.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH XXX
+.ds RH 15 May 2002
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-commands-03.txt XXX
-Expires: XXX
+draft-riikonen-silc-commands-03.txt 15 May 2002
+Expires: 15 November 2002
.in 3
2 SILC Commands ................................................. 2
2.1 SILC Commands Syntax ...................................... 2
2.2 SILC Commands List ........................................ 4
- 2.3 SILC Command Status Types ................................. 33
- 2.3.1 SILC Command Status Payload ......................... 33
- 2.3.2 SILC Command Status List ............................ 33
-3 Security Considerations ....................................... 38
-4 References .................................................... 38
-5 Author's Address .............................................. 40
-Appendix A ...................................................... xx
+ 2.3 SILC Command Status Payload ............................... 40
+3 SILC Status Types ............................................. 41
+4 Security Considerations ....................................... 47
+5 References .................................................... 47
+6 Author's Address .............................................. 49
+Appendix A ...................................................... 49
.ti 0
Status messages:
SILC_STATUS_OK
- SILC_STATUS_ERR_TOO_MANY_TARGETS
SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
SILC_STATUS_ERR_NO_SUCH_NICK
Every command reply also defines set of status message that it
may return inside the <Status Payload>. All status messages
-are defined in the section 2.3 SILC Command Status Types.
+are defined in the section 2.3 SILC Command Status Payload
.in 3
Every command that has some kind of ID as argument (for example
The WHOIS request MUST be always sent to the router by server
so that all users are searched. However, the server still MUST
search its locally connected clients. The router MUST send
- this command to the server which owns the requested client. That
- server MUST reply to the command. Server MUST NOT send whois
- replies to the client until it has received the reply from its
- router.
+ this command to the server which owns the requested client, if
+ the router is unable to provide all mandatory information about
+ the client. That server MUST reply to the command. Server MUST
+ NOT send whois replies to the client until it has received the
+ reply from its router.
The <Requested Attributes> is defined in [ATTRS] and can be used
to request various information about the client. See Appendix A
- for definition of using these attaributes in SILC.
+ for definition of using these attributes in SILC.
Reply messages to the command:
- Max Arguments: 10
+ Max Arguments: 11
Arguments: (1) <Status Payload> (2) <Client ID>
(3) <nickname>[@<server>] (4) <username@host>
(5) <real name> (6) [<Channel Payload
(7) [<user mode>] (8) [<idle time>]
(9) [<fingerprint>] (10) <channel user
mode list>
+ (11) [<Attributes>]
This command may reply with several command reply messages to
include STATUS_LIST_START status in the first reply and
STATUS_LIST_END in the last reply to indicate the end of the
list. If there are only one reply the status is set to normal
- STATUS_OK.
+ STATUS_OK. If multiple Client IDs was requested then each found
+ and unfound client must cause successful or error reply,
+ respectively.
The command replies include the Client ID of the nickname,
nickname and server name, user name and host name and user's real
The server also returns client's user mode, idle time, and the
fingerprint of the client's public key. The <fingerprint> is the
binary hash digest of the public key. The fingerprint MUST NOT
- be sent if the server has not verified the proof of posession of
+ be sent if the server has not verified the proof of possession of
the corresponding private key. Server can do this during the
SILC Key Exchange protocol. The <fingerprint> is SHA1 digest.
+ The <Attributes> is the reply to the <Requested Attributes>.
+ See the Appendix A for more information.
+
Status messages:
SILC_STATUS_OK
a list of results. In this case the status payload will include
STATUS_LIST_START status in the first reply and STATUS_LIST_END in
the last reply to indicate the end of the list. If there are only
- one reply the status is set to normal STATUS_OK.
+ one reply the status is set to normal STATUS_OK. If multiple Client
+ IDs was requested then each found and unfound client must cause
+ successful or error reply, respectively.
When querying clients the <entity's name> must include the client's
nickname in the following format: nickname[@server]. The
Set/change nickname. This command is used to set nickname for
user. Nickname MUST NOT include any spaces (` '), non-printable
- characters, commas (`,') and any wildcard characters. Note that
- nicknames in SILC are case-sensitive which must be taken into
- account when searching clients by nickname.
+ characters, commas (`,') and any wildcard characters.
