o Group Diffie-Hellman protocol for establishig key with two or more
users on a channel.
+ o Define that with CTR mode PFS MUST be enabled in SKE. CTR rekey
+ cannot be done without PFS because the counter block requires fresh
+ HASH value which requires PFS in rekey.
+
o Extend the Channel ID port to be actually a counter, allowing the
2^32 channels per cell, instead of 2^16 like now. The port with
compliant implementation would always be 706, and it could be used
the one that actually WANTs to establish the keys. So no need for
responder to retransmit. Define this clearly in the specs.
+ o Define clearly that the DSS signature format is the the Dss-Sig-Value
+ ASN.1 encoding defined for PKIX.
+
+ o Define clearly the SSH2 signature format is the one specified for SSH2
+ protocol.
+
o Dynamic server and router connections, ala Jabber. SILC has allowed
this from the beginning. It should be written out clearly in the
specs. Connection would be created with nick strings (which are of
format nick@server).
+ o NAT detection protocool during SKE so that party behind NAT can
+ detect if it is behind NAT and receive the public IP address and port
+ that it may need (servers need it to create valid Server ID). (***DONE)
+
o Counter block send/receive IV 64 bits instead of 32 bits, and the
value itself is used as 64-bit MSB ordered counter, which must
be reset before the packet sequence counter wraps. It's basically
projects / silc.git / blobdiff