[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: sacred -05.txt]


Folks,

Due to mails passing one another by and the holidays the latest
draft doesn't contain some work that Marshall did on appendix B
(sorry again Marshall).

I propose adding this in next time 'round, so if you're reviewing 
the -05 version, try to check this version of appendix B if you
find something that needs fixing. There should be no substantive 
difference, just corrections and some new comments on what's 
happening with which messages.

Happy new year,
Stephen.


>                                   #######
> 
> Appendix B: An Example of Tuning with BEEP
> 
> Here is what tuning BEEP for authentication and privacy looks like
> using TLS and SASL's DIGEST-MD5:
> 
> L: <wait for incoming connection>
> I: <open connection>
> 
> ... each peer sends a greeting indicating the services that
>     it offers ...
> 
> L: RPY 0 0 . 0 233
> L: Content-Type: application/beep+xml
> L:
> L: <greeting>
> L:    <profile uri='http://iana.org/beep/SASL/DIGEST-MD5' />
> L:    <profile uri='http://iana.org/beep/TLS' />
> L:    <profile uri='http://iana.org/beep/transient/sacred/bss' />
> L: </greeting>
> L: END
> I: RPY 0 0 . 0 52
> I: Content-Type: application/beep+xml
> I:
> I: <greeting />
> I: END
> 
> 
> ... the initiator starts a channel for TLS and piggybacks a request
>     to start the TLS negotiation ...
> 
> I: MSG 0 1 . 52 149
> I: Content-Type: application/beep+xml
> I:
> I: <start number='1'>
> I:    <profile uri='http://iana.org/beep/TLS'>
> I:        &lt;ready />
> I:    </profile>
> I: </start>
> I: END
> 
> ... the listener creates the channel and piggybacks its readiness to
>     start TLS ...
> 
> L: RPY 0 1 . 233 112
> L: Content-Type: application/beep+xml
> L:
> L: <profile uri='http://iana.org/beep/TLS'>
> L:     &lt;proceed />
> L: </profile>
> L: END
> 
> ... upon receiving the reply, the initiator starts up TLS ...
> 
> 
> ... successful transport security negotiation ...
> 
> 
> ... a new greeting is sent (cf., Section 9 of RFC 3080), note that
>     the listener no longer advertises TLS (we're already running
>     it)
> 
> L: RPY 0 0 . 0 186
> L: Content-Type: application/beep+xml
> L:
> L: <greeting>
> L:    <profile uri='http://iana.org/beep/SASL/DIGEST-MD5' />
> L:    <profile uri='http://iana.org/beep/transient/sacred/bss' />
> L: </greeting>
> L: END
> I: RPY 0 0 . 0 52
> I: Content-Type: application/beep+xml
> I:
> I: <greeting />
> I: END
> 
> 
> ... the initiator starts a channel for DIGEST-MD5 and piggybacks
>     initialization information for the mecdhanism ...
> 
> I: MSG 0 1 . 52 178
> I: Content-Type: application/beep+xml
> I:
> I: <start number='1'>
> I:    <profile uri='http://iana.org/beep/SASL/DIGEST-MD5'>
> I:        &lt;blob> ... &lt;/blob>
> I:    </profile>
> I: </start>
> I: END
> 
> ... the listener creates the channel and piggybacks a challenge ...
> 
> L: RPY 0 1 . 186 137
> L: Content-Type: application/beep+xml
> L:
> L: <profile uri='http://iana.org/beep/SASL/DIGEST-MD5'>
> L:     &lt;blob> ... &lt;/blob>
> L: </profile>
> L: END
> 
> ... the initiator sends a response to the challenge ...
> 
> I: MSG 1 0 . 0 58
> I: Content-Type: application/beep+xml
> I:
> I: <blob> ... </blob>
> I: END
> 
> ... the listener accepts the challenge and tells the initiator
>     that it is now authenticated ...
> 
> L: RPY 1 0 . 0 66
> L: Content-Type: application/beep+xml
> L:
> L: <blob status='complete' />
> L: END
> 
> 
> ... the initiator starts a channel for SACRED and piggybacks its
>     initial SACRED request ...
> 
> I: MSG 0 2 . 230 520
> I: Content-Type: application/beep+xml
> I:
> I: <start number='3'>
> I:    <profile uri='http://iana.org/beep/transient/sacred/bss' />
> I:        &lt;?xml version="1.0" encoding="UTF-8"?>
> I:        &lt;sacred:DownloadRequest
> I:          xmlns:sacred="urn:sacred-2002-11-20"
> I:          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> I:          xsi:schemaLocation="urn:sacred-2002-11-20 sacred.xsd">
> I:          &lt;CredentialSelector>
> I:                      magnus-credentials&lt;/CredentialSelector>
> I:        &lt;/sacred:DownloadRequest>
> I: </start>
> I: END
> 
> ... the listener creates the channel and piggybacks the response to the
>     initial SACRED request
> 
> L: RPY 0 2 . 323 805
> L: Content-Type: application/beep+xml
> L:
> L: <profile uri='http://iana.org/beep/transient/sacred/bss' />
> L:     &lt;?xml version="1.0" encoding="UTF-8"?>
> L:     &lt;sacred:DownloadResponse
> L:       xmlns:sacred="urn:sacred-2002-11-20"
> L:       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> L:       xsi:schemaLocation="urn:sacred-2002-11-20 sacred.xsd">
> L:       &lt;Status>Success&lt;/Status>
> L:       &lt;Credential>
> L:         &lt;CredentialSelector>
> L:              magnus-credential&lt;/CredentialSelector>
> L:         &lt;LastModified>2002-11-22T00:00:08Z&lt;/LastModified>
> L:         &lt;Payload>
> L:             &lt;sacred:SacredPKCS15
> L:               xmlns:sacred="urn:sacred-2002-11-20">GpM7
> L:             &lt;/sacred:SacredPKCS15>
> L:         &lt;/Payload>
> L:       &lt;/Credential>
> L:     &lt;/sacred:DownloadResponse>
> L: </profile>
> L: END
> 
>                                   #######

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@xxxxxxxxxxxx
Ireland                             http://www.baltimore.com