When nickname is changed new Client ID is generated. Server MUST
distribute SILC_NOTIFY_TYPE_NICK_CHANGE to local clients on the
Reply messages to the command:
- Max Arguments: 2
+ Max Arguments: 3
Arguments: (1) <Status Payload> (2) <New ID Payload>
+ (3) <nickname>
This command is replied always with New ID Payload that is
generated by the server every time user changes their nickname.
Client receiving this payload MUST start using the received
Client ID as its current valid Client ID. The New ID Payload
- is described in [SILC2].
+ is described in [SILC2]. The <nickname> is the user's new
+ nickname.
Status messages:
SILC_STATUS_ERR_NOT_ON_CHANNEL
SILC_STATUS_ERR_USER_ON_CHANNEL
SILC_STATUS_ERR_NO_CHANNEL_PRIV
+ SILC_STATUS_ERR_RESOURCE_LIMIT
8 SILC_COMMAND_QUIT
privileges the same way as the client had given the
SILC_COMMAND_CUMODE command to gain founder privileges. The
client is still able to join the channel even if the founder
- privileges could not be gained.
+ privileges could not be gained. The hash function used with
+ the <founder payload> MUST be sha1.
The server MUST check whether the user is allowed to join to
the requested channel. Various modes set to the channel affect
0x00000100 SILC_UMODE_ANONYMOUS
Marks that the client is anonymous client. Server
- that specificly is designed for anonymous services
+ that specifically is designed for anonymous services
can set and unset this mode. Client MUST NOT set or
unset this mode itself. A client with this mode set
would have the username and the hostname information
Message Key flag is set in the SILC packet header.
If this mode is set server MUST NOT deliver private
messages to the client without the Private Message
- Key flag being set.
+ Key flag being set. The Private Message Key flag set
+ indicates that the private message is protected with
+ a key shared between the sender and the recipient.
A separate service could provide additional filtering
features for accepting private messages from certain
This flag MUST NOT be used to determine whether a packet
can be sent to the client or not. Only the server that
had the original client connection can make the decision
- by noticising that the network connection is not active.
+ by knowing that the network connection is not active.
In this case the default case is to discard the packet.
+
+ 0x00000800 SILC_UMODE_REJECT_WATCHING
+
+ Marks that the client rejects that it could be watched
+ by someone else. If this mode is set notifications about
+ this client is not send, even if someone is watching the
+ same nickname this client has. Client MAY set and unset
+ this mode. Any changes for this client MUST NOT be
+ notified to any watcher when this mode is set.
+
+ A separate service could provide additional filtering
+ features for rejecting and accepting the watching from
+ certain users. However, this document does not specify
+ such service.
+
+
+ 0x00001000 SILC_UMODE_BLOCK_INVITE
+
+ Marks that the client wishes to block incoming invite
+ notifications. Client MAY set and unset this mode.
+ When set server does not deliver invite notifications
+ to the client. Note that this mode may make it harder
+ to join invite-only channels.
+
If the <client mode mask> was not provided this command merely
returns the mode mask to the client.
of a channel. Modes may be masked together by ORing them thus
having several modes set. The <Channel ID> is the ID of the
target channel. The client changing channel mode MUST be on
- the same channel and poses sufficient privileges to be able to
+ the same channel and posses sufficient privileges to be able to
change the mode.
When the mode is changed SILC_NOTIFY_TYPE_CMODE_CHANGE notify
Channel founder may set this mode to be able to regain
channel founder rights even if the client leaves the
channel. The <auth payload> is the Authentication Payload
- consisting of the authentication method and authentication
- data to be used in the authentication. The server MUST
- NOT accept NONE authentication method. Also, if the
- method is public key authentication the server MUST NOT
- save the authentication data from the payload as the
- data is different on all authentications. In this case the
- server only saves the authentication method. However,
- server MUST verify the sent authentication payload and
- set the mode only if the verification was successful.
-
- Note that this mode is effective only in the current server.
- The client MUST connect to the same server later to be able
- to regain the channel founder rights. The server MUST save
- the public key of the channel founder and use that to identify
- the client which is claiming the channel founder rights.
- The rights may be claimed by the SILC_CUMODE_FOUNDER
- channel user mode using SILC_COMMAND_CUMODE command. The
- set authentication data remains valid as long as the channel
- exists or until the founder unsets this mode.
