.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH XXX
+.ds RH 26 November 2002
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-spec-06.txt XXX
-Expires: XXX
+draft-riikonen-silc-spec-06.txt 26 November 2002
+Expires: 26 April 2003
.in 3
1.1 Requirements Terminology .................................. 4
2 SILC Concepts ................................................. 4
2.1 SILC Network Topology ..................................... 4
- 2.2 Communication Inside a Cell ............................... 5
+ 2.2 Communication Inside a Cell ............................... 6
2.3 Communication in the Network .............................. 6
2.4 Channel Communication ..................................... 7
- 2.5 Router Connections ........................................ 7
+ 2.5 Router Connections ........................................ 8
3 SILC Specification ............................................ 8
- 3.1 Client .................................................... 8
+ 3.1 Client .................................................... 9
3.1.1 Client ID ........................................... 9
3.2 Server .................................................... 10
3.2.1 Server's Local ID List .............................. 10
3.9.1 Authentication Payload .............................. 21
3.10 Algorithms ............................................... 23
3.10.1 Ciphers ............................................ 23
- 3.10.1.1 CBC Mode .................................. XXX
- 3.10.1.2 CTR Mode .................................. XXX
- 3.10.1.3 Randomized CBC Mode ....................... XXX
- 3.10.2 Public Key Algorithms .............................. 24
- 3.10.3 Hash Functions ..................................... 24
- 3.10.4 MAC Algorithms ..................................... 25
- 3.10.5 Compression Algorithms ............................. 25
- 3.11 SILC Public Key .......................................... 26
- 3.12 SILC Version Detection ................................... 28
- 3.13 Backup Routers ........................................... 28
- 3.13.1 Switching to Backup Router ......................... 30
- 3.13.2 Resuming Primary Router ............................ 31
- 3.13.3 Discussion on Backup Router Scheme ................. 33
-4 SILC Procedures ............................................... 34
- 4.1 Creating Client Connection ................................ 34
- 4.2 Creating Server Connection ................................ 35
- 4.2.1 Announcing Clients, Channels and Servers ............ 36
- 4.3 Joining to a Channel ...................................... 37
- 4.4 Channel Key Generation .................................... 38
- 4.5 Private Message Sending and Reception ..................... 39
- 4.6 Private Message Key Generation ............................ 39
- 4.7 Channel Message Sending and Reception ..................... 40
- 4.8 Session Key Regeneration .................................. 40
- 4.9 Command Sending and Reception ............................. 41
- 4.10 Closing Connection ....................................... 42
- 4.11 Detaching and Resuming a Session ......................... 42
-5 Security Considerations ....................................... 44
-6 References .................................................... 45
-7 Author's Address .............................................. 47
-
+ 3.10.1.1 CBC Mode .................................. 24
+ 3.10.1.2 CTR Mode .................................. 24
+ 3.10.1.3 Randomized CBC Mode ....................... 25
+ 3.10.2 Public Key Algorithms .............................. 26
+ 3.10.3 Hash Functions ..................................... 26
+ 3.10.4 MAC Algorithms ..................................... 27
+ 3.10.5 Compression Algorithms ............................. 27
+ 3.11 SILC Public Key .......................................... 28
+ 3.12 SILC Version Detection ................................... 30
+ 3.13 Backup Routers ........................................... 31
+ 3.13.1 Switching to Backup Router ......................... 32
+ 3.13.2 Resuming Primary Router ............................ 33
+ 3.13.3 Discussion on Backup Router Scheme ................. 36
+4 SILC Procedures ............................................... 36
+ 4.1 Creating Client Connection ................................ 36
+ 4.2 Creating Server Connection ................................ 38
+ 4.2.1 Announcing Clients, Channels and Servers ............ 38
+ 4.3 Joining to a Channel ...................................... 39
+ 4.4 Channel Key Generation .................................... 41
+ 4.5 Private Message Sending and Reception ..................... 41
+ 4.6 Private Message Key Generation ............................ 42
+ 4.7 Channel Message Sending and Reception ..................... 43
+ 4.8 Session Key Regeneration .................................. 43
+ 4.9 Command Sending and Reception ............................. 44
+ 4.10 Closing Connection ....................................... 45
+ 4.11 Detaching and Resuming a Session ......................... 45
+5 Security Considerations ....................................... 47
+6 References .................................................... 48
+7 Author's Address .............................................. 49
.ti 0
.ti 0
2.1 SILC Network Topology
-SILC network is a cellular network as opposed to tree style network
-topology. The rationale for this is to have servers that can perform
-specific kind of tasks what other servers cannot perform. This leads
-to two kinds of servers; normal SILC servers and SILC routers.
