.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH XXX
+.ds RH 15 May 2002
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-commands-03.txt XXX
-Expires: XXX
+draft-riikonen-silc-commands-03.txt 15 May 2002
+Expires: 15 November 2002
.in 3
2 SILC Commands ................................................. 2
2.1 SILC Commands Syntax ...................................... 2
2.2 SILC Commands List ........................................ 4
- 2.3 SILC Command Status Payload ............................... 33
-3 SILC Status Types ............................................. 33
-4 Security Considerations ....................................... 38
-5 References .................................................... 38
-6 Author's Address .............................................. 40
-Appendix A ...................................................... xx
+ 2.3 SILC Command Status Payload ............................... 40
+3 SILC Status Types ............................................. 41
+4 Security Considerations ....................................... 47
+5 References .................................................... 47
+6 Author's Address .............................................. 49
+Appendix A ...................................................... 49
.ti 0
Status messages:
SILC_STATUS_OK
- SILC_STATUS_ERR_TOO_MANY_TARGETS
SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
SILC_STATUS_ERR_NO_SUCH_NICK
include STATUS_LIST_START status in the first reply and
STATUS_LIST_END in the last reply to indicate the end of the
list. If there are only one reply the status is set to normal
- STATUS_OK.
+ STATUS_OK. If multiple Client IDs was requested then each found
+ and unfound client must cause successful or error reply,
+ respectively.
The command replies include the Client ID of the nickname,
nickname and server name, user name and host name and user's real
The server also returns client's user mode, idle time, and the
fingerprint of the client's public key. The <fingerprint> is the
binary hash digest of the public key. The fingerprint MUST NOT
- be sent if the server has not verified the proof of posession of
+ be sent if the server has not verified the proof of possession of
the corresponding private key. Server can do this during the
SILC Key Exchange protocol. The <fingerprint> is SHA1 digest.
a list of results. In this case the status payload will include
STATUS_LIST_START status in the first reply and STATUS_LIST_END in
the last reply to indicate the end of the list. If there are only
- one reply the status is set to normal STATUS_OK.
+ one reply the status is set to normal STATUS_OK. If multiple Client
+ IDs was requested then each found and unfound client must cause
+ successful or error reply, respectively.
When querying clients the <entity's name> must include the client's
nickname in the following format: nickname[@server]. The
Set/change nickname. This command is used to set nickname for
user. Nickname MUST NOT include any spaces (` '), non-printable
- characters, commas (`,') and any wildcard characters. Note that
- nicknames in SILC are case-sensitive which must be taken into
- account when searching clients by nickname.
+ characters, commas (`,') and any wildcard characters.
When nickname is changed new Client ID is generated. Server MUST
distribute SILC_NOTIFY_TYPE_NICK_CHANGE to local clients on the
Reply messages to the command:
- Max Arguments: 2
+ Max Arguments: 3
Arguments: (1) <Status Payload> (2) <New ID Payload>
+ (3) <nickname>
This command is replied always with New ID Payload that is
generated by the server every time user changes their nickname.
Client receiving this payload MUST start using the received
Client ID as its current valid Client ID. The New ID Payload
- is described in [SILC2].
+ is described in [SILC2]. The <nickname> is the user's new
+ nickname.
Status messages:
SILC_STATUS_ERR_NOT_ON_CHANNEL
SILC_STATUS_ERR_USER_ON_CHANNEL
SILC_STATUS_ERR_NO_CHANNEL_PRIV
+ SILC_STATUS_ERR_RESOURCE_LIMIT
8 SILC_COMMAND_QUIT
privileges the same way as the client had given the
SILC_COMMAND_CUMODE command to gain founder privileges. The
client is still able to join the channel even if the founder
- privileges could not be gained.
+ privileges could not be gained. The hash function used with
+ the <founder payload> MUST be sha1.
The server MUST check whether the user is allowed to join to
the requested channel. Various modes set to the channel affect
0x00000100 SILC_UMODE_ANONYMOUS
Marks that the client is anonymous client. Server
- that specificly is designed for anonymous services
+ that specifically is designed for anonymous services
can set and unset this mode. Client MUST NOT set or
unset this mode itself. A client with this mode set
would have the username and the hostname information
Message Key flag is set in the SILC packet header.
If this mode is set server MUST NOT deliver private
messages to the client without the Private Message
- Key flag being set.
+ Key flag being set. The Private Message Key flag set
+ indicates that the private message is protected with
+ a key shared between the sender and the recipient.
A separate service could provide additional filtering
features for accepting private messages from certain
by knowing that the network connection is not active.
