protocol update, require a recipient encrypted envelope or it cannot be
decrypted.
This commit is contained in:
parent
ada2384fbb
commit
7bee0bff0d
40
zot.txt
40
zot.txt
|
@ -1,7 +1,7 @@
|
||||||
This is the Zot! social communications protocol.
|
This is the Zot! social communications protocol.
|
||||||
|
|
||||||
Specification revision: 1
|
Specification revision: 1
|
||||||
01 September 2011
|
02 September 2011
|
||||||
|
|
||||||
Mike Macgirvin
|
Mike Macgirvin
|
||||||
This specification is public domain.
|
This specification is public domain.
|
||||||
|
@ -14,6 +14,10 @@ makes use of webfinger and ActivityStreams and several concepts from RFC822
|
||||||
(email). Zot encompasses the zot delivery framework, and the zid remote
|
(email). Zot encompasses the zot delivery framework, and the zid remote
|
||||||
access protocol.
|
access protocol.
|
||||||
|
|
||||||
|
The current specification revision (1) is frozen until a reference
|
||||||
|
implementation is available. After that, any protocol changes will require a
|
||||||
|
change to the revision number.
|
||||||
|
|
||||||
****************
|
****************
|
||||||
* Zot delivery *
|
* Zot delivery *
|
||||||
****************
|
****************
|
||||||
|
@ -28,6 +32,8 @@ resolvable addresses containing both salmon and zot endpoints.
|
||||||
<zot:msg xmlns:zot='http://purl.org/zot/1.0'>
|
<zot:msg xmlns:zot='http://purl.org/zot/1.0'>
|
||||||
<zot:key>((key))</zot:key>
|
<zot:key>((key))</zot:key>
|
||||||
<zot:iv>((iv))</zot:iv>
|
<zot:iv>((iv))</zot:iv>
|
||||||
|
<zot:env_key>((env_key))</zot:env_key>
|
||||||
|
<zot:env_iv>((env_iv))</zot:env_iv>
|
||||||
<zot:env>((envelope))</zot:env>
|
<zot:env>((envelope))</zot:env>
|
||||||
<zot:sig key_id="xxx">((sender signature))</zot:sig>
|
<zot:sig key_id="xxx">((sender signature))</zot:sig>
|
||||||
<zot:alg>AES-256-CBC</zot:alg>
|
<zot:alg>AES-256-CBC</zot:alg>
|
||||||
|
@ -39,15 +45,33 @@ zot:key
|
||||||
*******
|
*******
|
||||||
|
|
||||||
A suitable randomly generated encyption key of length 32 octets for encrypting
|
A suitable randomly generated encyption key of length 32 octets for encrypting
|
||||||
the envelope and salmon packet. This is then encrypted with the sender's
|
the salmon packet. This is then encrypted with the sender's private key and
|
||||||
private key and base64url encoded.
|
base64url encoded.
|
||||||
|
|
||||||
zot:iv
|
zot:iv
|
||||||
******
|
******
|
||||||
|
|
||||||
A suitable randomly generated initialisation vector of length 16 octets for
|
A suitable randomly generated initialisation vector of length 16 octets for
|
||||||
encrypting the envelope and salmon packet. This is then encrypted with the
|
encrypting the salmon packet. This is then encrypted with the sender's private
|
||||||
sender's private key and base64url encoded.
|
key and base64url encoded.
|
||||||
|
|
||||||
|
zot:env_key
|
||||||
|
***********
|
||||||
|
|
||||||
|
A suitable randomly generated encyption key of length 32 octets for encrypting
|
||||||
|
the envelope. This is then encrypted with the recipient's public key and
|
||||||
|
base64url encoded. For bulk deliveries, it is encrypted with the site bulk
|
||||||
|
delivery public key.
|
||||||
|
|
||||||
|
|
||||||
|
zot:env_iv
|
||||||
|
**********
|
||||||
|
|
||||||
|
A suitable randomly generated initialisation vector of length 16 octets for
|
||||||
|
encrypting the envelope. This is then encrypted with the recipient's public
|
||||||
|
key and base64url encoded. For bulk deliveries, it is encrypted with the site
|
||||||
|
bulk delivery public key.
|
||||||
|
|
||||||
|
|
||||||
zot:env
|
zot:env
|
||||||
*******
|
*******
|
||||||
|
@ -99,9 +123,8 @@ is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822.
|
||||||
The host component MUST be US-ASCII, with punycode translation of
|
The host component MUST be US-ASCII, with punycode translation of
|
||||||
internationalised domain names applied.
|
internationalised domain names applied.
|
||||||
|
|
||||||
The entire envelope is encrypted with alg using key and iv. Only AES-256-CBC
|
The entire envelope is then encrypted using alg with env_key and env_iv and
|
||||||
is defined as an algorithm in this specification. The encrypted envelope is
|
base64url encoded for transmission.
|
||||||
then base64url encoded for transmission.
|
|
||||||
|
|
||||||
The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
|
The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
|
||||||
all addresses and determine whether a delivery address to the current endpoint
|
all addresses and determine whether a delivery address to the current endpoint
|
||||||
|
@ -246,6 +269,7 @@ Only authentication via OpenID is defined in this version of the specification.
|
||||||
This can be used to provide access control of any web resource to any
|
This can be used to provide access control of any web resource to any
|
||||||
webfinger identity on the internet.
|
webfinger identity on the internet.
|
||||||
|
|
||||||
|
|
||||||
*********
|
*********
|
||||||
* Links *
|
* Links *
|
||||||
*********
|
*********
|
||||||
|
|
Loading…
Reference in New Issue
Block a user