+SILC network forms a ring as opposed to tree style network topology that
+conferencing protocols usually have. The network has a cells which are
+constructed from router and zero or more servers. The servers are
+connected to the router in a star like network topology. Routers in the
+network are connected to each other forming a ring. The rationale for
+this is to have servers that can perform specific kind of tasks what
+other servers cannot perform. This leads to two kinds of servers; normal
+SILC servers and SILC routers.
A difference between normal server and router server is that routers
knows everything about everything in the network. They also do the
This makes the network faster as there are less servers that needs to
keep global information up to date at all time.
-This, on the other hand, leads to cellular like network, where routers
-are in the center of the cell and servers are connected to the router.
-
+This, on the other hand, leads to kind of a cellular like network, where
+routers are in the center of the cell and servers are connected to the
+router.
The following diagram represents SILC network topology.
-
-
.in 16
.nf
1 --- S1 S4 --- 5 S2 --- 1
local clients on the channel.
+
.ti 0
2.5 Router Connections
is used in the communication in the SILC network. The client ID is
based on the nickname selected by the user. User uses logical nicknames
in communication which are then mapped to the corresponding Client ID.
-Client ID's are low level identifications and must not be seen by the
+Client ID's are low level identifications and should not be seen by the
end user.
Clients provide other information about the end user as well. Information
the requirements of keeping this information.
The nickname selected by the user is not unique in the SILC network.
-There can be 2^8 same nicknames for one IP address. As for comparison
-to IRC [IRC] where nicknames are unique this is a fundamental difference
-between SILC and IRC. This causes the server names or client's host names
-to be used along with the nicknames to identify specific users when sending
-messages. This feature of SILC makes IRC style nickname-wars obsolete as
-no one owns their nickname; there can always be someone else with the same
-nickname. The maximum length of nickname is 128 bytes.
+There can be 2^8 same nicknames for one IP address. As for comparison to
+IRC [IRC] where nicknames are unique this is a fundamental difference
+between SILC and IRC. This typically causes the server names or client's
+host names to be used along with the nicknames on user interface to
+identify specific users when sending messages. This feature of SILC
+makes IRC style nickname-wars obsolete as no one owns their nickname;
+there can always be someone else with the same nickname. The maximum
+length of nickname is 128 bytes.
.ti 0
ID's. Collisions are not expected to happen. The Client ID is defined
as follows.
-
-
.in 6
128 bit Client ID based on IPv4 addresses:
Normal server also keeps information about locally created channels and
their Channel ID's.
-
Hence, local list for normal server includes:
.in 6
name since these are not needed by the router. The router keeps only
information that it needs.
-
Hence, local list for router includes:
.in 6
client list - All clients in the cell
o Client ID
-
channel list - All channels in the cell
o Channel ID
o Client ID's on channel
packet. The original sender, for example client, assembles the packet
and the packet header and server or router between the sender and the
receiver MUST NOT change the packet header. Note however, that some
-packets such as commands may resent by a server to serve the client's
-original command. In this case the command packet send by the server
+packets such as commands may be resent by a server to serve the client's
+original command. In this case the command packet sent by the server
includes the server's IDs.
Note that the packet and the packet header may be encrypted with
o Client 2. decrypts the packet with the secret shared key.
-
If clients share secret key with each other the private message
delivery is much simpler since servers and routers between the
clients do not need to decrypt and re-encrypt the packet.
o Server determines local clients on the channel and sends the
packet to the client.
-o All clients receiving the packet decrypts the packet.
