings are sequences of glyphs. A glyph consists of one non-zero-width unicode code point and zero or more zero-width unicode code points. The human-readable representation of a String starts and ends with a quotation mark (") and contains all human-readable glyphs verbatim. Control characters are represented in an isomorphic human-readable way. I.e. every control character has exactly one human-readable representation, and a mapping exists from the human-readable representation to the control character. Therefore, the use of Unicode Control Characters (U+240x) is not permitted without additional marker.

字符串是用于人类可读文本的数据结构。 字符串是字形序列。 字形由一个非零宽度的unicode代码点和零个或多个零宽度的unicode代码点组成。 String的人类可读表示以引号（“）开头和结尾，并且逐字包含所有人类可读的字形。控制字符以同构的人类可读方式表示。即每个控制字符都具有一个人类可读的表示 并且存在从人类可读表示到控制字符的映射。因此，如果没有附加标记，则不允许使用Unicode控制字符（U + 240x）。