In this case the default case is to discard the packet.
+
+ 0x00000800 SILC_UMODE_REJECT_WATCHING
+
+ Marks that the client rejects that it could be watched
+ by someone else. If this mode is set notifications about
+ this client is not send, even if someone is watching the
+ same nickname this client has. Client MAY set and unset
+ this mode. Any changes for this client MUST NOT be
+ notified to any watcher when this mode is set.
+
+ A separate service could provide additional filtering
+ features for rejecting and accepting the watching from
+ certain users. However, this document does not specify
+ such service.
+
+
+ 0x00001000 SILC_UMODE_BLOCK_INVITE
+
+ Marks that the client wishes to block incoming invite
+ notifications. Client MAY set and unset this mode.
+ When set server does not deliver invite notifications
+ to the client. Note that this mode may make it harder
+ to join invite-only channels.
+
If the <client mode mask> was not provided this command merely
returns the mode mask to the client.
of a channel. Modes may be masked together by ORing them thus
having several modes set. The <Channel ID> is the ID of the
target channel. The client changing channel mode MUST be on
- the same channel and poses sufficient privileges to be able to
+ the same channel and posses sufficient privileges to be able to
change the mode.
When the mode is changed SILC_NOTIFY_TYPE_CMODE_CHANGE notify
Channel founder may set this mode to be able to regain
channel founder rights even if the client leaves the
channel. The <auth payload> is the Authentication Payload
- consisting of the authentication method and authentication
- data to be used in the authentication. The server MUST
- NOT accept NONE authentication method. Also, if the
- method is public key authentication the server MUST NOT
- save the authentication data from the payload as the
- data is different on all authentications. In this case the
- server only saves the authentication method. However,
- server MUST verify the sent authentication payload and
- set the mode only if the verification was successful.
-
- Note that this mode is effective only in the current server.
- The client MUST connect to the same server later to be able
- to regain the channel founder rights. The server MUST save
- the public key of the channel founder and use that to identify
- the client which is claiming the channel founder rights.
- The rights may be claimed by the SILC_CUMODE_FOUNDER
- channel user mode using SILC_COMMAND_CUMODE command. The
- set authentication data remains valid as long as the channel
- exists or until the founder unsets this mode.
+ consisting of the public key authentication method and the
+ authentication data for that method. The passphrase
+ method cannot be used with this mode. The server MUST NOT
+ accept NONE authentication method. The server does not
+ save <auth payload> but MUST verify it. The public key
+ used to verify the payload is the public key of the
+ client sending this command. The mode may be set only
+ if the <auth payload> was verified successfully. The
+ server also MUST save the founder's public key. The
+ hash function used with the <auth payload> MUST be sha1.
+
+ The public key of the founder is sent in the
+ SILC_NOTIFY_TYPE_CMODE_CHANGE notify type so that other
+ routers and servers in the network may save the public key.
+ This way the founder can reclaim the founder rights back
+ to the channel from any server in the network. The founder
+ rights can be regained by the SILC_CUMODE_FOUNDER channel
+ user mode, or during joining procedure with the command
+ SILC_COMMAND_JOIN.
+
+ When this channel mode is set the channel also becomes
+ permanent. If all clients leave the channel while this
+ mode is set the channel MUST NOT be destroyed. The founder
+ can reclaim the founder mode back on these empty channels
+ at any time. Implementations MAY limit the number of how
+ many channels a user can own.
Typical implementation would use [+|-]f on user interface
to set/unset this mode.
The <Channel ID> is the ID of the target channel. The <mode mask>
is OR'ed mask of modes. The <Client ID> is the target client.
The client changing channel user modes MUST be on the same channel
- as the target client and poses sufficient privileges to be able to
+ as the target client and posses sufficient privileges to be able to
change the mode.
When the mode is changed SILC_NOTIFY_TYPE_CUMODE_CHANGE notify
been set, the client can claim channel founder privileges
by providing the <auth payload> that the server will use
to authenticate the client. The public key that server will
- use to verify the <auth payload> must the same public key
+ use to verify the <auth payload> MUST the same public key
that was saved when the SILC_CMODE_FOUNDER_AUTH channel
mode was set. The client MAY remove this mode at any time.
service.
+ 0x00000008 SILC_CUMODE_BLOCK_MESSAGES_USERS
+
+ Marks that the client wishes not to receive any channel
+ messages sent from normal users. Only messages sent by
+ channel founder or channel operator is accepted. Client
+ MAY set and unset this mode to itself. Client MUST NOT
+ set it to anyone else. When this mode is set server MUST
+ NOT deliver channel messages that are sent by normal users
+ to this client.
