Added SILC Thread Queue API

[crypto.git] / doc / draft-riikonen-silc-ke-auth-04.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-04.nroff b/doc/draft-riikonen-silc-ke-auth-04.nroff
index 6e493f9f2a0008f2012851c8a30f5425a79a1751..da93c6235e3ce28aef1109c4e2e90fd9a8fbc520 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-04.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-04.nroff
@@ -8,16 +8,16 @@
 .ds RF FORMFEED[Page %]
 .ds CF
 .ds LH Internet-Draft
-.ds RH XXX
+.ds RH 13 November 2001
 .ds CH
 .na
 .hy 0
 .in 0
 .nf
-Network Working Group                                      P. Riikonen
+Network Working Group                                        P. Riikonen
 Internet-Draft
-draft-riikonen-silc-ke-auth-04.txt                      XXX
-Expires: XXX
+draft-riikonen-silc-ke-auth-04.txt                      13 November 2001
+Expires: 13 May 2002
 
 .in 3
 
@@ -87,13 +87,13 @@ Table of Contents
   2.5 Key Exchange Status Types ................................. 15
 3 SILC Connection Authentication Protocol ....................... 16
   3.1 Connection Auth Payload ................................... 18
-  3.2 Connection Authentication Types ........................... 18
+  3.2 Connection Authentication Types ........................... 19
       3.2.1 Passphrase Authentication ........................... 19
       3.2.2 Public Key Authentication ........................... 19
-  3.3 Connection Authentication Status Types .................... 19
+  3.3 Connection Authentication Status Types .................... 20
 4 Security Considerations ....................................... 20
 5 References .................................................... 20
-6 Author's Address .............................................. 21
+6 Author's Address .............................................. 22
 
 
 .ti 0
@@ -399,12 +399,17 @@ and the Mutual Authentication flag is not set then the initiator MUST
 NOT provide the signature data.  If the flag is set then the initiator
 MUST provide the signature data so that the responder can verify it.
 
-The Mutual Authentication flag is usually used only if a separate
+The Mutual Authentication flag is usually used when a separate 
 authentication protocol will not be executed for the initiator of the
 protocol.  This is case for example when the SKE is performed between
-two SILC clients.  In normal case, where client is connecting to the
-server, or server is connecting to the router the Mutual Authentication
-flag is not necessary.
+two SILC clients.  In normal case, where client is connecting to a
+server, or server is connecting to a router the Mutual Authentication
+flag may be omitted.  However, if the connection authentication protocol 
+for the connecting entity is not based on public key authentication (it
+is based on passphrase) then the Mutual Authentication flag SHOULD be 
+enabled.  This way the connecting entity has to provide proof of
+posession of the private key for the public key it will provide in
+SILC Key Exchange protocol.
 
 When performing re-key with PFS selected this is the only payload that
 is sent in the SKE protocol.  The Key Exchange Start Payload MUST NOT
@@ -520,8 +525,8 @@ Setup:  p is a large and public safe prime.  This is one of the
 
     1.  Initiator generates a random number x, where 1 < x < q, 
         and computes e = g ^ x mod p.  The result e is then 
-        encoded into Key Exchange Payload and sent to the
-        responder.
+        encoded into Key Exchange Payload, with the public key
+        (or certificate) and sent to the responder.
 
         If the Mutual Authentication flag is set then initiator
         MUST also produce signature data SIGN_i which the responder
@@ -534,7 +539,8 @@ Setup:  p is a large and public safe prime.  This is one of the
         and computes f = g ^ y mod p.  It then computes the
         shared secret KEY = e ^ y mod p, and, a hash value 
         HASH = hash(Key Exchange Start Payload data | public 
-        key (or certificate) | e | f | KEY).  It then signs
+        key (or certificate) | Initiator's public key (or
+        certificate) | e | f | KEY).  It then signs
         the HASH value with its private key resulting a signature
         SIGN.  
 
@@ -933,6 +939,8 @@ o Authentication Data (variable length) - The actual
 .in 3
 
 
+
+
 .ti 0
 3.2 Connection Authentication Types
 
@@ -957,6 +965,11 @@ sent to the sender and the protocol execution fails.
 This is REQUIRED authentication method to be supported by all SILC
 implementations.
 
+When password authentication is used it is RECOMMENDED that maximum
+amount of padding is applied to the SILC packet.  This way it is not
+possible to approximate the length of the password from the encrypted
+packet.
+
 
 .ti 0
 3.2.2 Public Key Authentication
@@ -976,14 +989,14 @@ which is then signed.
   auth_hash = hash(HASH | Key Exchange Start Payload);
   signature = sign(auth_hash);
 
-The hash() function used to compute the value is the hash function negotiated
-in the SKE protocol.  The server MUST verify the data, thus it must keep
-the HASH and the Key Exchange Start Payload saved during SKE and
-authentication protocols.
+The hash() function used to compute the value is the hash function
+negotiated in the SKE protocol.  The server MUST verify the data, thus
+it must keep the HASH and the Key Exchange Start Payload saved during
+SKE and authentication protocols.
 
 If the verified signature matches the sent signature, the authentication
-were successful and SILC_PACKET_SUCCESS is sent.  If it failed the protocol
-execution is stopped and SILC_PACKET_FAILURE is sent.
+were successful and SILC_PACKET_SUCCESS is sent.  If it failed the
+protocol execution is stopped and SILC_PACKET_FAILURE is sent.
 
 This is REQUIRED authentication method to be supported by all SILC
 implementations.
@@ -1098,4 +1111,4 @@ Finland
 
 EMail: priikone@silcnet.org
 
-This Internet-Draft expires XXX
+This Internet-Draft expires 13 May 2002