protocol update, require a recipient encrypted envelope or it cannot be

decrypted.
This commit is contained in:
Friendika 2011-09-02 01:56:02 -07:00
parent ada2384fbb
commit 7bee0bff0d

40
zot.txt
View file

@ -1,7 +1,7 @@
This is the Zot! social communications protocol. This is the Zot! social communications protocol.
Specification revision: 1 Specification revision: 1
01 September 2011 02 September 2011
Mike Macgirvin Mike Macgirvin
This specification is public domain. This specification is public domain.
@ -14,6 +14,10 @@ makes use of webfinger and ActivityStreams and several concepts from RFC822
(email). Zot encompasses the zot delivery framework, and the zid remote (email). Zot encompasses the zot delivery framework, and the zid remote
access protocol. access protocol.
The current specification revision (1) is frozen until a reference
implementation is available. After that, any protocol changes will require a
change to the revision number.
**************** ****************
* Zot delivery * * Zot delivery *
**************** ****************
@ -28,6 +32,8 @@ resolvable addresses containing both salmon and zot endpoints.
<zot:msg xmlns:zot='http://purl.org/zot/1.0'> <zot:msg xmlns:zot='http://purl.org/zot/1.0'>
<zot:key>((key))</zot:key> <zot:key>((key))</zot:key>
<zot:iv>((iv))</zot:iv> <zot:iv>((iv))</zot:iv>
<zot:env_key>((env_key))</zot:env_key>
<zot:env_iv>((env_iv))</zot:env_iv>
<zot:env>((envelope))</zot:env> <zot:env>((envelope))</zot:env>
<zot:sig key_id="xxx">((sender signature))</zot:sig> <zot:sig key_id="xxx">((sender signature))</zot:sig>
<zot:alg>AES-256-CBC</zot:alg> <zot:alg>AES-256-CBC</zot:alg>
@ -39,15 +45,33 @@ zot:key
******* *******
A suitable randomly generated encyption key of length 32 octets for encrypting A suitable randomly generated encyption key of length 32 octets for encrypting
the envelope and salmon packet. This is then encrypted with the sender's the salmon packet. This is then encrypted with the sender's private key and
private key and base64url encoded. base64url encoded.
zot:iv zot:iv
****** ******
A suitable randomly generated initialisation vector of length 16 octets for A suitable randomly generated initialisation vector of length 16 octets for
encrypting the envelope and salmon packet. This is then encrypted with the encrypting the salmon packet. This is then encrypted with the sender's private
sender's private key and base64url encoded. key and base64url encoded.
zot:env_key
***********
A suitable randomly generated encyption key of length 32 octets for encrypting
the envelope. This is then encrypted with the recipient's public key and
base64url encoded. For bulk deliveries, it is encrypted with the site bulk
delivery public key.
zot:env_iv
**********
A suitable randomly generated initialisation vector of length 16 octets for
encrypting the envelope. This is then encrypted with the recipient's public
key and base64url encoded. For bulk deliveries, it is encrypted with the site
bulk delivery public key.
zot:env zot:env
******* *******
@ -99,9 +123,8 @@ is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822.
The host component MUST be US-ASCII, with punycode translation of The host component MUST be US-ASCII, with punycode translation of
internationalised domain names applied. internationalised domain names applied.
The entire envelope is encrypted with alg using key and iv. Only AES-256-CBC The entire envelope is then encrypted using alg with env_key and env_iv and
is defined as an algorithm in this specification. The encrypted envelope is base64url encoded for transmission.
then base64url encoded for transmission.
The zot envelope MAY include remote addresses. A zot delivery agent MUST parse The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
all addresses and determine whether a delivery address to the current endpoint all addresses and determine whether a delivery address to the current endpoint
@ -246,6 +269,7 @@ Only authentication via OpenID is defined in this version of the specification.
This can be used to provide access control of any web resource to any This can be used to provide access control of any web resource to any
webfinger identity on the internet. webfinger identity on the internet.
********* *********
* Links * * Links *
********* *********