protocol update, require a recipient encrypted envelope or it cannot be
decrypted.
This commit is contained in:
parent
ada2384fbb
commit
7bee0bff0d
1 changed files with 32 additions and 8 deletions
40
zot.txt
40
zot.txt
|
@ -1,7 +1,7 @@
|
|||
This is the Zot! social communications protocol.
|
||||
|
||||
Specification revision: 1
|
||||
01 September 2011
|
||||
02 September 2011
|
||||
|
||||
Mike Macgirvin
|
||||
This specification is public domain.
|
||||
|
@ -14,6 +14,10 @@ makes use of webfinger and ActivityStreams and several concepts from RFC822
|
|||
(email). Zot encompasses the zot delivery framework, and the zid remote
|
||||
access protocol.
|
||||
|
||||
The current specification revision (1) is frozen until a reference
|
||||
implementation is available. After that, any protocol changes will require a
|
||||
change to the revision number.
|
||||
|
||||
****************
|
||||
* Zot delivery *
|
||||
****************
|
||||
|
@ -28,6 +32,8 @@ resolvable addresses containing both salmon and zot endpoints.
|
|||
<zot:msg xmlns:zot='http://purl.org/zot/1.0'>
|
||||
<zot:key>((key))</zot:key>
|
||||
<zot:iv>((iv))</zot:iv>
|
||||
<zot:env_key>((env_key))</zot:env_key>
|
||||
<zot:env_iv>((env_iv))</zot:env_iv>
|
||||
<zot:env>((envelope))</zot:env>
|
||||
<zot:sig key_id="xxx">((sender signature))</zot:sig>
|
||||
<zot:alg>AES-256-CBC</zot:alg>
|
||||
|
@ -39,15 +45,33 @@ zot:key
|
|||
*******
|
||||
|
||||
A suitable randomly generated encyption key of length 32 octets for encrypting
|
||||
the envelope and salmon packet. This is then encrypted with the sender's
|
||||
private key and base64url encoded.
|
||||
the salmon packet. This is then encrypted with the sender's private key and
|
||||
base64url encoded.
|
||||
|
||||
zot:iv
|
||||
******
|
||||
|
||||
A suitable randomly generated initialisation vector of length 16 octets for
|
||||
encrypting the envelope and salmon packet. This is then encrypted with the
|
||||
sender's private key and base64url encoded.
|
||||
encrypting the salmon packet. This is then encrypted with the sender's private
|
||||
key and base64url encoded.
|
||||
|
||||
zot:env_key
|
||||
***********
|
||||
|
||||
A suitable randomly generated encyption key of length 32 octets for encrypting
|
||||
the envelope. This is then encrypted with the recipient's public key and
|
||||
base64url encoded. For bulk deliveries, it is encrypted with the site bulk
|
||||
delivery public key.
|
||||
|
||||
|
||||
zot:env_iv
|
||||
**********
|
||||
|
||||
A suitable randomly generated initialisation vector of length 16 octets for
|
||||
encrypting the envelope. This is then encrypted with the recipient's public
|
||||
key and base64url encoded. For bulk deliveries, it is encrypted with the site
|
||||
bulk delivery public key.
|
||||
|
||||
|
||||
zot:env
|
||||
*******
|
||||
|
@ -99,9 +123,8 @@ is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822.
|
|||
The host component MUST be US-ASCII, with punycode translation of
|
||||
internationalised domain names applied.
|
||||
|
||||
The entire envelope is encrypted with alg using key and iv. Only AES-256-CBC
|
||||
is defined as an algorithm in this specification. The encrypted envelope is
|
||||
then base64url encoded for transmission.
|
||||
The entire envelope is then encrypted using alg with env_key and env_iv and
|
||||
base64url encoded for transmission.
|
||||
|
||||
The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
|
||||
all addresses and determine whether a delivery address to the current endpoint
|
||||
|
@ -246,6 +269,7 @@ Only authentication via OpenID is defined in this version of the specification.
|
|||
This can be used to provide access control of any web resource to any
|
||||
webfinger identity on the internet.
|
||||
|
||||
|
||||
*********
|
||||
* Links *
|
||||
*********
|
||||
|
|
Loading…
Reference in a new issue