[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Added first attempt at server descritption format. Thi...



Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv3010

Modified Files:
	minion-spec.tex 
Log Message:
Added first attempt at server descritption format.  This is awfully
gappy, but it's a good starting point.


Index: minion-spec.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-spec.tex,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -d -r1.36 -r1.37
--- minion-spec.tex	25 Jun 2002 15:02:18 -0000	1.36
+++ minion-spec.tex	30 Jun 2002 23:38:34 -0000	1.37
@@ -718,7 +718,7 @@
 * A sends "SEND", NL, M, H(M,"SEND") (5 + 32k + 20 bytes)
 * B sends "RECEIVED", NL, H(M,"RECEIVED") (9 + 20 bytes)
 
-* A sends an SSL handshake renegotiation message.
+* A sends an TLS handshake renegotiation message.
   (and MUST not reuse the same key for 
    transfering another message)
   This updates the session key and overrides the old ones.
@@ -740,27 +740,163 @@
 the communication partners must be signed using a key that hashes
 appropriately.
 
-\section{Remailer Information Exchange format}
+\section{MIX Information Exchange format}
 
-[Need to provide signature + encryption keys, expiry dates, root of
-list of hashes, Address, services and modules, policies, ...]
+In order to automate and standardize directory servers, we provide 
+a standardized extensible server descriptor format.
 
-[A more comprehensive list of things that the Remailer information
-needs to provide:
+All server descriptors and statistics blocks follow a simple
+section-based key/value format, with items loosely based on RFC822.
+
+-----BEGIN DOCTYPE-----
+[Section1]
+Key: Value
+Key: Value
+Key: Value
+
+Key: Value
+Key: Value
+ That
+ Spans a few lines.
+
+[Section2]
+Key: Value
+-----END DOCTYPE-----
+
+[XXXX For configuration files, we should allow a broader format.  It
+  should allow '=' and ' ' as synonyms for ':'.  It should also allow
+  comments preceded with '#'. -NM]
+
+\subsection{Syntax}
+
+(Notation:  X*: 0 or more occurences of X.
+            X+: 1 or more occurences of X.
+	    X?: 0 or 1 occurrences of X.
+            X Y: An occurrence of X followed by an occurrence of Y.
+	    X*{Y}: 0 or more occurrences of X separated by occurences
+                  of Y.
+            X|Y: Either an occurrence of X, or an occurence of Y.)
+
+Descriptor = NL* Beginline Section* Endline NL*
+
+Beginline = '-----BEGIN ' Doctype '------' NL+
+
+Endline = '-----END ' Doctype '------' NL+
+
+Doctype = (<any printable character but '-'>)+
+
+Section = SectionLine EntryLine*
+
+SectionLine = '[' Word ']' NL+
+
+EntryLine = Word ':' (' ' | '\t')+ Data ContinuationLine* NL+
+
+Word = (<Any printable, non-space character but ':'>)+
+
+Data = (<any character but NL>)*
+
+ContinuationLine = (' ' | '\t')+ Data NL
+
+[XXXX Again, NL = '\n', or NL = '\r\n'?? -NM]
+
+\section{Mixminion descriptor blocks}
+
+This section describes the format of server descriptors, as uploaded
+to and downloaded from directory servers.  A server descriptor is a
+promise, by a MIX's administrators, to provide a given set of
+services, keys, and exit policies over a set period of time.
+
+
+'Doctype' above must be 'Mixminion Server'.  It must begin with a
+'Server' section.  This section includes the entries:
+
+     'Descriptor-Version':  the string "1.0"
+     'IP': An IPv4 address, in dotted-quad format.
+     'Nickname': A human-readable identifier for this server.  If it
+         contains any periods, it must be a fully qualified DNS name
+         which resolves to the provided IP for the entire lifetime of
+         this Descriptor block.
+     'Identity': The modulus of this Mix node's long-term signing key,
+         represented in ASN.1, and encoded in BASE64.  Whitespace in
+         this field is ignored, to allow the key to span multiple
+         lines.  The modulus of this key should be at least 2048 bits
+         long.  The exponent of this key must be 65535.
+
+	 Clients should at least give a warning if the identity key of
+         any server should ever change. [XXXX Write more in section
+         about directory servers. -NM]
+     'Digest': The digest of this server block.  See below.
+     'Signature': The signed digest of this block.  See below.
+     'Valid-After': A date, in the form 'DD/MM/YYYY'.  After midnight GMT
+         on this date, this server must support the operations listed
+         in this descriptor.
+     'Valid-Until': A date, in the form 'DD/MM/YYYY'.  Until midnight
+         GMT on this date, this server must support the operations listed
+         in this descriptor.
+     'Contact': An email address that may be used to contact the
+         administrator of this server. Optional field.
+     'Comments': Human-readable information about this server.  Must
+         be <1024 bytes long.  It *must not* be necessary to read this
+         information to use the server properly.
+     'Packet-key': A BASE64-encoded modulus used to encode subheaders
+         intended for this server.
+
+The digest of a descriptor block is computed by replacing all digest
+and signature fields with the empty string, and computing the SHA-1
+digest of the result.  The signed digest is the OAEP/PCKS1 signature
+of the digest with the server's identity key.  Both of these values
+are represented in BASE64, with whitespace allowed.
+
+If this sever accepts incoming MMTP connections, it must have an
+'Incoming/MMTP' section, with the following entries:
+
+     'MMTP-Descriptor-Version': The string '1.0'
+     'Port': A port at which IP accepts incoming MMTP connections.
+     'Key-Digest': The KEYID of this server, encoded in BASE64.
+
+[XXXX Should we include MMTP versions here? -NM]
+
+If this server supports outgoing MMTP connections, it must have a
+'Modules/MMTP' section, with one entry of the form:
+
+      'MMTP-Descriptor-Version': The string '1.0'
+
+and any number of entries of the form:
+
+      'Allow': Address
+      'Deny': IP
+
+The patterns are of the form:
+
+   IP/Port = IP ('/' Mask)? (Port ('-' MaxPort)?)?
+
+An omitted mask defaults to 255.255.255.255.  An omitted portrange
+defaults to 48099 on ALLOW and 0-65535 on DENY.
+
+The entries are order-significant; the first one to match wins.
+
+The default policy is 'Deny: 0.0.0.0/0.0.0.0'
+
+If this server supports outgoing SMTP connections, XXXX
+
+If this server supports LOCAL delivery, XXXX
+
+Other services provided by this server should each have their own section.
+
+(Note: A server need not advertise all of its capabilities; it is
+permissible (for example) for a server that supports incoming MMTP
+connections to omit the Incoming/MMTP section.)
+
+A client should ignore any sections it does not recognize, but should
+not use any service whose sections have an unrecognized descriptor
+version.
+
+[XXXX I suggest that the following section on Trust management be
+  omitted, until we figure out what we really want in the way of
+  directory service. -NM]
+
+[XXXX
 