+ consisting of the public key authentication method and the
+ authentication data for that method. The passphrase
+ method cannot be used with this mode. The server MUST NOT
+ accept NONE authentication method. The server does not
+ save <auth payload> but MUST verify it. The public key
+ used to verify the payload is the public key of the
+ client sending this command. The mode may be set only
+ if the <auth payload> was verified successfully. The
+ server also MUST save the founder's public key. The
+ hash function used with the <auth payload> MUST be sha1.
+
+ The public key of the founder is sent in the
+ SILC_NOTIFY_TYPE_CMODE_CHANGE notify type so that other
+ routers and servers in the network may save the public key.
+ This way the founder can reclaim the founder rights back
+ to the channel from any server in the network. The founder
+ rights can be regained by the SILC_CUMODE_FOUNDER channel
+ user mode, or during joining procedure with the command
+ SILC_COMMAND_JOIN.
+
+ When this channel mode is set the channel also becomes
+ permanent. If all clients leave the channel while this
+ mode is set the channel MUST NOT be destroyed. The founder
+ can reclaim the founder mode back on these empty channels
+ at any time. Implementations MAY limit the number of how
+ many channels a user can own.
Typical implementation would use [+|-]f on user interface
to set/unset this mode.
The <Channel ID> is the ID of the target channel. The <mode mask>
is OR'ed mask of modes. The <Client ID> is the target client.
The client changing channel user modes MUST be on the same channel
- as the target client and poses sufficient privileges to be able to
+ as the target client and posses sufficient privileges to be able to
change the mode.
When the mode is changed SILC_NOTIFY_TYPE_CUMODE_CHANGE notify
been set, the client can claim channel founder privileges
by providing the <auth payload> that the server will use
to authenticate the client. The public key that server will
- use to verify the <auth payload> must the same public key
+ use to verify the <auth payload> MUST the same public key
that was saved when the SILC_CMODE_FOUNDER_AUTH channel
mode was set. The client MAY remove this mode at any time.
service.
+ 0x00000008 SILC_CUMODE_BLOCK_MESSAGES_USERS
+
+ Marks that the client wishes not to receive any channel
+ messages sent from normal users. Only messages sent by
+ channel founder or channel operator is accepted. Client
+ MAY set and unset this mode to itself. Client MUST NOT
+ set it to anyone else. When this mode is set server MUST
+ NOT deliver channel messages that are sent by normal users
+ to this client.
+
+ A separate service could provide additional filtering
+ features for accepting channel messages from certain
+ sender. However, this document does not specify such
+ service.
+
+
+ 0x00000010 SILC_CUMODE_BLOCK_MESSAGES_ROBOTS
+
+ Marks that the client wishes not to receive any channel
+ messages sent from robots. Messages sent by users with
+ the SILC_UMODE_ROBOT user mode set are not delivered.
+ Client MAY set and unset this mode to itself. Client MUST
+ NOT set it to anyone else. When this mode is set server
+ MUST NOT deliver channel messages that are sent by robots
+ to this client.
+
+
+ 0x00000020 SILC_CUMODE_QUIET
+
+ Marks that the client cannot talk on the channel. This
+ mode can be set by channel operator or channel founder to
+ some other user that is not operator or founder. The
+ target client MUST NOT unset this mode. When this mode
+ is set the server MUST drop messages sent by this client
+ to the channel.
+
+
Reply messages to the command:
Max Arguments: 4
SILC_STATUS_ERR_NO_CLIENT_ID
+
+
20 SILC_COMMAND_BAN
Max Arguments: 3
SILC_STATUS_ERR_NO_CHANNEL_ID
SILC_STATUS_ERR_NOT_ON_CHANNEL
SILC_STATUS_ERR_NO_CHANNEL_PRIV
+ SILC_STATUS_ERR_RESOURCE_LIMIT
- 21 <deprecated command>
- 22 <deprecated command>
+ 21 SILC_COMMAND_DETACH
+
+ Max Arguments: 0
+ Arguments:
+
+ This command is used to detach from the network. Client can
+ send this command to its server to indicate that it will be
+ detached. By detaching the client remains in the network but
+ the actual network connection to the server is closed. The
+ client may then later resume the old session back.
