X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=zot.txt;h=300b695ff0d4116e926d344a3fc6107430cf6deb;hb=30b7c689292b3a5d06fb9c52a369b53ecb05e57f;hp=2a0b5f31dffb7bf3be29e34d03d0bbfb31f768b9;hpb=d64f9ad97ac1ebf73d4443c8322fd7efbd1a745a;p=friendica.git

diff --git a/zot.txt b/zot.txt
index 2a0b5f31df..300b695ff0 100644
--- a/zot.txt
+++ b/zot.txt
@@ -1,8 +1,7 @@
-
 This is the Zot! social communications protocol. 
 
 Specification revision: 1
-01 September 2011
+15 September 2011
 
 Mike Macgirvin
 This specification is public domain.
@@ -12,9 +11,13 @@ webfinger and encapsulating salmon.
 
 First read the salmon and salmon magic envelope specifications. Zot also 
 makes use of webfinger and ActivityStreams and several concepts from RFC822
-(email). Zot encompasses the zot delivery framework, and the zid remote
+(email). Zot encompasses the zot delivery framework and the zid remote
 access protocol.
 
+The current specification revision (1) is frozen until a reference 
+implementation is available. After that, any protocol changes will require a 
+change to the revision number.  
+
 ****************
 * Zot delivery *
 ****************
@@ -22,14 +25,18 @@ access protocol.
 Format of a zot wrapper. This completely encapsulates a salmon magic envelope 
 and provides privacy protection, while defining a delivery envelope - a 
 concept familiar to email systems. All addresses in zot are webfinger 
-resolvable addresses containing both salmon and zot endpoints. 
+resolvable addresses containing zot endpoints and salmon public keys (zot 
+is a superset of salmon). 
 
 
 <?xml version='1.0' encoding='UTF-8'?>
 <zot:msg xmlns:zot='http://purl.org/zot/1.0'>
  <zot:key>((key))</zot:key>
  <zot:iv>((iv))</zot:iv>
+ <zot:env_key>((env_key))</zot:env_key>
+ <zot:env_iv>((env_iv))</zot:env_iv>
  <zot:env>((envelope))</zot:env>
+ <zot:sig key_id="xxx">((sender signature))</zot:sig>
  <zot:alg>AES-256-CBC</zot:alg>
  <zot:data type='application/magic-envelope+xml'>((salmon))</zot:data>
 </zot:msg>
@@ -39,15 +46,33 @@ zot:key
 *******
 
 A suitable randomly generated encyption key of length 32 octets for encrypting 
-the envelope and salmon packet. This is then encrypted with the sender's 
-private key and base64url encoded.
+the salmon packet. This is then encrypted with the sender's private key and 
+base64url encoded.
 
 zot:iv
 ******
 
 A suitable randomly generated initialisation vector of length 16 octets for 
-encrypting the envelope and salmon packet. This is then encrypted with the 
-sender's private key and base64url encoded.
+encrypting the salmon packet. This is then encrypted with the sender's private 
+key and base64url encoded.
+
+zot:env_key
+***********
+
+A suitable randomly generated encyption key of length 32 octets for encrypting 
+the envelope. This is then encrypted with the recipient's public key and 
+base64url encoded. For bulk deliveries, it is encrypted with the site bulk 
+delivery public key.
+
+
+zot:env_iv
+**********
+
+A suitable randomly generated initialisation vector of length 16 octets for 
+encrypting the envelope. This is then encrypted with the recipient's public
+key and base64url encoded. For bulk deliveries, it is encrypted with the site 
+bulk delivery public key.
+
 
 zot:env
 *******
@@ -77,10 +102,12 @@ be sent to any additional addresses in the recipient list. The original author
 MUST send the reply to all known recipients of the original message, with 
 their webfinger identity as Sender, and the comment/reply author as From.   
 
-Receiving agents MUST validate the From identity as the signer of the salmon
-magic envelope, and MAY reject it. They MAY also reject the message if the
-Sender is not allowed in their "friend list", or if they do not have a 
-suitable relationship with the Sender.
+Receiving agents SHOULD validate the From identity as the signer of the salmon
+magic envelope, and MAY reject it. They SHOULD also verify the Sender signature
+of the zot packet if it is different than the salmon signature. They MAY 
+reject the message if the Sender is not allowed in their "friend list", or if 
+they do not have a suitable relationship with the Sender, or if either
+signature fails to validate.  
 
 
 To: *
@@ -97,9 +124,8 @@ is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822.
 The host component MUST be US-ASCII, with punycode translation of 
 internationalised domain names applied.
 
-The entire envelope is encrypted with alg using key and iv. Only AES-256-CBC
-is defined as an algorithm in this specification. The encrypted envelope is
-then base64url encoded for transmission. 
+The entire envelope is then encrypted using alg with env_key and env_iv and
+base64url encoded for transmission.
 
 The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
 all addresses and determine whether a delivery address to the current endpoint
@@ -112,9 +138,18 @@ listed in the To:, Cc:, or Bcc: addresses matches the webfinger address of
 the "owner" of the endpoint.
 
 	3. The current endpoint is a bulk delivery endpoint. The bulk delivery
-ednpoint is defined elsewhere in this document. The bulk delivery agent
+endpoint is defined elsewhere in this document. The bulk delivery agent
 will deliver to all local addresses found in the address lists. 
 
+zot:sig
+*******
+
+The Sender of the message signs the underlying salmon data in the manner 
+prescribed by salmon. If the Sender and From address are identical, the
+signature will be identical to the signature of the underlying salmon packet. 
+If they are different, this signature is verified with the Sender's public 
+key to verify the Sender. 
+
 zot:alg
 *******
 
@@ -146,7 +181,7 @@ delivery method for non-encrypted (e.g. public) messages.
 
 Discover of the zot endpoint is based on webfinger XRD:
 
-<link rel="http://purl.org/zot/1.0/post" 
+<Link rel="http://purl.org/zot/1.0/post" 
 	href="http://example/org/zot-endpoint" />
 
 
@@ -186,6 +221,17 @@ embed alternate message formats and protocols such as
 "application/x-diaspora+xml". If a delivery agent is unable to provide any
 acceptable data format, the delivery MUST be terminated/cancelled. 
 
+Foreign Messages
+****************
+
+Messages MAY be imported from other networks and systems which have no 
+knowledge of salmon signatures. The salmon signature in this case MUST be the
+exact string 'NOTSIGNED' to indicate that the author (From address) cannot be 
+validated using salmon verification. This message MUST be relayed by a Sender
+who can provide a valid salmon signature of the message via zot:sig. Delivery
+systems MAY reject foreign messages.  
+
+
 
 **********************
 * Zid authentication *
@@ -232,8 +278,27 @@ and allow authenticated browsing to other resources on the website.
 
 Only authentication via OpenID is defined in this version of the specification.
 
-This can be used to provide access control to any web resource to any 
+This can be used to provide access control of any web resource to any 
 webfinger identity on the internet.
 
 
+*********
+* Links *
+*********
+
+Salmon Protocol
+	http://www.salmon-protocol.org/salmon-protocol-summary
+
+Salmon Magic Envelope
+	http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html
+
+Atom Activity Stream Draft
+	http://activitystrea.ms/specs/atom/1.0/
+
+Activty Stream Base Schema
+	http://activitystrea.ms/head/activity-schema.html
+
+WebFinger Protocol
+	http://code.google.com/p/webfinger/wiki/WebFingerProtocol
+