The only setting that must be customized per user is the Auth Key parameter. Therefore, a service provider could provide a standard configuration URL for everyone and then require the user to manually paste in the Auth Key. However, it is better to provide a per-user URL that fills in the Auth Key automatically.
The automatic configuration server must return a text/plain file containing a series of Name: Value pairs, with the same format as the config.txt file located in the client home directory. Values not specified are left at their defaults. Unlike the config file, the server's reply must start with #BEGIN_CONFIG# on its own line, and end with #END_CONFIG# on its own line.
Here is a typical automatic configuration file to set up a server-based
account. This assumes your server provides TOR and I2P forwarding, so clients
are instructed to use it by default. The user who wants to install his own
TOR and/or I2P can uncheck these options.
#BEGIN_CONFIG# Transport: server=s1.myserviceprovider.com:8081,s2.myserviceprovider.com:8081 AuthKey: 03e7c01624ebdb948945312321d3691aa0c28798 EntangledServer: server=s1.myserviceprovider.com:8081,s2.myserviceprovider.com:8081 ProxyIP: False ProxyTOR: True ProxyI2P: True #END_CONFIG#The configuration URL should be too complex to guess (i.e. including an SHA1 hash) so unauthorized people cannot steal auth keys. If you are generating static files, rather than using a script, turn off the automatic index feature (Options -Indexes) in the HTTP server configuration. At the simplest, the URL for the above might look like:
where autoconfig.php just prints a fixed configuration and plugs in the ak value from the URL as the AuthKey parameter. Alternately you might put a different hash in the URL and look up the auth key in a database.
The automatic configuration mechanism does not currently check the certificate chain, so it is vulnerable to a man in the middle attack even if HTTPS is used. Security-conscious users should verify the settings downloaded using this mechanism.
Here's the simplest useful server-side autoconfiguration program.
<?php header('Content-type: text/plain'); echo "#BEGIN_CONFIG#\n"; echo "Transport: server=s1.confidantmail.org:8082,s2.confidantmail.org:8082\n"; echo "EntangledServer: server=s1.confidantmail.org:8082,s2.confidantmail.org:8082\n"; echo "AuthKey: " . $_GET["ak"] . "\n"; echo "ProxyIP: False\n"; echo "ProxyTOR: True\n"; echo "ProxyI2P: True\n"; echo "#END_CONFIG#\n"; ?>