+
+ When this command is received the server MUST check that the
+ client is locally connected client, and set the user mode
+ SILC_UMODE_DETACHED flag. The SILC_NOTIFY_TYPE_UMODE_CHANGE
+ MUST be also sent to routers. The server then sends command
+ reply to this command and closes the network connection.
+ The server MUST NOT remove the client from its lists, or send
+ any signoff notifications for this client. See the [SILC1]
+ for detailed information about detaching.
+
+ Reply messages to the command:
+
+ Max Arguments: 1
+ Arguments: (1) <Status Payload>
+
+ This command replies only with the status indication.
+
+ Status messages:
+
+ SILC_STATUS_OK
+ SILC_STATUS_ERR_NOT_REGISTERED
+
+
+ 22 SILC_COMMAND_WATCH
+
+ Max Arguments: 3
+ Arguments: (1) <Client ID> (2) [<add nickname>]
+ (3) [<del nickname>]
+
+ This command is used to set up a watch for <add nickname>
+ nickname. When a user in the network appears with the
+ nickname, or signoffs the network or user's mode is changed
+ the client which set up the watch will be notified about
+ this change. This can be used to watch for certain nicknames
+ in the network and receive notifications when for example a
+ friend appears in the network or leaves the network.
+
+ The <del nickname> is a nickname that has been previously
+ added to watch list and is now removed from it. Notifications
+ for that nickname will not be delivered anymore.
+
+ The <Client ID> is the Client ID of the sender of this command.
+
+ The nickname set to watch MUST NOT include any wildcards.
+ Note also that a nickname may match several users since
+ nicknames are not unique. Implementations MAY set limits
+ for how many nicknames client can watch.
+
+ When normal server receives this command from client it
+ MUST send it to its router. Router will process the command
+ and actually keeps the watch list.
+
+ Reply messages to the command:
+
+ Max Arguments: 1
+ Arguments: (1) <Status Payload>
+
+ This command replies only with the status indication.
+
+ Status messages:
+
+ SILC_STATUS_OK
+ SILC_STATUS_ERR_NOT_REGISTERED
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
+ SILC_STATUS_ERR_TOO_MANY_PARAMS
+ SILC_STATUS_ERR_BAD_NICKNAME
+ SILC_STATUS_ERR_WILDCARDS
+ SILC_STATUS_ERR_RESOURCE_LIMIT
+ SILC_STATUS_ERR_NO_SUCH_NICK
+ SILC_STATUS_ERR_NICKNAME_IN_USE
23 SILC_COMMAND_SILCOPER
channel; either the argument <Channel ID> or the <channel name>.
One of these arguments must be present. The server MUST resolve
the joined clients and reply with a lists of users on the channel
- and with list of user modes on the channel.
+ and with list of user modes on the channel.
If the requested channel is a private or secret channel, this
command MUST NOT send the list of users, but error is returned
SILC_STATUS_ERR_NO_SUCH_SERVER_ID
- 27 - 199
+ 27 SILC_COMMAND_SERVICE
+
+ Max Arguments: 256
+ Arguments: (1) [<service name>] (2) [<auth payload>]
+ (n) [...]
+
+ This command is used to negotiate a service agreement with a
+ remote server. If this command is given without arguments it
+ MAY return the service list, if it is publicly available. The
+ <service name> is a service specific identifier, and the
+ <auth payload> MAY be used to authenticate the requester to the
+ remote service. The authentication to a service may be based
+ on previous agreement with the requester and the service
+ provider. The command MAY also take additional service
+ specific arguments.
+
+ This document does not specify any services. How the services
+ are configured and put available in a server is also out of
+ scope of this document.
+
+ This command MAY be used by client to start using some service
+ in a server, but it also MAY be used by server to negotiate
+ to start using a service in some other server or router.
+
+ After the negotiation is done both of the parties need to know
+ from the service identifier how the service can be used. The
+ service can be considered to be a protocol which both of the
+ parties need to support.
+
+ Reply messages to the command:
+
+ Max Arguments: 256
+ Arguments: (1) <Status Payload> (2) [<service list>]
+ (3) [<service name>] (n) [...]
+
+
+ This command MAY reply with the <service list> when command is
+ given without arguments, and the list is a comma separated list
+ of service identifiers. The <service name> is the service that
+ the sender requested and this is provided when the server has
+ accepted the sender to use the <service name>. The command
+ reply MAY also have additional service specific arguments.
