From 6c35aeb35d33ec93d7bba9bfa4d199d6736fad25 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Sun, 20 May 2007 11:37:49 +0000 Subject: [PATCH] updates. --- TODO | 540 +++++++++++++++++++++++++++++++++++------------------- TODO-SILC | 86 +++++++++ 2 files changed, 441 insertions(+), 185 deletions(-) create mode 100644 TODO-SILC diff --git a/TODO b/TODO index e9af97dc..9a715bf0 100644 --- a/TODO +++ b/TODO @@ -1,323 +1,493 @@ -TODO for 1.1 -============ +TODO for 1.2 And Beyond +======================= NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The (***TESTING NEEDED) means that the item has been done but not yet properly tested. +NOTE: A TODO entry does not mean that it is ever going to be done. Some +of the entries may be just ideas, good, bad or ugly. If you want to work +on some of the TODO entries simply let us know about it by dropping a note +to silc-devel mailing list or appear on 'silc' channel on SILCNet. -apps/silcd, The SILC Server ****PARTLY DONE**** -=========================== - o Port all code to use SILC Toolkit 1.1 APIs. +General +======= - o Fix/test GETKEY. + o Create apps/tutorial containing various Toolkit API tutorials. - o Fix/test MOTD. + o The Toolkit split. The Toolkit is to be splitted in parts. How many + parts and what the parts are isn't decided yet. Each part is a separate + software package. Current thinking is of the following: - o Remove protocol.[ch]. (***DONE) + SILC Toolkit SILC protocol, client and server library + SILC Runtime Toolkit runtime library + SILC Crypto Toolkit crypto, asn1, math, skr, pgp, etc. - o Rewrite connecting accepting. (***TESTING NEEDED) + The rationale for this is of course that other than SILC projects + might like to use the various libraries SILC Toolkit provides, but + naturally they don't want the bloat of SILC protocol related stuff. - o Rewrite async connecting. (***TESTING NEEDED) + The Runtime library in SILC Toolkit is a general purpose runtime library, + like Glib and APR are. The runtime library is to be developed further + to provide alternative to Glib and APR. - o Connecting from SILC router to SILC server. + The Crypto library in SILC Toolkit is a general purpose crypto library + providing pretty nice APIs compared to many other crypto libraries, + especially OpenSSL. The Crypto library is to be developed further + to include support for OpenPGP, X.509 and SSH2. - o Rewrite rehash, HUP. - o Heartbeat-keepalive. +lib/silccore +============ - o Test backup router resuming protocol. + o SILC_PACKET_FLAG_ACK support. Implement ACK packet and packet payload + to silcpacket.c. - o Check all packet receive routines that they call silc_packet_free. + o All payload encoding routines should take SilcStack as argument. - o Add Web statistics module using lib/silchttp. Give out server - statistics. (***DONE) + o All payload test routines into lib/silccore/tests/. -SILC Client ****PARTLY DONE**** -=========== +lib/silcclient, The Client Library +================================== - o Porting to new Toolkit API and new Client Library API (***DONE) + o peer-to-peer private messages - o Improve help files, especially /cmode, /cumode and /key. + o Private message key request notification to application. See XXX in + client_prvmsg.c. + o in JOIN notify handle resolving that timedout. Currently the user is + never joined the channel if this happens. What to do if message is + received from user that hasn't been resolved/joined? -lib/silcclient, The Client Library ***PARTLY DONE**** -================================== + o Message ACKing support. - o silcclient.h clean up and API rewrites. (***DONE) + o in /cmode and /cumode with +r, maybe the public key and private key + could be just some "string", which would then match to "string.pub" and + "string.prv". - o silcclient_entry.h finishing, all entry relates APIs to this header. - (***DONE) - o SilcChannelEntry, SilcServerEntry, SilcChannelUser, allocating, - freeing, finding, etc. rewrite. Also making them reference counted for - multi threads use. (***DONE) +Runtime library, lib/silcutil/ +============================== - o Rewrite