From 96e735fdd27bbf18a3a2d916882e574ec22fea21 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 1 Oct 2011 18:54:48 -0700 Subject: [PATCH] zot protocol update --- boot.php | 2 +- zot.txt | 124 +++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 93 insertions(+), 33 deletions(-) diff --git a/boot.php b/boot.php index 59eeb4643..61f5fb9f5 100644 --- a/boot.php +++ b/boot.php @@ -8,7 +8,7 @@ require_once("include/pgettext.php"); require_once('include/nav.php'); define ( 'FRIENDIKA_PLATFORM', 'Free Friendika'); -define ( 'FRIENDIKA_VERSION', '2.3.1120' ); +define ( 'FRIENDIKA_VERSION', '2.3.1121' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); define ( 'DB_UPDATE_VERSION', 1093 ); diff --git a/zot.txt b/zot.txt index 300b695ff..b160788e7 100644 --- a/zot.txt +++ b/zot.txt @@ -1,7 +1,7 @@ This is the Zot! social communications protocol. Specification revision: 1 -15 September 2011 +2 October 2011 Mike Macgirvin This specification is public domain. @@ -78,16 +78,21 @@ zot:env ******* This consists of RFC822-style header fields representing the sender and -recipient(s). Example: +recipient(s). Line lengths have no defined limit and RFC822 continuation +lines are not supported. If an inbound server is not able to process an +envelope or post due to size constraints, it SHOULD return a +"413 Entity too large" HTTP response. -From: bob@example.com -Sender: bob@example.com -To: alice@example.com +Example: -Both "From:" and "Sender:" MUST be provided, and represent a webfinger -address of the author and sender respectively. The webfinger address for -the From address MUST contain a discoverable salmon public key that -is needed to verify the enclosed salmon data. Sender is used to indicate +Z-From: zot:bob@example.com +Z-Sender: zot:bob@example.com +Z-To: zot:alice@example.com + +Both "Z-From:" and "Z-Sender:" MUST be provided, and represent a single +webfinger address of the author and sender respectively. The webfinger +address for the From address MUST contain a discoverable salmon public key +which is needed to verify the enclosed salmon data. Sender is used to indicate the webfinger identity responsible for transmitting this message. From indicates the message author. @@ -95,46 +100,91 @@ In web-based social systems, a reply to a message SHOULD be conveyed to all of the original message participants. Only the author of the original message may know all the recipients (such as those contained in Bcc: elements). The author of a message always provides 'From'. They MUST duplicate this -information as 'Sender'. +information as 'Sender' when posting a followup message. -A reply to a given message MUST be sent to the original From address, and MAY -be sent to any additional addresses in the recipient list. The original author -MUST send the reply to all known recipients of the original message, with -their webfinger identity as Sender, and the comment/reply author as From. +A reply to a given message MUST be sent to the From address of the original +post, and MAY be sent to any additional addresses in the recipient list. The +original post author MUST send the reply to all known recipients of the +original message, with their webfinger identity as Sender, and the +comment/reply author as From. Receiving agents SHOULD validate the From identity as the signer of the salmon magic envelope, and MAY reject it. They SHOULD also verify the Sender signature of the zot packet if it is different than the salmon signature. They MAY reject the message if the Sender is not allowed in their "friend list", or if they do not have a suitable relationship with the Sender, or if either -signature fails to validate. +signature fails to validate. Rejected messages for one of these reasons SHOULD +be indicated with a "400 Bad Request" HTTP response. -To: * +Z-To: * indicates a public message with no specifically enumerated recipients. -The fields To:, Cc:, and/or Bcc: MAY be present. At least one recipient field -MUST be present. These fields may use the entire syntax specified by RFC822, -for example: +The fields Z-To: and/or Z-Bcc: MAY be present. At least one recipient field +MUST be present. -To: "Bob Smith" , "Alice Jones" +Z-To: zot:bob@example.com, zot:alice@example.com, mailto:dave@example.com +Z-Bcc: zot:https://example.com/profile/richard -is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822. -The host component MUST be US-ASCII, with punycode translation of -internationalised domain names applied. +are valid entries. Adresses are comma separated and individual entries MUST NOT +contain commas. There MAY be any number of ASCII space characters between +entries for legibility. Header lines are terminated with a linefeed character +(ASCII 0x0A). -The entire envelope is then encrypted using alg with env_key and env_iv and +This specification provides the following foreign protocol address prefixes +for use in Z-To: or Z-Bcc: elements: + +zot: - normal zot delivery using webfinger or LRDD resolvable address +ostatus: - normal OStatus delivery using webfinger or LRDD resovable address +diaspora: - Diaspora network delivery using webfinger address +facebook: - Facebook profile page URL +twitter: - Twitter personal page URL without AJAX '#!' fragment +mailto: - email RFC822/ESMTP address + +Examples: + +twitter:http://twitter.com/bjensen +facebook:http://facebook.com/profile.php?id=000000001 + +Foreign protocol addresses which have not been defined in this specification +or future revisions of this specification and which are unknown to the +recipient delivery process MAY be ignored. + +In cases where an address may contain either a webfinger or LRDD address, the +webfinger address SHOULD be used preferentially. + + +Z-Bcc: +****** + +The Z-Bcc element may contain one or more addresses which are hidden from end +user presentation. A zot receiving system MUST NOT store or allow for +the display of the Bcc information. Implementations which require extreme +privacy SHOULD send individual posts to each of the Bcc: recipients containing +only a single address. They MAY send all Bcc: posts using bulk delivery, +however this may have privacy implications as there is no guarantee a +receiving system will not log, store, or otherwise reveal the contents of the +Bcc recipient list. + +Z-To: addresses MAY be shown to an end user. + + +Envelope encryption +******************* + + +The entire envelope is encrypted using alg with env_key and env_iv and base64url encoded for transmission. -The zot envelope MAY include remote addresses. A zot delivery agent MUST parse -all addresses and determine whether a delivery address to the current endpoint -is valid. This may be the result of: +The zot envelope MAY include remote addresses. A zot inbound delivery agent +MUST parse the envelope and determine whether a delivery address to the +current endpoint is valid. This may be the result of: 1. An address contains the public message wildcard '*' 2. The current endpoint is a personal endpoint and one of the recipients -listed in the To:, Cc:, or Bcc: addresses matches the webfinger address of +listed in the Z-To: or Z-Bcc: addresses matches the webfinger address of the "owner" of the endpoint. 3. The current endpoint is a bulk delivery endpoint. The bulk delivery @@ -219,7 +269,8 @@ We anticipate this specification will in the future allow for a close variant of "message/rfc822" and which may include MIME. This may also be used to embed alternate message formats and protocols such as "application/x-diaspora+xml". If a delivery agent is unable to provide any -acceptable data format, the delivery MUST be terminated/cancelled. +acceptable data format to the remote system, the delivery to that system MUST +be terminated/cancelled. Foreign Messages **************** @@ -233,9 +284,18 @@ systems MAY reject foreign messages. -********************** -* Zid authentication * -********************** + + +******************************* +* Zid (Zot-ID) authentication * +******************************* + +This section of the document is considered separate from the delivery +specification precding it and represents a different protocol, which is +currently incomplete. This will be split off into another document in the +future, but is presented here as a synergistic component of the Zot network +model. + URLs may be present within a zot message which refer to private and/or protected resources. Zid uses OpenID to gain access to these protected