updates

[crypto.git] / doc / draft-riikonen-silc-ke-auth-05.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-05.nroff b/doc/draft-riikonen-silc-ke-auth-05.nroff
index 8e95e13dc40e4d2b37177eee28d57227656996a9..7089aa4810c884495c065760dcd94bfa976d4b8e 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-05.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-05.nroff
@@ -200,7 +200,9 @@ whether it supports the security properties.
 
 It then sends a Key Exchange Start Payload to the initiator filled with
 security properties it selected from the original payload.  The payload
-sent by responder MUST include only one chosen property per list.
+sent by responder MUST include only one chosen property per list.  The
+character encoding for the security property values as defined in [SILC1] 
+SHOULD be UTF-8 [RFC2279].
 
 The Key Exchange Start Payload is used to tell connecting entities what
 security properties and algorithms should be used in the communication.
@@ -481,7 +483,9 @@ o Public Key Type (2 bytes) - The public key (or certificate)
   be closed immediately.
 
 o Public Key (or certificate) (variable length) - The
-  public key or certificate.
+  public key or certificate.  The public key or certificate
+  in this field is encoded in the manner as defined in their
+  respective definitions;  see previous field.
 
 o Public Data Length (2 bytes) - The length of the Public Data
   field, not including any other field.
@@ -822,6 +826,7 @@ are defined:
 
     Provided version string was not acceptable.
 
+
 11  SILC_SKE_STATUS_INVALID_COOKIE
 
     The cookie in the Key Exchange Start Payload was malformed,
@@ -875,8 +880,10 @@ authentication is required.
 
 If authentication method is passphrase the authentication data is
 plaintext passphrase.  As the payload is entirely encrypted it is safe
-to have plaintext passphrase.  See the section 3.2.1 Passphrase
-Authentication for more information.
+to have plaintext passphrase.  It is also provided as plaintext passphrase
+because the receiver may need to pass the entire passphrase into a
+passphrase checker, and hash digest of the passphrase would prevent this.
+See the section 3.2.1 Passphrase Authentication for more information.
 
 If authentication method is public key authentication the authentication
 data is a signature of the hash value of hash HASH plus Key Exchange
@@ -956,7 +963,13 @@ for defined numerical authentication method types.
 Passphrase authentication or pre-shared-key based authentication is 
 simply an authentication where the party that wants to authenticate 
 itself to the other end sends the passphrase that is required by
-the other end, for example server.
+the other end, for example server.  The plaintext passphrase is put
+to the payload, that is then encrypted.  The plaintext passphrase
+MUST be in UTF-8 [RFC2279] encoding.  If the passphrase is in the
+sender's system in some other encoding it MUST be UTF-8 encoded 
+before transmitted.  The receiver MAY change the encoding of the
+passphrase to its system's default character encoding before verifying
+the passphrase.
 
 If the passphrase matches with the one in the server's end the
 authentication is successful.  Otherwise SILC_PACKET_FAILURE MUST be
@@ -1099,6 +1112,9 @@ security of this protocol.
 [RFC2119]    Bradner, S., "Key Words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.
 
+[RFC2279]    Yergeau, F., "UTF-8, a transformation format of ISO
+             10646", RFC 2279, January 1998.
+
 
 .ti 0
 6 Author's Address
@@ -1109,6 +1125,6 @@ Snellmanninkatu 34 A 15
 70100 Kuopio
 Finland
 
-EMail: priikone@silcnet.org
+EMail: priikone@iki.fi
 
 This Internet-Draft expires XXX