+
+ A separate service could provide additional filtering
+ features for accepting channel messages from certain
+ sender. However, this document does not specify such
+ service.
+
+
+ 0x00000010 SILC_CUMODE_BLOCK_MESSAGES_ROBOTS
+
+ Marks that the client wishes not to receive any channel
+ messages sent from robots. Messages sent by users with
+ the SILC_UMODE_ROBOT user mode set are not delivered.
+ Client MAY set and unset this mode to itself. Client MUST
+ NOT set it to anyone else. When this mode is set server
+ MUST NOT deliver channel messages that are sent by robots
+ to this client.
+
+
+ 0x00000020 SILC_CUMODE_QUIET
+
+ Marks that the client cannot talk on the channel. This
+ mode can be set by channel operator or channel founder to
+ some other user that is not operator or founder. The
+ target client MUST NOT unset this mode. When this mode
+ is set the server MUST drop messages sent by this client
+ to the channel.
+
+
Reply messages to the command:
Max Arguments: 4
SILC_STATUS_ERR_NO_CLIENT_ID
+
+
20 SILC_COMMAND_BAN
Max Arguments: 3
SILC_STATUS_ERR_NO_CHANNEL_ID
SILC_STATUS_ERR_NOT_ON_CHANNEL
SILC_STATUS_ERR_NO_CHANNEL_PRIV
+ SILC_STATUS_ERR_RESOURCE_LIMIT
+
+
+
+ 21 SILC_COMMAND_DETACH
- 21 <deprecated command>
+ Max Arguments: 0
+ Arguments:
+ This command is used to detach from the network. Client can
+ send this command to its server to indicate that it will be
+ detached. By detaching the client remains in the network but
+ the actual network connection to the server is closed. The
+ client may then later resume the old session back.
- 22 <deprecated command>
+ When this command is received the server MUST check that the
+ client is locally connected client, and set the user mode
+ SILC_UMODE_DETACHED flag. The SILC_NOTIFY_TYPE_UMODE_CHANGE
+ MUST be also sent to routers. The server then sends command
+ reply to this command and closes the network connection.
+ The server MUST NOT remove the client from its lists, or send
+ any signoff notifications for this client. See the [SILC1]
+ for detailed information about detaching.
+
+ Reply messages to the command:
+
+ Max Arguments: 1
+ Arguments: (1) <Status Payload>
+
+ This command replies only with the status indication.
+
+ Status messages:
+
+ SILC_STATUS_OK
+ SILC_STATUS_ERR_NOT_REGISTERED
+
+
+ 22 SILC_COMMAND_WATCH
+
+ Max Arguments: 3
+ Arguments: (1) <Client ID> (2) [<add nickname>]
+ (3) [<del nickname>]
+
+ This command is used to set up a watch for <add nickname>
+ nickname. When a user in the network appears with the
+ nickname, or signoffs the network or user's mode is changed
+ the client which set up the watch will be notified about
+ this change. This can be used to watch for certain nicknames
+ in the network and receive notifications when for example a
+ friend appears in the network or leaves the network.
+
+ The <del nickname> is a nickname that has been previously
+ added to watch list and is now removed from it. Notifications
+ for that nickname will not be delivered anymore.
+
+ The <Client ID> is the Client ID of the sender of this command.
+
+ The nickname set to watch MUST NOT include any wildcards.
+ Note also that a nickname may match several users since
+ nicknames are not unique. Implementations MAY set limits
+ for how many nicknames client can watch.
+
+ When normal server receives this command from client it
+ MUST send it to its router. Router will process the command
+ and actually keeps the watch list.
+
+ Reply messages to the command:
+
+ Max Arguments: 1
+ Arguments: (1) <Status Payload>
+
+ This command replies only with the status indication.
+
+ Status messages:
+
+ SILC_STATUS_OK
+ SILC_STATUS_ERR_NOT_REGISTERED
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
+ SILC_STATUS_ERR_TOO_MANY_PARAMS
+ SILC_STATUS_ERR_BAD_NICKNAME
+ SILC_STATUS_ERR_WILDCARDS
+ SILC_STATUS_ERR_RESOURCE_LIMIT
+ SILC_STATUS_ERR_NO_SUCH_NICK
+ SILC_STATUS_ERR_NICKNAME_IN_USE
23 SILC_COMMAND_SILCOPER
channel; either the argument <Channel ID> or the <channel name>.