silc_client_get_clients_by_channel. + o Fix universal time decoding (doesn't accept all formats) in silctime.c. - o Rewrite client side WHOIS command (for whois -details). (***DONE) + o Add functions to manipulate environment variables. - o Finish all the missing SILC packet processings, rewrites. (***DONE) + SilcBool silc_setenv(const char *variable, const char *value); + const char *silc_getenv(const char *variable); + SilcBool silc_clearenv(const char *variable); - o The client_notify.c rewrite. (***DONE) + o Add functions to loading shared/dynamic object symbols (replaces the + SIM library (lib/silcsim) and introduces generic library). - o Resuming to client_register.c (remove client_resume.c) (***DONE) + SilcDll silc_dll_load(const char *object_path, SilcDllFlags flags); + void silc_dll_close(SilcDll dll); + void *silc_dll_getsym(SilcDll dll, const char *symbol); + const char *silc_dll_error(SilcDll dll); - o Rekey rewrite. (***DONE) + o Add directory opening/traversing functions - o Remove protocol.[ch]. (***DONE) + o silc_getopt routines - o File transfer rewrite. (***DONE) + o silc_hash_table_replace -> silc_hash_table_set. Retain support for + silc_hash_table_replace as macro. - o File transfer API documentation. (***DONE) + o The SILC Event signals. Asynchronous events that can be created, + connected to and signalled. Either own event routines or glued into + SilcSchedule: - o Connection auth request. (***DONE) + SilcTask silc_schedule_task_add_event(SilcSchedule schedule, + const char *event, ...); + SilcBool silc_schedule_event_connect(SilcSchedule schedule, + const char *event, + SilcTaskCallback event_callback, + void *context); + SilcBool silc_schedule_event_signal(SilcSchedule schedule, + const char *event, ...); - o Password auth test, public key auth test. (***DONE) + Example: + silc_schedule_task_add_event(schedule, "connected", + SILC_PARAM_UI32_INT, + SILC_PARAM_BUFFER, + SILC_PARAM_END); + silc_schedule_event_connect(schedule, "connected", connected_cb, ctx); + silc_schedule_event_signal(schedule, "connected", integer, buf, + SILC_PARAM_END); + SILC_TASK_CALLBACK(connected_cb) + { + FooCtx ctx = context; + va_list args; + SilcUInt32 integer; + SilcBuffer buf; + + va_start(args, context); + integer = va_arg(args, SilcUInt32); + buf = va_arg(args, SilcBuffer); + va_end(args); + ... + } - o Starting key exchange directly, rewrite. (***DONE) + Problems: Events would be SilcSchedule specific, and would not work on + multi-thread/multi-scheduler system. The events should be copyable + between schedulers. - o Channel messages, channel private keys, channel entires, channel - search, etc. rewrite. (***TESTING NEEDED) + o Structured log messages to Log API. Allows machine readable log + messages. Would allow sending of any kind of data in a log message. - o For many APIs leave the hash context allocations to the caller instead - of using client->sha1hash and client->md5hash, or some kind of thread - safe (no locking) concept. (***DONE) + o Base64 to an own API - o Key agreement rewrite. (***TESTING NEEDED) + o Timer API - o Connecting to remote client (***DONE) + o Add builtin SOCKS and HTTP Proxy support, well the SOCKS at least. + SILC currently supports SOCKS4 and SOCKS5 but it needs to be compiled + in separately. - o Private message waiting API (in threads) (***TESING NEEDED) + o silc_stringprep to non-allocating version. - o client_attrs.c, attributes rewrite. (***TESTING NEEDED) + o SilcStack aware SilcHashTable. - o No SilcBuffer lists back to application in command_reply operations. - Convert them all to real lists and/or structures for easier use. - (***DONE) + o SilcStack aware SilcDList. - o Nickname formatting rewrite. (***TESTING NEEDED) + o Compression routines are missing. The protocol supports packet + compression thus it must be implemented. SILC Zip API must be + defined. - o UDP connections. (***TESTING NEEDED) + (o Generic SilcStatus or SilcResult that includes all possible status and + error conditions, including those of SILC protocol. Though, the SILC + protocol related status (currently in silcstatus.h) cannot be in + runtime library) maybe + (o Thread pool) maybe -lib/silcsftp ****DONE**** -============ + (o SILC specific socket creation/closing routines to silcnet.h, wrappers + to all send(), recv(), sendto() etc. Bad thing is that we'd have to + define all socket options, sockaddrs, etc.) maybe - o Porting to use the new util library. (***DONE) + (o mmap) maybe -lib/silccore/silcpacket.