-Status: Serial Number, Supercedes, Timestamp created, timestamp to
-        refresh, urgency (revokation, routine ...)	  
-Address and names: IP Address, TCP Port, Name of Owner, e-mail of
-                   admin, trust domain(s) 
-RSA Long Term Verification Public Key of server: e, n, timestamp,
-                   hash(e, n, IP, Port). (next key hash)
-RSA Short Term Encryption Public Key: e, n, timestamp, Hash(...)
-Network Services: MixMinion Protocols supported.
-		  MMTP Protocols supported.
-	          SMTP Support flag, address restrictions.
-                  LOCAL Support flag, mailbox restrictions.
-	          IP addresses it will accept and send to.
-Modules: Modules supported, configurations.
 Trust Management: Hash of the State of the world as the mix knows it at
         that point. This can be the hash of a whole tree:
 
@@ -782,6 +918,17 @@
 check that the historic information (and stats) across the network has
 not been modified. (there is only the need to reveal the hashes from a
 node to the head of the tree to check the validity of the information).
+
+XXXX]
+
+\subsection{Directories}
+
+A 'directory' is a signed list of MIX nodes.  It is transmitted as a
+'Mixminion Directory' block and a list of 'Mixminion Server' blocks.
+By convention, the server blocks are sorted in ascending order by
+their Identity Moduli.
+
+[XXXX What's in a directory? -NM]
 
 \section{Statistics Information Exchange formats}