+o All clients receiving the packet decrypts it.
.ti 0
Authentication is done after key exchange protocol has been successfully
completed. The purpose of authentication is to authenticate for example
-client connecting to the server. However, usually clients are accepted
+client connecting to the server. However, clients may be accepted
to connect to server without explicit authentication. Servers are
-required use authentication protocol when connecting. The authentication
-may be based on passphrase (pre-shared-secret) or public key. All
-passphrases sent in SILC protocol MUST be UTF-8 [RFC2279] encoded.
-The connection authentication protocol is described in detail in [SILC3].
+required to use authentication protocol when connecting. The
+authentication may be based on passphrase (pre-shared-secret) or public
+key based on digital signatures. All passphrases sent in SILC protocol
+MUST be UTF-8 [RFC2279] encoded. The connection authentication protocol
+is described in detail in [SILC3].
.ti 0
The format of the Authentication Payload is as follows:
-
.in 5
.nf
1 2 3
The following ciphers are defined in SILC protocol:
-.in 6
aes-256-cbc AES in CBC mode, 256 bit key (REQUIRED)
aes-256-ctr AES in CTR mode, 256 bit key (RECOMMENDED)
aes-256-rcbc AES in randomized CBC mode, 256 bit key (OPTIONAL)
rc6-<len>-<mode> RC6 in <mode> mode, <len> bit key (OPTIONAL)
mars-<len>-<mode> MARS in <mode> mode, <len> bit key (OPTIONAL)
none No encryption (OPTIONAL)
-.in 3
-
The <mode> is either "cbc", "ctr" or "rcbc". Other encryption modes MAY
be defined as to be used in SILC using the same format. The <len> is
Figure 6: Counter Block
.in 6
-o Truncated HASH from SKE (4 bytes) - This value is the 32 most
- significant bits from the HASH value that was computed as a
- result of SKE protocol. This acts as session identifier and
- each rekey MUST produce a new HASH value.
-
-o Sending/Receiving IV from SKE (8 bytes) - This value is the 64
- most significant bits from the Sending IV or Receiving IV
- generated in the SKE protocol. When this mode is used to
- encrypt sending traffic the Sending IV is used, when used to
- decrypt receiving traffic the Receiving IV is used. This
- assures that two parties of the protocol use different IV
- for sending traffic. Each rekey MUST produce a new value.
+o Truncated HASH from SKE (4 bytes) - This value is the first 4
+ bytes from the HASH value that was computed as a result of SKE
+ protocol. This acts as session identifier and each rekey MUST
+ produce a new HASH value.
+
+o Sending/Receiving IV from SKE (8 bytes) - This value is the
+ first 8 bytes from the Sending IV or Receiving IV generated in
+ the SKE protocol. When this mode is used to encrypt sending
+ traffic the Sending IV is used, when used to decrypt receiving
+ traffic the Receiving IV is used. This assures that two parties
+ of the protocol use different IV for sending traffic. Each rekey
+ MUST produce a new value.
o Block Counter (4 bytes) - This is the counter value for the
counter block and is MSB ordered number starting from one (1)
3.10.1.3 Randomized CBC Mode
The "rcbc" encryption mode is CBC mode with randomized IV. This means
-that each IV for each packet MUST be chosen randomly. In this mode the
-IV is appended at the end of the last ciphertext block and thus delivered
-to the recipient. This mode increases the ciphertext size by one
-ciphertext block. Note also that some data payloads in SILC are capable
-of delivering the IV to the recipient. When explicitly encrypting these
-payloads with randomized CBC the IV MUST NOT be appended at the end
-of the ciphertext.
+that each IV for each packet MUST be chosen randomly. When encrypting
+more than one block the normal inter-packet chaining is used, but for
+the first block new random IV is selected in each packet. In this mode
+the IV is appended at the end of the last ciphertext block and thus
+delivered to the recipient. This mode increases the ciphertext size by
+one ciphertext block. Note also that some data payloads in SILC are
+capable of delivering the IV to the recipient. When explicitly
+encrypting these payloads with randomized CBC the IV MUST NOT be appended
+at the end of the ciphertext. When encrypting these payloads with
+"cbc" mode they implicitly become randomized CBC since the IV is
+usually selected random and included in the ciphertext. In these
+cases using either CBC or randomized CBC is actually equivalent.