[ch] ****PARTLY DONE**** -============================ +lib/silcutil/symbian/ +===================== - o SilcPacketEngine. (***DONE) + o Something needs to be thought to the logging globals as well, + like silc_debug etc. They won't work on EPOC. Perhaps logging + and debugging is to be disabled on EPOC. The logging currently works + by it cannot be controlled, same with debugging. - o New SILC Packet API. (***DONE) - o Implement silc_packet_engine_stop and silc_packet_stream_destroy. (***DONE) +SFTP Library, lib/silcsftp/ +=========================== - o IV Included flag support, UDP transport support (***TESTING NEEDED) + o Read prefetch (read-ahead, reading ahead of time). Maybe if this can + be done easily. -lib/silccore/silcid.[ch] ****DONE**** -======================== +SKR Library, lib/silcskr/ +========================= - o Add silc_id_str2id to accept the destination buffer as argument - and thus not require any memory allocation. Same will happen - with silc_id_payload_* functions. (***DONE) + o Add fingerprint as search constraint. + + o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring + support?) + + o Add support for importing public keys from a directory and/or from a + file. Add support for exporting the repository (different formats for + different key types?). + + o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply + add the find constraints as variable argument list to silc_skr_find, eg: + + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_COUNTRY, "FI", + SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH, + SILC_SKR_FIND_END); - o silc_id_str2id, silc_id2str to non-allocating routines. (***DONE) + NULL argument would be ignored and skipped. + o Add OR logical rule in addition of the current default AND, eg: -lib/silcskr ****DONE**** -=========== + // Found key(s) MUST have this public key AND this country. + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_RULE_AND, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_COUNTRY, "FI", + SILC_SKR_FIND_END); - o Removing key from the repository is not possible currently. It should - be. (***DONE) + // Found key(s) MUST have this public key OR this key context + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_RULE_OR, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_CONTEXT, key_context, + SILC_SKR_FIND_END); -lib/silcske/silcske.[ch] ***PARTLY DONE**** -======================== +Crypto Library, lib/silccrypt/ +============================== - o Responder rekey (***TESTING NEEDED) + o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and + possibly to silcpkcs.h. - o IV Included flag support in SKE (***DONE) + /* Return fingerprint of the `public_key'. Returns also the algorithm + that has been used to make the fingerprint. */ + const unsigned char * + silc_pkcs_get_fingerprint(SilcPublicKey public_key, + const char **hash_algorithm, + SilcUInt32 *fingerprint_len); - o UDP transport changes; retransmission support by using exponential - backoff algorithm. (***DONE) + o Change SILC PKCS API to asynchronous, so that accelerators can be used. + All PKCS routines should now take callbacks as argument and they should + be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. - o SilcConnAuth header file documentation. (***DONE) + /* Signature computation callback */ + typedef void (*SilcPKCSSignCb)(SilcBool success, + const unsigned char *signature, + SilcUInt32 signature_len, + void *context); + /* Signature verification callback */ + typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context); -lib/silccrypt ****PARTLY DONE**** -============= + /* Encryption callback */ + typedef void (*SilcPKCSEncryptCb)(SilcBool success, + const unsigned char *encrypted, + SilcUInt32 encrypted_len, + void *context); - o Implement PKCS #1 sign/verify