Here is the idea.... Everyone willing to participate, opens up their squid for cache queries (on local bandwidth), not allowing requests to be forwarded. Not sure about the terminology... but (I think) you configure the other caches as peers and not parents/children.
When you browse, your cache queries the peer/neighbour caches to see if the content is cached and downloads it from a peer, if available.
Things to consider:
Scalability
This setup should be scalable since a new "server" is added for every "client".
Bandwidth
How much bandwidth does the ICP protocol consume for the average user? I think that Cache Digests are the way to go.
Registration
Everyone wishing to participate should register on a central server. The server will keep a list of (dynamic) domain names that the caches can refresh on a daily basis. If someone provided falsified information, or their cache is not configured correctly, the server will notify them and remove them from the list.
Security
Configure either iptables or squid to only accept queries from the list of peers. How safe is it to open up squid to semi-trusted peers? SSL should possibly be used.
Possibility and consequences of someone injecting malicious content into their cache (Upside-Down-Ternet).
Abuse
As always, people will try to abuse the service. The originating IP address will be recorded in the logs. Is this enough or should more be required at registration?
Did I miss anything?
Anyone willing to run a "beta" test or help out with the squid config? We should start off with just a couple of caches and expand slowly, taking note of the bandwidth/performance characteristics.
When you browse, your cache queries the peer/neighbour caches to see if the content is cached and downloads it from a peer, if available.
Things to consider:
Scalability
This setup should be scalable since a new "server" is added for every "client".
Bandwidth
How much bandwidth does the ICP protocol consume for the average user? I think that Cache Digests are the way to go.
Registration
Everyone wishing to participate should register on a central server. The server will keep a list of (dynamic) domain names that the caches can refresh on a daily basis. If someone provided falsified information, or their cache is not configured correctly, the server will notify them and remove them from the list.
Security
Configure either iptables or squid to only accept queries from the list of peers. How safe is it to open up squid to semi-trusted peers? SSL should possibly be used.
Possibility and consequences of someone injecting malicious content into their cache (Upside-Down-Ternet).
Abuse
As always, people will try to abuse the service. The originating IP address will be recorded in the logs. Is this enough or should more be required at registration?
Did I miss anything?
Anyone willing to run a "beta" test or help out with the squid config? We should start off with just a couple of caches and expand slowly, taking note of the bandwidth/performance characteristics.
Last edited: