		MITSign: A Kerberized PGP Keysigner
		       Protocol Description

			  Derek Atkins
			<warlord@MIT.EDU>
			   17 Dec 1994

Introduction

   This document specifies the MITSign Protocol.  For more information on
   MITSign,  you   should read   the paper  "Scaling   the  Web of Trust:
   Combining  Kerberos and  PGP to  Provide Large Scale  Authentication",
   Jeffrey I. Schiller and Derek Atkins, 1994.

Simple Protocol Description

   In   simple terms, the protocol  starts    with the  client sending  a
   protocol string, an  authentication block, and then the  PGP key to be
   signed.  The  server then replies with a  block of data, which, if all
   is successful, will be the signed PGP key.

   In graphical terms, this looks like this:

	Client				Server

	Protocol String ---------->
	Authentication Data ------>
	PGP key ------------------>
	                <------------ Response

Protocol String

   The protocol string is an 8-byte magic string that defines the kind of
   authentication to be performed.  The string is made by seven (7) ASCII
   characters and  a  NULL terminator.  Currently,  the  defined protocol
   strings are:

	AuthKv4 - Kerberos V4 authentication (krb_sendauth)

   If the server does  not recognize  the protocol  string, it  will just
   return an error to the client in the response.

Authentication Data

   Right after the  protocol string is sent  from the  client, the client
   will  send an  authentication   based upon the   string it  sent.  For
   Kerberos V4 authentication,  the authentication  is done by  executing
   the Kerberos library function krb_sendauth().

   If the  authentication fails,  then  the server   will respond  to the
   client with an error message explaining what failed.

PGP Key and Response

   Sending a PGP key and a Response uses the same mechanism.  The data is
   sent in three parts: length, error, data.  The length and error values
   are 4-byte integers,  and are sent in  Network Byte Order (MSB first).
   The length only includes the length of the data,  and does not include
   itself or the error in its value.  The receiver should expect at least
   8 bytes: 4 bytes for the length, and  4 bytes for  the error.  Then it
   should read length bytes of data.

   The error value is used to send information  about the contents of the
   data.  If the error  code is zero, then the  data should contain a PGP
   key.  If the  error  is some other   value, then the data contains  an
   error message, which should be displayed to the user.

Key Verification

   The Keysigner  should verify the  kerberos ticket that  is passed from
   the client, make sure  the instance is NULL, compare  the realm to the
   list of  valid realms, compare the principle  to the userID on the PGP
   key, and compare the  mail domain on the PGP  key to the list of valid
   domains  for  the Kerberos  realm.   If all these  checks succeed, the
   server should sign the key, and return  it to the  user.  If not, then
   the server    returns an error message  to    the user  explaining the
   problem.