with hash OID. (***TESTING NEEDED) + /* Decryption callback */ + typedef void (*SilcPKCSDecryptCb)(SilcBool success, + const unsigned char *decrypted, + SilcUInt32 decrypted_len, + void *context); - o Implement SILC Public Key Version 2 handling in sign/verify. Implement - Version (V) identifier (***DONE) + Either add new _async functions or add the callbacks to existing API + and if the callback is NULL then the API is not async and if provided + it may be async. For example; - o SILC PKCS (silcpkcs.h) reorganizing when other PK supports added. - Move the SILC Public Key routines away from the crypto library into - the core library (silccore). silc_pkcs_public/private_key_* routines - to silc_public/private_key_* routines. The silc_public_key_* routines - should also automatically handle SILC Public Keys, and other keys - and certificates as well. Add fe. silcpk.h into silccore. It should - also include the Public Key Payload encoding and decoding routines. - (***DONE) + SilcBool silc_pkcs_sign(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + unsigned char *dst, SilcUInt32 dst_size, + SilcUInt32 *dst_len, + SilcBool compute_hash, SilcHash hash, + SilcPKCSSignCb async_sign, + void *async_sign_context); - o Assembler AES (***DONE) + (if this is done then there's no reason why the buffers in the + callbacks cannot be the ones user gives here) or allow only async: + SilcBool silc_pkcs_sign(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + SilcBool compute_hash, SilcHash hash, + SilcPKCSSignCb async_sign, + void *async_sign_context); -lib/silcutil ****PARTLY DONE**** -============ + or add new: - o The regex code from lib/contrib might compile fine on all platforms. - No need to make it silcutil/unix/ specific. Add them to generic - silcutil.c. (***TESTNG NEEDED) + SilcBool silc_pkcs_sign_async(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + SilcBool compute_hash, SilcHash hash, + SilcPKCSSignCb async_sign, + void *async_sign_context); - o Silc FD Stream to WIN32 (lib/silcutil/silcfdstream.h) (***TESTING NEEDED) + o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to + encrypt, decrypt, sign and verify functions. We may need to for exmaple + check the alg->hash, supported hash functions. Maybe deliver it also + to all other functions in SilcPKCSAlgorithm to be consistent. - o bool -> SilcBool (***DONE) + o Add DSS support. Take implementation from Tom or make it yourself. + o Implement the defined SilcDH API. The definition is in + lib/silccrypt/silcdh.h. + + o All cipher, hash, hmac etc. allocation routines should take their name + in as const char * not const unsigned char *. -lib/silcutil/silcbuffer.h ****DONE**** -========================= + o ECDSA and ECDH - o Remove the `truelen' field from SilcBuffer as it is entirely - redundant since we can get the true length of the buffer by - doing buffer->end - buffer->header. Add silc_buffer_truelen - macro instead. Consider also removing `len' field too since - it effectively is buffer->tail - buffer->data, and adding - silc_buffer_len macro can do the same. These would save - totally 8 bytes of memory per buffer. (***DONE) +SILC Accelerator Library +======================== -lib/silcutil/silcbuffmt.[ch] ****DONE**** -============================ + o SILC Accelerator API. Provides generic way to use different kind of + accelerators. Basically implements SILC PKCS API so that SilcPublicKey + and SilcPrivateKey can be used but they call the accelerators. - o SilcStack aware silc_buffer_unformat (***DONE) + Something in the lines of (preliminary): - o SilcStack aware silc_buffer_format (***DONE) + /* Register accelerator to system */ + SilcBool silc_acc_register(const SilcAccelerator acc); - o silc_buffer_format reallocates automatically (***DONE) + /* Unregister accelerator */ + SilcBool silc_acc_unregister(const SilcAccelerator acc); - o SILC_STR_OFFSET (***DONE) + /* Find existing accelerator. `name' is accelerators name and + `params' is optional accelerator specific parameters. */ + SilcAccelerator silc_acc_find(const char *name, const char *params); + /* Return accelerator's displayable name */ + const char *silc_ac_get_display_name(SilcAccelerator acc); -lib/silcutil/silcstack.