MITSign: A Kerberized PGP Keysigner Protocol Description Derek Atkins 17 Dec 1994 Introduction This document specifies the MITSign Protocol. For more information on MITSign, you should read the paper "Scaling the Web of Trust: Combining Kerberos and PGP to Provide Large Scale Authentication", Jeffrey I. Schiller and Derek Atkins, 1994. Simple Protocol Description In simple terms, the protocol starts with the client sending a protocol string, an authentication block, and then the PGP key to be signed. The server then replies with a block of data, which, if all is successful, will be the signed PGP key. In graphical terms, this looks like this: Client Server Protocol String ----------> Authentication Data ------> PGP key ------------------> <------------ Response Protocol String The protocol string is an 8-byte magic string that defines the kind of authentication to be performed. The string is made by seven (7) ASCII characters and a NULL terminator. Currently, the defined protocol strings are: AuthKv4 - Kerberos V4 authentication (krb_sendauth) If the server does not recognize the protocol string, it will just return an error to the client in the response. Authentication Data Right after the protocol string is sent from the client, the client will send an authentication based upon the string it sent. For Kerberos V4 authentication, the authentication is done by executing the Kerberos library function krb_sendauth(). If the authentication fails, then the server will respond to the client with an error message explaining what failed. PGP Key and Response Sending a PGP key and a Response uses the same mechanism. The data is sent in three parts: length, error, data. The length and error values are 4-byte integers, and are sent in Network Byte Order (MSB first). The length only includes the length of the data, and does not include itself or the error in its value. The receiver should expect at least 8 bytes: 4 bytes for the length, and 4 bytes for the error. Then it should read length bytes of data. The error value is used to send information about the contents of the data. If the error code is zero, then the data should contain a PGP key. If the error is some other value, then the data contains an error message, which should be displayed to the user. Key Verification The Keysigner should verify the kerberos ticket that is passed from the client, make sure the instance is NULL, compare the realm to the list of valid realms, compare the principle to the userID on the PGP key, and compare the mail domain on the PGP key to the list of valid domains for the Kerberos realm. If all these checks succeed, the server should sign the key, and return it to the user. If not, then the server returns an error message to the user explaining the problem.