It then sends a Key Exchange Start Payload to the initiator filled with
security properties it selected from the original payload. The payload
-sent by responder MUST include only one chosen property per list.
+sent by responder MUST include only one chosen property per list. The
+character encoding for the security property values as defined in [SILC1]
+SHOULD be UTF-8 [RFC2279].
The Key Exchange Start Payload is used to tell connecting entities what
security properties and algorithms should be used in the communication.
be closed immediately.
o Public Key (or certificate) (variable length) - The
- public key or certificate.
+ public key or certificate. The public key or certificate
+ in this field is encoded in the manner as defined in their
+ respective definitions; see previous field.
o Public Data Length (2 bytes) - The length of the Public Data
field, not including any other field.
Provided version string was not acceptable.
+
11 SILC_SKE_STATUS_INVALID_COOKIE
The cookie in the Key Exchange Start Payload was malformed,
If authentication method is passphrase the authentication data is
plaintext passphrase. As the payload is entirely encrypted it is safe
-to have plaintext passphrase. See the section 3.2.1 Passphrase
-Authentication for more information.
+to have plaintext passphrase. It is also provided as plaintext passphrase
+because the receiver may need to pass the entire passphrase into a
+passphrase checker, and hash digest of the passphrase would prevent this.
+See the section 3.2.1 Passphrase Authentication for more information.
If authentication method is public key authentication the authentication
data is a signature of the hash value of hash HASH plus Key Exchange
Passphrase authentication or pre-shared-key based authentication is
simply an authentication where the party that wants to authenticate
itself to the other end sends the passphrase that is required by
-the other end, for example server.
+the other end, for example server. The plaintext passphrase is put
+to the payload, that is then encrypted. The plaintext passphrase
+MUST be in UTF-8 [RFC2279] encoding. If the passphrase is in the
+sender's system in some other encoding it MUST be UTF-8 encoded
+before transmitted. The receiver MAY change the encoding of the
+passphrase to its system's default character encoding before verifying
+the passphrase.
If the passphrase matches with the one in the server's end the
authentication is successful. Otherwise SILC_PACKET_FAILURE MUST be
[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
+[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", RFC 2279, January 1998.
+
.ti 0
6 Author's Address
70100 Kuopio
Finland
-EMail: priikone@silcnet.org
+EMail: priikone@iki.fi
This Internet-Draft expires XXX