.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet-Draft
-.ds RH XX April 2001
+.ds RH 25 April 2001
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-ke-auth-02.txt XX April 2001
-Expires: XX October 2001
+draft-riikonen-silc-ke-auth-02.txt 25 April 2001
+Expires: 25 October 2001
.in 3
The SILC Connection Authentication protocol provides user level
authentication used when creating connections in SILC network. The
protocol is transparent to the authentication data which means that it
-can be used to authenticate the user with, for example, pass phrase
-(pre-shared- secret) or public key (and certificate).
+can be used to authenticate the user with, for example, passphrase
+(pre-shared-secret) or public key (and certificate).
and responder. This data is later used in the key exchange procedure.
There are several payloads used in the key exchange. As for all SILC
packets, SILC Packet Header, described in [SILC2], is at the start of
-all packets, the same is done with these payloads as well. All the
+all packets. The same is done with these payloads as well. All the
fields in the payloads are always in MSB (most significant byte first)
order. Following descriptions of these payloads.
.in 6
o RESERVED (1 byte) - Reserved field. Sender fills this with
- zeroes (0).
+ zero (0) value.
o Flags (1 byte) - Indicates flags to be used in the key
exchange. Several flags can be set at once by ORing the
o Payload Length (2 bytes) - Length of the entire Key Exchange
Start payload, not including any other field.
-o Cookie (16 bytes) - Cookie that uniforms this payload so
+o Cookie (16 bytes) - Cookie that randomize this payload so
that each of the party cannot determine the payload before
hand.
key exchange group list, not including any other field.
o Key Exchange Group (variable length) - The list of
- key exchange groups. See the section 2.1.2 SILC Key Exchange
+ key exchange groups. See the section 2.4 SILC Key Exchange
Groups for definitions of these groups.
o PKCS Alg Length (2 bytes) - The length of the PKCS algorithms
SILC_PACKET_KEY_EXCHANGE_2 packet types. The initiator uses the
SILC_PACKET_KEY_EXCHANGE_1 and the responder the latter.
-The following diagram represent the Key Exchange 1 Payload.
+The following diagram represent the Key Exchange Payload.
.in 5
only to decrypt received data. For receiving party, the receive key is
actually sender's sending key, and, the sending key is actually sender's
receiving key. Initiator uses generated keys as they are (sending key
-for sending and receiving key for sending).
+for sending and receiving key for receiving).
The HMAC key is used to create MAC values to packets in the communication
channel. As many bytes as needed are taken from the start of the hash
protocol. This MUST be done before the protocol has been ended by
sending the SILC_PACKET_SUCCESS packet.
-This same procedure is used in the SILC is some other circumstances
+This same procedure is used in the SILC in some other circumstances
as well. Any changes to this procedure is mentioned separately when
this procedure is needed. See the [SILC1] and the [SILC2] for these
circumstances.
.ti 0
2.4 SILC Key Exchange Groups
-Following groups may be used in the SILC Key Exchange protocol. The
-first group diffie-hellman-group1 is REQUIRED, other groups MAY be
+The Following groups may be used in the SILC Key Exchange protocol.
+The first group diffie-hellman-group1 is REQUIRED, other groups MAY be
negotiated to be used in the connection with Key Exchange Start Payload
and SILC_PACKET_KEY_EXCHANGE packet. However, the first group MUST be
proposed in the Key Exchange Start Payload regardless of any other
If authentication method is passphrase the authentication data is
plaintext passphrase. As the payload is entirely encrypted it is safe
-to have plaintext passphrase. 3.2.1 Passphrase Authentication for
-more information.
+to have plaintext passphrase. See the section 3.2.1 Passphrase
+Authentication for more information.
If authentication method is public key authentication the authentication
data is signature of the hash value HASH plus Key Exchange Start Payload,
established by the SILC Key Exchange protocol. This signature MUST then
-be verified by the server. See section 3.2.2 Public Key Authentication
-for more information.
+be verified by the server. See the section 3.2.2 Public Key
+Authentication for more information.
The connecting client of this protocol MUST wait after successful execution
of this protocol for the SILC_PACKET_NEW_ID packet where it will receive
the authentication MUST be failed by sending SILC_PACKET_FAILURE packet.
The payload may only be sent with SILC_PACKET_CONNECTION_AUTH packet.
-It MUST NOT be sent in any other packet type. Following diagram
+It MUST NOT be sent in any other packet type. The following diagram
represent the Connection Auth Payload.
SILC supports two authentication types to be used in the connection
authentication protocol; passphrase or public key based authentication.
-Following sections defines the authentication methods. See [SILC2]
+The following sections defines the authentication methods. See [SILC2]
for defined numerical authentication method types.
.ti 0
3.2.1 Passphrase Authentication
-Passphrase authentication or pre-shared-key base authentication is
+Passphrase authentication or pre-shared-key based authentication is
simply an authentication where the party that wants to authenticate
itself to the other end sends the passphrase that is required by
the other end, for example server.
EMail: priikone@poseidon.pspt.fi
-This Internet-Draft expires XX October 2001
\ No newline at end of file
+This Internet-Draft expires 25 October 2001
projects / runtime.git / blobdiff