+
+ Status messages:
+
+ SILC_STATUS_OK
+ SILC_STATUS_ERR_NOT_REGISTERED
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
+ SILC_STATUS_ERR_TOO_MANY_PARAMS
+ SILC_STATUS_ERR_NO_SUCH_SERVICE
+ SILC_STATUS_ERR_AUTH_FAILED
+ SILC_STATUS_ERR_PERM_DENIED
+
+
+
+
+ 28 - 199
Currently undefined commands.
.in 3
-.ti 0
-2.3 SILC Command Status Types
-
.ti 0
2.3.1 SILC Command Status Payload
Command Status Payload is sent in command reply messages to indicate
the status of the command. The payload is one of argument in the
command thus this is the data area in Command Argument Payload described
-in [SILC2]. The payload is only 2 bytes of length. The following diagram
-represents the Command Status Payload (field is always in MSB order).
+in [SILC2]. The payload is only 2 bytes of length. The following
+diagram represents the Command Status Payload (field is always in
+MSB first order).
.in 21
replies at the same time, however in this case the
list of error replies MUST be sent after the successful
replies. This way the recipient may ignore the multiple
-errors if it wishes to do so.
+errors if it wishes to do so. Also note that in this
+case the successful and error replies belong to the
+same list.
All Status messages are described in the next section.
.ti 0
-2.3.2 SILC Command Status List
+2.3.2 SILC Status Types
+
+Status messages are returned in SILC protocol in command reply
+packet and in notify packet. The SILC_PACKET_COMMAND_REPLY is
+the command reply packet and status types are sent inside the
+Status Payload as one of command reply argument, as defined in
+previous sections. For SILC_PACKET_NOTIFY packet they can be sent
+as defined in [SILC2] for SILC_NOTIFY_TYPE_ERROR type. The same
+types defined in this section are used in both cases.
-Command Status messages are returned in the command reply messages
-to indicate whether the command were executed without errors. If error
-has occurred the status indicates which error occurred. Status payload
-only sends numeric reply about the status. Receiver of the payload must
-convert the numeric values into human readable error messages. The
-list of status messages below has an example human readable error
-messages that client may display for the user.
+When returning status messages in the command reply message they
+indicate whether the command was executed without errors. If error
+occurred the status indicates which error occurred.
-List of all defined command status messages following.
+When sending status messages in SILC_NOTIFY_TYPE_ERROR notify type
+they always send some error status. Usually they are sent to
+indicate that error occurred while processing some SILC packet.
+Please see the [SILC1] and [SILC2] for more information sending
+status types in SILC_NOTIFY_TYPE_ERROR notify.
+
+The Status Types are only numeric values and the receiver must
+convert the numeric values into human readable messages if this
+is desired in the application.
+
+List of all defined status types:
.in 0
Generic status messages:
"No such server". Requested server name does not exist.
- 13 SILC_STATUS_ERR_TOO_MANY_TARGETS
+ 13 SILC_STATUS_ERR_INCOMPLETE_INFORMATION
- "Duplicate recipients. No message delivered". Message were
- tried to be sent to recipient which has several occurrences in
- the recipient list.
+ "Incomplete registration information". Information remote
+ sent was incomplete.
14 SILC_STATUS_ERR_NO_RECIPIENT
22 SILC_STATUS_ERR_NO_SUCH_CLIENT_ID
"No such Client ID". Client ID provided does not exist.
+ The unknown Client ID MUST be provided as next argument
+ in the reply.
23 SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID
"No such Channel ID". Channel ID provided does not exist.
+ The unknown Channel ID MUST be provided as next argument
+ in the reply.
24 SILC_STATUS_ERR_NICKNAME_IN_USE
47 SILC_STATUS_ERR_NO_SUCH_SERVER_ID
"No such Server ID". Server ID provided does not exist.
+ The unknown Server ID MUST be provided as next argument
+ in the reply.
+
+ 48 SILC_STATUS_ERR_RESOURCE_LIMIT
+
+ "No more resources available". This can mean that server cannot
+ or will not accept something due to resource limitations.
+
+ 49 SILC_STATUS_ERR_NO_SUCH_SERVICE
+
+ "Service does not exist". Requested service identifier is
+ unknown.
+
+ 50 SILC_STATUS_ERR_NOT_AUTHENTICATED
+
+ "You have not been authenticated". Remote connection is not
+ authenticated even though it is supposed to be.
