From 8056cff61d1c336d3a964e2f767177b680a352be Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Mon, 30 Jul 2001 20:23:06 +0000 Subject: [PATCH] updates. --- doc/whitepaper/silc_protocol.html | 186 ++++++++++++++++++++++++++++-- 1 file changed, 179 insertions(+), 7 deletions(-) diff --git a/doc/whitepaper/silc_protocol.html b/doc/whitepaper/silc_protocol.html index 18c79e26..09d980af 100644 --- a/doc/whitepaper/silc_protocol.html +++ b/doc/whitepaper/silc_protocol.html @@ -11,7 +11,45 @@ -

About the White Paper

+


+

Introduction

+ +Chat protocols are very popular on the Internet. They have actually +been very popular since the very first chat protocols appeared on the net. +The Internet Relay Chat (IRC) was one of the first chat protocols, and quickly +gained the status of being the most popular chat on the net. Today, IRC +has several competitors from various other so called Instant Messaging (IM) +protocols, such as ICQ. However, all of these different chat protocols +have something in common; they are all insecure. +

+ +The security is important feature in applications and protocols in +contemporary network environment. The older chat protocols, however have +failed to deal with the growing security requirements on the Internet. +It is not anymore enough to just provide services, like for example +chat services. Now, they need to be secure services. +

+ +The Secure Internet Live Conferencing (SILC) protocol is a new generation +chat protocol which provides full featured conferencing services, just +like any other contemporary chat protocol provides. In addition, it +provides security by encrypting and authenticating the messages in +the network. The security has been the primary goal of the SILC protocol +and the protocol has been designed from the day one security in mind. +All packets and messages travelling in the SILC Network are always +encrypted and authenticated. The network topology is also different +from for example IRC network. The SILC network topology attempts to be +more powerful and scalable than the IRC network. The basic purpose +of the SILC protocol is to provide secure conferencing services. +

+ +The SILC Protocol have been developed as Open Source project. The +protocol specifications are freely available and they have been submitted to +the IETF. The very first implementations of the protocol are also already +available. + + +

About This White Paper

The purpose of this white paper is to give short but deep enough introduction to the SILC Protocol. The document describes the purpose of the protocol @@ -34,12 +72,6 @@ the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -


-

Summary

- -xxx - -


SILC Protocol

@@ -51,15 +83,127 @@ xxx

Clients

+A client is a piece of software connecting to SILC server. The software +is usually run by the end user, a real person that is. The purpose of the +clients is to provide the end user an interface to the SILC services. +They are used to actually engage the conversations on the SILC Network, +and they can be used to execute various SILC commands. +

+ +The clients are distinquished from other clients by unique Client ID. +There cannot be multiple same Client IDs in the SILC Network at the same time. +The end user, however does not use Client IDs. The end users usually selects +a perferred nickname they want to use, and identifies themself with that +nickname to other users on the network. The nicknames are not unique in +the SILC Network. There can be multiple same nicknames at the same time +on the network. The maximum length for the nickname is 128 characters. +

+ +Most of the other chat protocols have unique nicknames. This is where SILC +differs from most of the other chat protocols. The purpose of this +feature is to make IRC style nickname wars obsolete, as no one owns their +nickname; there can always be somene else with the same nickname. +

+ +When client connects to the server the SILC Key Exchange (SKE) protocol and +SILC Connection Authentication protocol are executed. The result of the +SKE protocol is the session key that the client and server use to secure +their communication. All commands, for example, that the client sends +to the server are secured with the session key. The session key expires +periodically and the rekey process can be executed with or without the +Perfect Forward Secrecy (PFS). The connection authentication protocol is +used to authenticate the client to the server. The server may allow the +client to connect without authentication, or it may require a passphrase or +public key encryption based authentication. + +


Servers

+Servers forms the basis for the SILC Network, by providing a point to which +clients may connect. There are two kinds of servers in SILC; normal servers +and router servers. The next section describes the function of router +server. +

+ +Normal servers connect to router server. Normal servers cannot directly +connect to other normal servers. Messages that are destined outside the +local server are always sent to the router for further routing. +The clients usually connect to the normal server, however, clients may +connect to router servers as well. The SILC Network diagram above +illustrates how normal servers connects to the router server. +

+ +The servers are distinquished by other servers in the network by unique +Server ID. There cannot be multiple same Server IDs in the SILC Network +at the same time. The servers keep track of local information. It knows +all locally connected clients and it knows all channels that its clients +have joined. However, it does not know any global information. It +usually does not keep track of global clients, however, it may cache +that information if it was queried. The reason for this is that the +server does not need to keep global information up to date and thus +makes the server faster. They can always query the information from +the router. +

+ +When server connects to its router the SILC Key Exchange (SKE) protocol +and the SILC Connection Authentication protocol are executed, just like +when client connects to server. The SKE results in to the session key +that is used to secure the communication between the server and the +router. The connection authentication protocol is used to authenticate +the server to the router. The authentication is always based in either +passphrase or public key encryption. + +


Routers

+The router servers are servers that actually handles the message routing +in the network. They are, however also normal servers and they do accept +client connections. Each of the router in the network is called a cell. +The cell can have only one active router and it may have several servers +and several clients. The cell, however may have backup routers that can +take over the tasks of the primary router if it becomes unreachable. +The switch to the backup router should be transparent and only local +connections to the primary router are lost. Other connections in the +cell are intact, and clients and servers merely experience some lag in +the network connection during the switch to the backup router. +

+ +The normal server knows only local information. Router server on the +other hand knows local information and global information. It considers +the cell as local and outside cells as global. It knows all the clients +connected to the network, all created channels, and all routers and servers +in the network. The server may query the global information if it is needed. +For example, when client sends WHOIS command, the server may query the +information from the router. If the router does not know all the details +that the WHOIS command requires it can query the information from a router +or a server which knows all the details. It may then cache that information. +

+ +The primary purpose of the router server is to route the messages to +local servers and local clients, and messages that are destined to outside +the cell are routed to the primary route or some other secondary +route if it is a faster route. The routers in the network forms a ring. +Each router has a primary route to other router in the network. Finally +the ring is closed by the last router using the first router in the +network as its primary route. +

+ SILC Routers +


+ +The diagram above illustrates how the routers forms a ring in the network. +A router may have several secondary routes which it may use when it +routes the packets. +

+ +When routers connect to its primary router the SKE and the SILC Connection +Authentication protocols are executed just like when normal server connects +to its router. The session key is used to secure the communication between +the routers. All the secondary routes also have their own session keys.


@@ -273,6 +417,34 @@ method of private message delivery is very simple and recommended.

Conclusions

+


+

Further Information

+

+More detailed information about the SILC Protocol is available in the +SILC Protocol specification documents. There exists currently four +Internet Drafts that defines the protocol in great detail. The Internet +Drafts are available from the following sources but also from the +IETF website. +

+ +- +Secure Internet Live Conferencing (SILC), Protocol Specification +
+ +- +SILC Packet Protocol +
+ +- +SILC Key Exchange and Authentication Protocols +
+ +- +SILC Commands +
+ + +


Terms and Abbreviations

-- 2.24.0