Project

General

Profile

Feature #9191

Consider providing a magnet link for BitTorrent download

Added by sajolida over 4 years ago. Updated about 1 year ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Installation
Target version:
-
Start date:
04/08/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

During our sprint in Paris we were shown that, for exemple on Mac, magnet link that handled transparently by the operating system without the need to download a file and then open it with the BitTorrent client. The experience was much smoother.

Could we do that too? Propose both?

Also note that in #8832 we discussed the fact that providing signature of the torrent file itself has little security implication. So providing a magnet link would have the same security properties as a torrent without OpenPGP signature.

History

#1 Updated by intrigeri over 4 years ago

To start with, I totally agree that a magnet link would be a total UX win. So I'm very happy that this is being considered!

Also note that in #8832 we discussed the fact that providing signature of the torrent file itself has little security implication.

My understanding is rather that #8832 was about shipping the signature among the files downloaded by the BitTorrent software, not about the detached signature of the Torrent file itself.

So providing a magnet link would have the same security properties as a torrent without OpenPGP signature.

May you please clarify what you mean with "a torrent without OpenPGP signature"? Is that a Torrent that downloads just the ISO (as discussed on #8832), or anything else?

Also, I easily admit that I have basically no clue about magnet links, at some point more information would help evaluating the security of the proposal:

  • do magnet links encode a HTTP URL somehow?
  • do magnet links encode hashes of the resources — equivalent of a .torrent file — that the BitTorrent client will download, in order to know how to download the actual files the user wants? if yes, do BitTorrent clients verify such hashes?

Cheers!

#2 Updated by Dr_Whax about 1 year ago

intrigeri wrote:

To start with, I totally agree that a magnet link would be a total UX win. So I'm very happy that this is being considered!

Also note that in #8832 we discussed the fact that providing signature of the torrent file itself has little security implication.

My understanding is rather that #8832 was about shipping the signature among the files downloaded by the BitTorrent software, not about the detached signature of the Torrent file itself.

So providing a magnet link would have the same security properties as a torrent without OpenPGP signature.

May you please clarify what you mean with "a torrent without OpenPGP signature"? Is that a Torrent that downloads just the ISO (as discussed on #8832), or anything else?

Also, I easily admit that I have basically no clue about magnet links, at some point more information would help evaluating the security of the proposal:

  • do magnet links encode a HTTP URL somehow?

I quote: https://en.wikipedia.org/wiki/Magnet_URI_scheme

Magnet URIs consist of a series of one or more parameters, the order of which is not significant, formatted in the same way as query strings that ordinarily terminate HTTP URLs. The most common parameter is "xt" ("exact topic"), which is generally a URN formed from the content hash of a particular file.

  • do magnet links encode hashes of the resources — equivalent of a .torrent file — that the BitTorrent client will download, in order to know how to download the actual files the user wants? if yes, do BitTorrent clients verify such hashes?

Yes, magnet links encode a sha1 hex encoded hash.

These are hex-encoded SHA-1 hash sums of the "info" sections of BitTorrent metafiles as used by BitTorrent to identify downloadable files or sets of files. For backwards compatibility with existing links, clients should also support the Base32 encoded version of the hash.

The format is:

xt=urn:btih:[ BitTorrent Info Hash (Hex) ]

Then the bittorrent clients verify these hashes to say, OK, this magnet is not corrupt and we can find the stuff in either the tracker or the "swarm"

#3 Updated by intrigeri about 1 year ago

  • Type of work changed from Research to End-user documentation

So, for example magnet:?xt=urn:btih:067e08a55ffbd386d919ae0cdf38760d799474b7&dn=tails-amd64-3.9 works just fine. The embedded hash is the one shown by transmission-show tails-amd64-3.9.torrent. So from a release manager's perspective, generating a Magnet URI and saving it to wiki/src/inc/stable_amd64_magnet_url.html would be trivial and easily automatable. Shall I do this?

Then someone could adjust wiki/src/install/inc/steps/download.inline.html to display the Magnet URI instead or in addition to inc/stable_amd64_torrent_url. I would say "instead of" because if displaying Magnet URIs only is good enough for The Pirate Bay, it's probably good enough for us :)

Also available in: Atom PDF