.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH XXX
+.ds RH 25 November 2002
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-spec-06.txt XXX
-Expires: XXX
+draft-riikonen-silc-spec-06.txt 25 November 2002
+Expires: 25 April 2003
.in 3
1.1 Requirements Terminology .................................. 4
2 SILC Concepts ................................................. 4
2.1 SILC Network Topology ..................................... 4
- 2.2 Communication Inside a Cell ............................... 5
+ 2.2 Communication Inside a Cell ............................... 6
2.3 Communication in the Network .............................. 6
2.4 Channel Communication ..................................... 7
- 2.5 Router Connections ........................................ 7
+ 2.5 Router Connections ........................................ 8
3 SILC Specification ............................................ 8
- 3.1 Client .................................................... 8
+ 3.1 Client .................................................... 9
3.1.1 Client ID ........................................... 9
3.2 Server .................................................... 10
3.2.1 Server's Local ID List .............................. 10
3.9.1 Authentication Payload .............................. 21
3.10 Algorithms ............................................... 23
3.10.1 Ciphers ............................................ 23
- 3.10.1.1 CBC Mode .................................. XXX
- 3.10.1.2 CTR Mode .................................. XXX
- 3.10.1.3 Randomized CBC Mode ....................... XXX
- 3.10.2 Public Key Algorithms .............................. 24
- 3.10.3 Hash Functions ..................................... 24
- 3.10.4 MAC Algorithms ..................................... 25
- 3.10.5 Compression Algorithms ............................. 25
- 3.11 SILC Public Key .......................................... 26
- 3.12 SILC Version Detection ................................... 28
- 3.13 Backup Routers ........................................... 28
- 3.13.1 Switching to Backup Router ......................... 30
- 3.13.2 Resuming Primary Router ............................ 31
- 3.13.3 Discussion on Backup Router Scheme ................. 33
-4 SILC Procedures ............................................... 34
- 4.1 Creating Client Connection ................................ 34
- 4.2 Creating Server Connection ................................ 35
- 4.2.1 Announcing Clients, Channels and Servers ............ 36
- 4.3 Joining to a Channel ...................................... 37
- 4.4 Channel Key Generation .................................... 38
- 4.5 Private Message Sending and Reception ..................... 39
- 4.6 Private Message Key Generation ............................ 39
- 4.7 Channel Message Sending and Reception ..................... 40
- 4.8 Session Key Regeneration .................................. 40
- 4.9 Command Sending and Reception ............................. 41
- 4.10 Closing Connection ....................................... 42
- 4.11 Detaching and Resuming a Session ......................... 42
-5 Security Considerations ....................................... 44
-6 References .................................................... 45
-7 Author's Address .............................................. 47
+ 3.10.1.1 CBC Mode .................................. 24
+ 3.10.1.2 CTR Mode .................................. 24
+ 3.10.1.3 Randomized CBC Mode ....................... 25
+ 3.10.2 Public Key Algorithms .............................. 26
+ 3.10.3 Hash Functions ..................................... 26
+ 3.10.4 MAC Algorithms ..................................... 27
+ 3.10.5 Compression Algorithms ............................. 27
+ 3.11 SILC Public Key .......................................... 28
+ 3.12 SILC Version Detection ................................... 30
+ 3.13 Backup Routers ........................................... 31
+ 3.13.1 Switching to Backup Router ......................... 32
+ 3.13.2 Resuming Primary Router ............................ 33
+ 3.13.3 Discussion on Backup Router Scheme ................. 36
+4 SILC Procedures ............................................... 36
+ 4.1 Creating Client Connection ................................ 36
+ 4.2 Creating Server Connection ................................ 38
+ 4.2.1 Announcing Clients, Channels and Servers ............ 38
+ 4.3 Joining to a Channel ...................................... 39
+ 4.4 Channel Key Generation .................................... 41
+ 4.5 Private Message Sending and Reception ..................... 41
+ 4.6 Private Message Key Generation ............................ 42
+ 4.7 Channel Message Sending and Reception ..................... 43
+ 4.8 Session Key Regeneration .................................. 43
+ 4.9 Command Sending and Reception ............................. 44
+ 4.10 Closing Connection ....................................... 45
+ 4.11 Detaching and Resuming a Session ......................... 45
+5 Security Considerations ....................................... 47
+6 References .................................................... 48
+7 Author's Address .............................................. 49
local clients on the channel.
+
.ti 0
2.5 Router Connections
The format of the Authentication Payload is as follows:
-
.in 5
.nf
1 2 3
The following ciphers are defined in SILC protocol:
-.in 6
aes-256-cbc AES in CBC mode, 256 bit key (REQUIRED)
aes-256-ctr AES in CTR mode, 256 bit key (RECOMMENDED)
aes-256-rcbc AES in randomized CBC mode, 256 bit key (OPTIONAL)
rc6-<len>-<mode> RC6 in <mode> mode, <len> bit key (OPTIONAL)
mars-<len>-<mode> MARS in <mode> mode, <len> bit key (OPTIONAL)
none No encryption (OPTIONAL)
-.in 3
-
The <mode> is either "cbc", "ctr" or "rcbc". Other encryption modes MAY
be defined as to be used in SILC using the same format. The <len> is
Figure 6: Counter Block
.in 6
-o Truncated HASH from SKE (4 bytes) - This value is the 32 most
- significant bits from the HASH value that was computed as a
- result of SKE protocol. This acts as session identifier and
- each rekey MUST produce a new HASH value.