[ch] ****DONE**** -=========================== + /* Accelerate `public_key'. Return accelerated public key. */ + SilcPublicKey silc_acc_public_key(SilcAccelerator acc, + SilcPublicKey public_key); - o Data stack implementation (***DONE) + /* Accelerate `private_key'. Returns accelerated private key. */ + SilcPrivateKey silc_acc_private_key(SilcAccelerator acc, + SilcPrivateKey private_key); + /* Return the underlaying public key */ + SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc, + SilcPublicKey public_key); -lib/silcutil/silcstream.[ch] ****DONE**** -============================ + /* Return the underlaying private key */ + SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc, + SilcPrivateKey private_key); - o Add abstract SilcStream. (***DONE) + typedef struct SilcAcceleratorObject { + const char *name; /* Accelerator's name */ + const char *display_name; /* Displayable name */ + SilcAcceleratorType type; /* Accelerator type */ + union { + struct { + SilcPKCSObject *pkcs; /* PKCS, may be NULL */ + SilcPKCSAlgorithm *algorithm; /* Accelerator */ + } pkcs; + struct { -lib/silcutil/silcsocketstream.[ch] ****PARTY DONE**** -================================== + } cipher; + } u; + } *SilcAccelerator, SilcAcceleratorStruct; - o Add SilcSocketStream (***DONE) + SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as: + SilcPublicKey->SilcSILCPublicKey->SilcAcceleratorSoftware->RsaPublicKey or + SilcPublicKey->SilcSILCPublicKey->SilcAcceleratorPublicKey-> + SilcAcceleratorSoftware->RsaPublicKey - o Add SilcSocketStream for WIN32 (***TESTING NEEDED) + The former one if u.pkcs.pkcs == NULL. - o Test QoS after the changes made to socket stream + o Implement software accelerator. It is a thread pool system where the + public key and private key operations are executed in threads. + This implements SilcPKCSAlgorithm (and SilcPKCSObject if needed) that + implements the thread acclerated system. -lib/silcutil/silcschedule*.[ch] ****PARTLY DONE**** -=============================== + (o Symmetric key cryptosystem acceleration? They are always sycnhronouos + even with hardware acceleration so the crypto API shouldn't require + changes.) maybe - o Scheduler can be optimized for FD tasks by changing the fd_queue - to SilcHashTable instead of using linked list. We need to do - one-to-one mapping of FD to task and hash table is more efficient - for this usage. - Also redefine the silc_select to perhaps return a separate - structure of the events that actually occurred, instead of - returning the events in the fd_list which is then traversed - in the generic code to find the changed events. This can be - made faster by having own struct which includes only the - changed events, thus the tarversing is faster since the whole - fd_list is not traversed anymore (it is still traversed in the - silc_select but at least it removes one extra tarversing later - for the same list). +lib/silcmath +============ - Other task queues should be changed to use SilcList. (***DONE) + o Import TFM. Talk to Tom to add the missing functions. Use TFM in + client and client library, but TMA in server, due to the significantly + increased memory consumption with TFM, and the rare need for public + key operations in server. - o Add SILC scheduler's internal routines into a table of implementation - function pointers, that the generic code then takes as extern from - implementation. These are the silc_schedule_internal_* routines. - (***DONE) + We want TFM's speed but not TFM's memory requirements. Talk to Tom + about making the TFM mp dynamic just as it is in LTM. - o Change SILC_TASK_CALLBACK to non-static, and remove the macro - SILC_TASK_CALLBACK_GLOBAL. (***DONE) + o The SILC MP API function must start returning indication of success + and failure of the operation. - o SILC Schedule API changes to WIN32. (***TESTING NEEDED) + o Do SilcStack support for silc_mp_init, silc_mp_init_size and other + any other MP function (including utility ones) that may allocate + memory. + o All utility functions should be made non-allocating ones. -lib/silcutil/silcasync.