[eichin:19900428.0642EST] Notes on protocol elements of NOX All replies can be FAILED instead of the reply listed. Notation: { x } y indicates X sealed in key Y [ foo ]* arbitrary number of tuples foo [optional foo] optional item foo Compartment: Key_List, Mod_Time, Text_Description, ACL_List, Current_Sequence_Number of which Key_List: [ Key, Key_Version, Cryptosystem_Type ]* Mod_Time: last time this compartment was modified Text_Description: up to 256 chars, describing for humans ACL_List: [Auth_Id, Opcode, Num_Votes]* Current_Sequence_Number: 0 or current value Satchel: Nox_Private_Satchel_Key_Version, Nox_Server_Name, { Compartment_Name, Compartment_Key_Version } Nox_Private_Satchel_Key, { Satchel_Creator, Satchel_Date, [optional ACL_List,] Data } Compartment_Key Proxy: Nox_Private_Proxy_Key_Version, { Request_Identifier, Num_Votes } Nox_Private_Proxy_Key Beg for Proxy: Compartment_Name, Ticket(?), Opcode, OtherData(?) Proxy [note: should Num_Votes be returned to allow Beggar to decide when it might have enough? it can't always know, esp. if it doesn't have access to STATUS.] [note that Compartment_Name,Ticket,Opcode are what get checksummed. This assumes however that OtherData could be changed; they are included only because they may help convince the grantor to actually send back a proxy. This is weak; since OtherData isn't checksummed, the Proxy could be used for something else, so why bother sending something so easily spoofed. While an entire satchel could be included in the checksum, "raw data" (for creation of a satchel) could not be sent since it would require a shared key (necessitating user-to-user authentication, which is not otherwise needed by Nox.) ] Request Proxy Creation: Generic_Request(PROXY, [Opcode, Checksum, Num_Votes]) Proxy [note that Opcode,Ticket are enough to generate the proxy.] Generic_Request: Version_Number, Compartment_Name, Ticket, , , [ Proxy ]* Opcode: [one-of ADMINISTRATE, ENCRYPT, DECRYPT, EXAMINE, CHANGEKEY, STATUS, EMBEDACL] Request for Satchel Encrypt: Generic_Request(ENCRYPT, { Data } Session_Key) Satchel [note that Ticket contains { Session_Key } Nox_Service_Key] Request for Satchel Decrypt: Generic_Request(DECRYPT, Satchel) { Data } Session_Key Request for Satchel Info: Generic_Request(EXAMINE, Satchel) { Satchel_Creator, Satchel_Date, [optional ACLs] } Session_Key [note that the Info returned needs to be encrypted in the Session_Key, if it could be considered sensitive - and it probably is, if it is worth putting an ACL around it!] Request for Administrate: Generic_Request(ADMINISTRATE, [User, Value, Num_Votes]*) SUCCESS (or FAILED) [note: can we ADMINISTRATE a self-contained Satchel? if so, we need to pass it in and retrieve the copy.] Request for Change of Key: Generic_Request(CHANGEKEY, [optional Satchel]) [optional New Satchel] or SUCCESS (or FAILED) Request for Status List: Generic_Request(STATUS, [optional Satchel]) { ACL_List, Mod_Time } Session_Key Request to Build-In Acl: Generic_Request(EMBEDACL, Satchel) new Satchel