One of these arguments must be present. The server MUST resolve
the joined clients and reply with a lists of users on the channel
- and with list of user modes on the channel.
+ and with list of user modes on the channel.
If the requested channel is a private or secret channel, this
command MUST NOT send the list of users, but error is returned
This command is used to negotiate a service agreement with a
remote server. If this command is given without arguments it
MAY return the service list, if it is publicly available. The
- <service name> is a service sepcific identifier, and the
- <auth payload> MAY be used to authenticate the requestor to the
+ <service name> is a service specific identifier, and the
+ <auth payload> MAY be used to authenticate the requester to the
remote service. The authentication to a service may be based
- on previous agreement with the requestor and the service
+ on previous agreement with the requester and the service
provider. The command MAY also take additional service
specific arguments.
SILC_STATUS_ERR_PERM_DENIED
+
+
28 - 199
Currently undefined commands.
replies at the same time, however in this case the
list of error replies MUST be sent after the successful
replies. This way the recipient may ignore the multiple
-errors if it wishes to do so.
+errors if it wishes to do so. Also note that in this
+case the successful and error replies belong to the
+same list.
All Status messages are described in the next section.
"No such server". Requested server name does not exist.
- 13 SILC_STATUS_ERR_TOO_MANY_TARGETS
+ 13 SILC_STATUS_ERR_INCOMPLETE_INFORMATION
- "Duplicate recipients. No message delivered". Message were
- tried to be sent to recipient which has several occurrences in
- the recipient list.
+ "Incomplete registration information". Information remote
+ sent was incomplete.
14 SILC_STATUS_ERR_NO_RECIPIENT
The unknown Server ID MUST be provided as next argument
in the reply.
+ 48 SILC_STATUS_ERR_RESOURCE_LIMIT
+
+ "No more resources available". This can mean that server cannot
+ or will not accept something due to resource limitations.
+
49 SILC_STATUS_ERR_NO_SUCH_SERVICE
"Service does not exist". Requested service identifier is
unknown.
+ 50 SILC_STATUS_ERR_NOT_AUTHENTICATED
+
+ "You have not been authenticated". Remote connection is not
+ authenticated even though it is supposed to be.
+
+ 51 SILC_STATUS_ERR_BAD_SERVER_ID
+
+ "Server ID is not valid". Provided server ID is not valid.
+
+ 52 SILC_STATUS_ERR_KEY_EXCHANGE_FAILED
+
+ "Key exchange failed". Key Exchange protocol failed.
+
+ 53 SILC_STATUS_ERR_BAD_VERSION
+
+ "Bad version". Protocol or software version mismatch.
+
.in 3
4 References
[SILC1] Riikonen, P., "Secure Internet Live Conferencing (SILC),
- Protocol Specification", Internet Draft, April 2001.
+ Protocol Specification", Internet Draft, May 2002.
[SILC2] Riikonen, P., "SILC Packet Protocol", Internet Draft,
- April 2001.
+ May 2002.
[SILC3] Riikonen, P., "SILC Key Exchange and Authentication
- Protocols", Internet Draft, April 2001.
+ Protocols", Internet Draft, May 2002.
[IRC] Oikarinen, J., and Reed D., "Internet Relay Chat Protocol",
RFC 1459, May 1993.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998.
-
-
+[ATTRS] Riikonen, P., "User Online Presence and Information
+ Attributes", Internet Draft, May 2002.
.ti 0
.nf
Pekka Riikonen
-Snellmanninkatu 34 A 15
+Snellmaninkatu 34 A 15
70100 Kuopio
Finland
EMail: priikone@iki.fi
-This Internet-Draft expires XXX
+This Internet-Draft expires 15 November 2002
.ti 0
The information received from the client MAY be cached in the
server's end. The caching may be desired for example if the client
can be detached from the network. This way the server is then able
-to provide at least partial information for a requestor. The
+to provide at least partial information for a requester. The
server MAY also process the command reply and verify whether the
attributes provided in the reply are actually valid. If it can do
this, and verify that they indeed are valid values it MAY append
ATTRIBUTE_SERVER_DIGITAL_SIGNATURE as defined in [ATTRS]. The
server then MUST provide valid WHOIS command reply to the sender
of the command. Other servers and routers that receive the command
-reply enroute to the original sender MAY also cache the information.
+reply en route to the original sender MAY also cache the information.
The client which receives the command reply to the WHOIS command
SHOULD verify the ATTRIBUTE_USER_DIGITAL_SIGNATURE and the
projects / silc.git / blobdiff