.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet-Draft
-.ds RH XXX
+.ds RH 13 November 2001
.ds CH
.na
.hy 0
.in 0
.nf
-Network Working Group P. Riikonen
+Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-ke-auth-04.txt XXX
-Expires: XXX
+draft-riikonen-silc-ke-auth-04.txt 13 November 2001
+Expires: 13 May 2002
.in 3
2.5 Key Exchange Status Types ................................. 15
3 SILC Connection Authentication Protocol ....................... 16
3.1 Connection Auth Payload ................................... 18
- 3.2 Connection Authentication Types ........................... 18
+ 3.2 Connection Authentication Types ........................... 19
3.2.1 Passphrase Authentication ........................... 19
3.2.2 Public Key Authentication ........................... 19
- 3.3 Connection Authentication Status Types .................... 19
+ 3.3 Connection Authentication Status Types .................... 20
4 Security Considerations ....................................... 20
5 References .................................................... 20
-6 Author's Address .............................................. 21
+6 Author's Address .............................................. 22
.ti 0
NOT provide the signature data. If the flag is set then the initiator
MUST provide the signature data so that the responder can verify it.
-The Mutual Authentication flag is usually used only if a separate
+The Mutual Authentication flag is usually used when a separate
authentication protocol will not be executed for the initiator of the
protocol. This is case for example when the SKE is performed between
-two SILC clients. In normal case, where client is connecting to the
-server, or server is connecting to the router the Mutual Authentication
-flag is not necessary.
+two SILC clients. In normal case, where client is connecting to a
+server, or server is connecting to a router the Mutual Authentication
+flag may be omitted. However, if the connection authentication protocol
+for the connecting entity is not based on public key authentication (it
+is based on passphrase) then the Mutual Authentication flag SHOULD be
+enabled. This way the connecting entity has to provide proof of
+posession of the private key for the public key it will provide in
+SILC Key Exchange protocol.
When performing re-key with PFS selected this is the only payload that
is sent in the SKE protocol. The Key Exchange Start Payload MUST NOT
1. Initiator generates a random number x, where 1 < x < q,
and computes e = g ^ x mod p. The result e is then
- encoded into Key Exchange Payload and sent to the
- responder.
+ encoded into Key Exchange Payload, with the public key
+ (or certificate) and sent to the responder.
If the Mutual Authentication flag is set then initiator
MUST also produce signature data SIGN_i which the responder
and computes f = g ^ y mod p. It then computes the
shared secret KEY = e ^ y mod p, and, a hash value
HASH = hash(Key Exchange Start Payload data | public
- key (or certificate) | e | f | KEY). It then signs
+ key (or certificate) | Initiator's public key (or
+ certificate) | e | f | KEY). It then signs
the HASH value with its private key resulting a signature
SIGN.
.in 3
+
+
.ti 0
3.2 Connection Authentication Types
This is REQUIRED authentication method to be supported by all SILC
implementations.
+When password authentication is used it is RECOMMENDED that maximum
+amount of padding is applied to the SILC packet. This way it is not
+possible to approximate the length of the password from the encrypted
+packet.
+
.ti 0
3.2.2 Public Key Authentication
auth_hash = hash(HASH | Key Exchange Start Payload);
signature = sign(auth_hash);
-The hash() function used to compute the value is the hash function negotiated
-in the SKE protocol. The server MUST verify the data, thus it must keep
-the HASH and the Key Exchange Start Payload saved during SKE and
-authentication protocols.
+The hash() function used to compute the value is the hash function
+negotiated in the SKE protocol. The server MUST verify the data, thus
+it must keep the HASH and the Key Exchange Start Payload saved during
+SKE and authentication protocols.
If the verified signature matches the sent signature, the authentication
-were successful and SILC_PACKET_SUCCESS is sent. If it failed the protocol
-execution is stopped and SILC_PACKET_FAILURE is sent.
+were successful and SILC_PACKET_SUCCESS is sent. If it failed the
+protocol execution is stopped and SILC_PACKET_FAILURE is sent.
This is REQUIRED authentication method to be supported by all SILC
implementations.
EMail: priikone@silcnet.org
-This Internet-Draft expires XXX
+This Internet-Draft expires 13 May 2002