-
-o Sending/Receiving IV from SKE (8 bytes) - This value is the 64
- most significant bits from the Sending IV or Receiving IV
- generated in the SKE protocol. When this mode is used to
- encrypt sending traffic the Sending IV is used, when used to
- decrypt receiving traffic the Receiving IV is used. This
- assures that two parties of the protocol use different IV
- for sending traffic. Each rekey MUST produce a new value.
+o Truncated HASH from SKE (4 bytes) - This value is the first 4
+ bytes from the HASH value that was computed as a result of SKE
+ protocol. This acts as session identifier and each rekey MUST
+ produce a new HASH value.
+
+o Sending/Receiving IV from SKE (8 bytes) - This value is the
+ first 8 bytes from the Sending IV or Receiving IV generated in
+ the SKE protocol. When this mode is used to encrypt sending
+ traffic the Sending IV is used, when used to decrypt receiving
+ traffic the Receiving IV is used. This assures that two parties
+ of the protocol use different IV for sending traffic. Each rekey
+ MUST produce a new value.
o Block Counter (4 bytes) - This is the counter value for the
counter block and is MSB ordered number starting from one (1)
3.10.1.3 Randomized CBC Mode
The "rcbc" encryption mode is CBC mode with randomized IV. This means
-that each IV for each packet MUST be chosen randomly. In this mode the
-IV is appended at the end of the last ciphertext block and thus delivered
-to the recipient. This mode increases the ciphertext size by one
-ciphertext block. Note also that some data payloads in SILC are capable
-of delivering the IV to the recipient. When explicitly encrypting these
-payloads with randomized CBC the IV MUST NOT be appended at the end
-of the ciphertext.
+that each IV for each packet MUST be chosen randomly. When encrypting
+more than one block the normal inter-packet chaining is used, but for
+the first block new random IV is selected in each packet. In this mode
+the IV is appended at the end of the last ciphertext block and thus
+delivered to the recipient. This mode increases the ciphertext size by
+one ciphertext block. Note also that some data payloads in SILC are
+capable of delivering the IV to the recipient. When explicitly
+encrypting these payloads with randomized CBC the IV MUST NOT be appended
+at the end of the ciphertext. When encrypting these payloads with
+"cbc" mode they implicitly become randomized CBC since the IV is
+usually selected random and included in the ciphertext. In these
+cases using either CBC or randomized CBC is actually equivalent.
.ti 0
.in 3
+
.ti 0
3.10.4 MAC Algorithms
Additional MAC algorithms MAY be defined to be used in SILC.
-
-
.ti 0
3.10.5 Compression Algorithms
Additional compression algorithms MAY be defined to be used in SILC.
+
.ti 0
3.11 SILC Public Key
The software version MAY be freely set and accepted. The version string
MUST consist of printable US-ASCII characters.
-
Thus, the version strings could be, for example:
.in 6
is defined in [SILC2].
+
+
.ti 0
3.13.3 Discussion on Backup Router Scheme
One difference is that server MUST perform connection authentication
protocol with proper authentication. A proper authentication is based
-on passphrase or public key authentication.
+on passphrase authentication or public key authentication based on
+digital signatures.
After server and router has successfully performed the key exchange
and connection authentication protocol, the server register itself
ID Payloads into the SILC_PACKET_NEW_ID packet.
Also, clients' modes (user modes in SILC) MUST be announced. This is
-done by compiling a list of Notify Payloads with the
-SILC_NOTIFY_UMODE_CHANGE nofity type into the SILC_PACKET_NOTIFY packet.
-
-Also, channel's topics MUST be announced by compiling a list of Notify
-Payloads with the SILC_NOTIFY_TOPIC_SET notify type into the
-SILC_PACKET_NOTIFY packet.
+done by compiling a list of Notify Payloads with SILC_NOTIFY_UMODE_CHANGE
+notify type into the SILC_PACKET_NOTIFY packet. Also, channel's topics
+MUST be announced by compiling a list of Notify Payloads with the
+SILC_NOTIFY_TOPIC_SET notify type into the SILC_PACKET_NOTIFY packet.
The router which receives these lists MUST process them and broadcast
-the packets to its primary route.
-
-When processing the announced channels and channel users the router MUST
-check whether a channel exists already with the same name. If channel
-exists with the same name it MUST check whether the Channel ID is
-different. If the Channel ID is different the router MUST send the notify
-type SILC_NOTIFY_TYPE_CHANNEL_CHANGE to the server to force the channel ID
-change to the ID the router has. If the mode of the channel is different
-the router MUST send the notify type SILC_NOTIFY_TYPE_CMODE_CHANGE to the
-server to force the mode change to the mode that the router has.
+the packets to its primary route. When processing the announced channels
+and channel users the router MUST check whether a channel exists already
+with the same name. If channel exists with the same name it MUST check
+whether the Channel ID is different. If the Channel ID is different the
+router MUST send the notify type SILC_NOTIFY_TYPE_CHANNEL_CHANGE to the
+server to force the channel ID change to the ID the router has. If the
+mode of the channel is different the router MUST send the notify type
+SILC_NOTIFY_TYPE_CMODE_CHANGE to the server to force the mode change
+to the mode that the router has.
The router MUST also generate new channel key and distribute it to the
channel. The key MUST NOT be generated if the SILC_CMODE_PRIVKEY mode
.ti 0
4.5 Private Message Sending and Reception
-Private messages are sent point to point. Client explicitly destines
+Private messages are sent point to point. Client explicitly destine
a private message to specific client that is delivered to only to that
client. No other client may receive the private message. The receiver
of the private message is destined in the SILC Packet Header as any
from its own server.
+
.ti 0
4.10 Closing Connection
EMail: priikone@iki.fi
-This Internet-Draft expires XXX
+This Internet-Draft expires 25 April 2003