[ch] ****DONE**** -=========================== - o Add SilcAsyncOperation to utility library. Any function that takes - callback as an argument must/should return SilcAsyncOperation. - (***DONE) +SILC XML Library, lib/silcxml/ +============================== + o SILC XML API (wrapper to expat). The SILC XML API should follow and + resemble Simple API for XML (SAX). -lib/silcutil/silctime.[ch] ****DONE**** -=========================== - o SilcTime. (***DONE) +lib/silcske/silcske.[ch] +======================== - o system time, universal, generalized. (***DONE) + o Ratelimit to UDP/IP transport for incoming packets. -lib/silcutil/silcfsm.[ch] ****DONE**** -========================= +lib/silcasn1 +============ + + o Negative integer encoding is missing, add it. - o SILC Finite State Machine API. Replaces SILC Protocol API (***DONE) + o SILC_ASN1_CHOICE should perhaps return an index what choice in the + choice list was found. Currently it is left for caller to figure out + which choice was found. + o SILC_ASN1_NULL in decoding should return SilcBool whether or not + the NULL was present. It's important when it's SILC_ASN1_OPTIONAL + and we need to know whether it was present or not. -lib/silcutil/silcnet*, lib/silcutil/*/silc*net* ****PARTLY DONE**** -=============================================== - o Add UDP interface (***DONE) +lib/silcpgp +=========== + + o OpenPGP certificate support, allowing the use of PGP public keys + in SILC. - o Add UDP interface for WIN32 (***TESTING NEEDED) - o New network interfaces (***DONE) +lib/silcssh +=========== + + o SSH2 public key/private key support, allowing the use of SSH2 keys + in SILC. RFC 4716. -lib/silcmath ****PARTLY DONE**** +lib/silcpkix ============ - o Test on x86_64. + o PKIX implementation - o Change LTM and TFM function names when importing to SILC tree to avoid - rare linking problems on system that has same named symbols already in - the system. (***DONE) +lib/silcserver +============== -lib/silcutil/symbian/ ****PARTLY DONE**** -===================== + o (Re)write commands/command replys. - o lib/silcutil/symbian routines missing or not completed. - (****TESTING NEEDED) + o (Re)write notify handling. - o Something needs to be thought to the logging globals as well, - like silc_debug etc. They won't work on EPOC. Perhaps logging - and debugging is to be disabled on EPOC. + o The SERVER_SIGNOFF notify handing is not optimal, because it'll + cause sending of multiple SIGNOFF notify's instead of the one + SERVER_SIGNOFF notify that the server received. This should be + optimized so that the only SERVER_SIGNOFF is sent and not + SIGNOFF of notify at all (using SIGNOFF takes the idea about + SERVER_SIGNOFF away entirely). + o Another SERVER_SIGNOFF opt/bugfix: Currently the signoff is + sent to a client if it is on same channel as the client that + signoffed. However, the entire SERVER_SIGNOFF list is sent to + the client, ie. it may receive clients that was not on the + same channel. This is actually against the specs. It must be + done per channel. It shouldn't receive the whole list just + because one client happened to be on same channel. -lib/silcasn1 ****DONE**** -============ + o Add reference counters to all Silc*Entry structures + + o SERVICEs support (plugin, SIM) + + o If client's public key is saved in the server (and doing public key + authentication) then the hostname and the username information could + be taken from the public key. Should be a configuration option! - o ASN.1 library (***DONE) + o Add a timeout to handling incoming JOIN commands. It should be + enforced that JOIN command is executed only once in a second or two + seconds. Now it is possible to accept n incoming JOIN commands + and process them without any timeouts. THis must be employed because + each JOIN command will create and distribute the new channel key + to everybody on the channel. - o Header documentation missing. (***DONE) + o Related to above. If multiple JOINs are received in sequence perhaps + new key should be created only once, if the JOINs are handeled at the same + time. Now we create multiple keys and