+
+ 51 SILC_STATUS_ERR_BAD_SERVER_ID
+
+ "Server ID is not valid". Provided server ID is not valid.
+
+ 52 SILC_STATUS_ERR_KEY_EXCHANGE_FAILED
+
+ "Key exchange failed". Key Exchange protocol failed.
+
+ 53 SILC_STATUS_ERR_BAD_VERSION
+
+ "Bad version". Protocol or software version mismatch.
.in 3
4 References
[SILC1] Riikonen, P., "Secure Internet Live Conferencing (SILC),
- Protocol Specification", Internet Draft, April 2001.
+ Protocol Specification", Internet Draft, May 2002.
[SILC2] Riikonen, P., "SILC Packet Protocol", Internet Draft,
- April 2001.
+ May 2002.
[SILC3] Riikonen, P., "SILC Key Exchange and Authentication
- Protocols", Internet Draft, April 2001.
+ Protocols", Internet Draft, May 2002.
[IRC] Oikarinen, J., and Reed D., "Internet Relay Chat Protocol",
RFC 1459, May 1993.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998.
-
-
+[ATTRS] Riikonen, P., "User Online Presence and Information
+ Attributes", Internet Draft, May 2002.
.ti 0
.nf
Pekka Riikonen
-Snellmanninkatu 34 A 15
+Snellmaninkatu 34 A 15
70100 Kuopio
Finland
EMail: priikone@iki.fi
+This Internet-Draft expires 15 November 2002
+
.ti 0
Appendix A
command to the client, and it requires capability for handling the WHOIS
command in the client end.
-
-
-
-This Internet-Draft expires XXX
-
+The <Requested Attributes> MAY include several attributes that are
+requested. The format and encoding of the <Requested Attributes> is as
+defined in [ATTRS]. When <Requested Attributes> argument is set the
+server MAY process the attributes to see whether it can narrow down
+the WHOIS search, for example when searching with a nickname. The
+normal servers MUST process the WHOIS command as normal WHOIS command,
+that is to send the command directly to the router. The router MAY
+process the attributes, but it MUST send the command to the server
+that owns the requested client.
+
+The server that owns the client and receives the command MUST check
+whether the client is detached from the network. If it is detached,
+that is the user mode has the SILC_UMODE_DETACHED mode set, it SHOULD
+process the attributes and provide as many of the requested attributes
+as possible and then send reply back to the sender. If the client is
+active in the network it MUST send the command to the client for
+processing.
+
+The client receiving WHOIS command SHOULD check whether the
+<Requested Attributes> argument is set. If it is not set then the
+WHOIS command SHOULD be discarded. The client processes the requested
+attributes and SHOULD reply to each of the requested attribute with
+either valid value, or with an indication that the requested attribute
+is not known or supported. This is to be done as defined in [ATTRS].
+The client always MUST send a reply to the command when some attributes
+were requested. The client MAY also add additional attributes to the
+reply even if they were not requested. The client MAY also digitally
+sign the attributes with ATTRIBUTE_USER_DIGITAL_SIGNATURE as defined
+in [ATTRS]. Then the client sends the reply back to the sender of
+the command. The command reply that client assembles does not need
+to include any other argument but the <Status Payload> (1), and the
+<Attributes> (11). The server receiving reply from client MUST allow
+this sort of command reply for WHOIS command.
+
+The information received from the client MAY be cached in the
+server's end. The caching may be desired for example if the client
+can be detached from the network. This way the server is then able
+to provide at least partial information for a requester. The
+server MAY also process the command reply and verify whether the
+attributes provided in the reply are actually valid. If it can do
+this, and verify that they indeed are valid values it MAY append
+a digital signature at the end of the attributes with the
+ATTRIBUTE_SERVER_DIGITAL_SIGNATURE as defined in [ATTRS]. The
+server then MUST provide valid WHOIS command reply to the sender
+of the command. Other servers and routers that receive the command
+reply en route to the original sender MAY also cache the information.
+
+The client which receives the command reply to the WHOIS command
+SHOULD verify the ATTRIBUTE_USER_DIGITAL_SIGNATURE and the
+ATTRIBUTE_SERVER_DIGITAL_SIGNATURE if they are provided.
projects / crypto.git / blobdiff