.ti 0
.in 3
+
.ti 0
3.10.4 MAC Algorithms
Additional MAC algorithms MAY be defined to be used in SILC.
-
-
.ti 0
3.10.5 Compression Algorithms
Additional compression algorithms MAY be defined to be used in SILC.
+
.ti 0
3.11 SILC Public Key
software version = <major>[.<minor>[.<build or vendor string>]]
.in 3
-Protocol version MAY provide both major and minor version. Currently
+Protocol version MUST provide both major and minor version. Currently
implementations MUST set the protocol version and accept at least the
protocol version as SILC-1.2-<software version>. If new protocol version
causes incompatibilities with older version the <minor> version number
The software version MAY be freely set and accepted. The version string
MUST consist of printable US-ASCII characters.
-
Thus, the version strings could be, for example:
.in 6
is defined in [SILC2].
+
+
.ti 0
3.13.3 Discussion on Backup Router Scheme
One difference is that server MUST perform connection authentication
protocol with proper authentication. A proper authentication is based
-on passphrase or public key authentication.
+on passphrase authentication or public key authentication based on
+digital signatures.
After server and router has successfully performed the key exchange
and connection authentication protocol, the server register itself
ID Payloads into the SILC_PACKET_NEW_ID packet.
Also, clients' modes (user modes in SILC) MUST be announced. This is
-done by compiling a list of Notify Payloads with the
-SILC_NOTIFY_UMODE_CHANGE nofity type into the SILC_PACKET_NOTIFY packet.
-
-Also, channel's topics MUST be announced by compiling a list of Notify
-Payloads with the SILC_NOTIFY_TOPIC_SET notify type into the
-SILC_PACKET_NOTIFY packet.
+done by compiling a list of Notify Payloads with SILC_NOTIFY_UMODE_CHANGE
+notify type into the SILC_PACKET_NOTIFY packet. Also, channel's topics
+MUST be announced by compiling a list of Notify Payloads with the
+SILC_NOTIFY_TOPIC_SET notify type into the SILC_PACKET_NOTIFY packet.
The router which receives these lists MUST process them and broadcast
-the packets to its primary route.
-
-When processing the announced channels and channel users the router MUST
-check whether a channel exists already with the same name. If channel
-exists with the same name it MUST check whether the Channel ID is
-different. If the Channel ID is different the router MUST send the notify
-type SILC_NOTIFY_TYPE_CHANNEL_CHANGE to the server to force the channel ID
-change to the ID the router has. If the mode of the channel is different
-the router MUST send the notify type SILC_NOTIFY_TYPE_CMODE_CHANGE to the
-server to force the mode change to the mode that the router has.
+the packets to its primary route. When processing the announced channels
+and channel users the router MUST check whether a channel exists already
+with the same name. If channel exists with the same name it MUST check
+whether the Channel ID is different. If the Channel ID is different the
+router MUST send the notify type SILC_NOTIFY_TYPE_CHANNEL_CHANGE to the
+server to force the channel ID change to the ID the router has. If the
+mode of the channel is different the router MUST send the notify type
+SILC_NOTIFY_TYPE_CMODE_CHANGE to the server to force the mode change
+to the mode that the router has.
The router MUST also generate new channel key and distribute it to the
channel. The key MUST NOT be generated if the SILC_CMODE_PRIVKEY mode
.ti 0
4.5 Private Message Sending and Reception
-Private messages are sent point to point. Client explicitly destines
+Private messages are sent point to point. Client explicitly destine
a private message to specific client that is delivered to only to that
client. No other client may receive the private message. The receiver
of the private message is destined in the SILC Packet Header as any
from its own server.
+
.ti 0
4.10 Closing Connection
EMail: priikone@iki.fi
-This Internet-Draft expires XXX
+This Internet-Draft expires 26 April 2003
projects / crypto.git / blobdiff