never end up using them because + many JOINs are processed at the same time in sequence. Only the last + key ends up being used. - o Some string encodings missing (copy/paste matter). (***DONE) + o The CMODE cipher & hmac change problem (#101). diff --git a/TODO-SILC b/TODO-SILC new file mode 100644 index 00000000..533dd9b7 --- /dev/null +++ b/TODO-SILC @@ -0,0 +1,86 @@ +SILC Protocol +============= + +Possible SILC protocol and specification document changes. All of these +are tentative and doesn't mean that any of them would be done at any +point. + + o Full rework of the documents as requested by RFC Editor. The plan + is to create only two documents: + + silc-architecture-xx.txt + silc-specification-xx.txt + + o Add acknowlegments section to specification documents. + + o Group Diffie-Hellman protocol for establishig key with two or more + users on a channel. + + o Extend the Channel ID port to be actually a counter, allowing the + 2^32 channels per cell, instead of 2^16 like now. The port with + compliant implementation would always be 706, and it could be used + as a counter, starting from 706... For interop, with old code. + + o In SKE with UDP/IP responder doesn't have to do retransmissions. + Initiator will retransmit its packet. Initiator can be considered + the one that actually WANTs to establish the keys. So no need for + responder to retransmit. Define this clearly in the specs. + + o Dynamic server and router connections, ala Jabber. SILC has allowed + this from the beginning. It should be written out clearly in the + specs. Connection would be created with nick strings (which are of + format nick@server). + + o Counter block send/receive IV 64 bits instead of 32 bits, and the + value itself is used as 64-bit MSB ordered counter, which must + be reset before the packet sequence counter wraps. It's basically + a counter which is initially set to a random value. (***DONE) + + o Nickname to NEW_CLIENT packet. (***DONE) + + o Add Source and Destination ID in message MAC computation to fully + associate the Message Payload with the true sender and the true + recipient of the message. This will fix some security issues that + currently exists. It is currently possible in some specific set of + conditions to mount a replay attack using Message Payload. This change + will remove the possibility of these attacks. + + After including Source and Destination ID in message MAC, ONLY replay + attack possible is the following and with ONLY following conditions: + + 1. the attacker is able to record encrypted Message Payloads and has + the ability to replay them. + 2. the message payload is encrypted with static private message key + 3. the original sender of the message is not anymore in the network, + has changed nickname, has detached and resumed, or has reconnected + to other server. + 4. the original receiver of the message is still in the network, has + not changed nickname, has not detached and resumed, and has not + reconnected to any other server, or, some other user has the same + client ID. + 5. the attacker is able to get the same client ID as the original + sender. + 6. the original receiver still has the static key set for the same + remote client ID (for original sender's client ID). + + All this is possible to happen though likelyhood is quite small. It + does illustrate how inappropriate the use of static keys is. (***DONE) + + o The SILC public key identifier separator is ', ' not ','. The + whitespace is mandatory. (***DONE) + + o Definition of EAP as new authentication method for connection auth + protocol (RFC 3748). + + o Count limit to LIST command? + + o Strict announces if Channel ID is different than on router? To not + allow any modes, topic, etc changes from server if the ID was wrong + initially? Meaning: riding with netsplits not possible since the + channel created during split will not enforce is modes to the + router. Or more liberal solution, like now? Read emails on + silc-users. (This is very old issue) + + o The time values in STATS is 32-bits. After 2038 it's over 32-bits. + + o Consider for future authenticated encryption modes. -- 2.24.0