[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Protocol spec >= 2.1

To: Socrates Varakliotis <socratez@gmail.com>
Subject: Re: [Handle-info] Protocol spec >= 2.1
From: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
Date: Tue, 28 Jan 2014 10:06:16 -0500
Cc: handle-info@cnri.reston.va.us
In-reply-to: <CAJoUWimytOAi+7BVgi03U2BoGoxGEdjoUjXy37R6MUqr0VTaoA@mail.gmail.com>
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: Handle System Information Mailing List <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
References: <CAJoUWimytOAi+7BVgi03U2BoGoxGEdjoUjXy37R6MUqr0VTaoA@mail.gmail.com>
Sender: handle-info-admin@cnri.reston.va.us

Each site advertises a supported protocol version in its HS_SITE value.  Since those are not automatically changed when the server software is upgraded, the advertised protocol version is not necessarily the highest supported by the server, but clients will use the advertised version.

So this is OK.

The protocol differences are documented somewhat in changelogs; here is a collected list for reference.

2.1: Introduce request flag to make request digest optional

2.1: Use SHA-1 rather than MD5 by default for request digests and secret-key authentication digests

2.1: Include hash code indicating hash algorithm used for request digests and secret-key authentication digests

2.1: Introduce session-key-based signatures

2.2: Allow encryption algorithms other than DES in effectively unused session modes

2.3: Introduce new request flag "overwriteWhenExists" for create handle and add value messages

2.4: Use CBC instead of EBC for encryption

2.4: Allow encryption algorithms other than DES for the actually used Diffie-Hellman based session mode

2.5: Introduce session counter to defend against session replay attacks

2.5: Message signatures is session-key-signed messages ensure integrity of request id, session id, protocol version, and session counter

2.5: Correct request codes to conform to RFC: earlier, 201 was used for RC_VALUE_INVALID instead of the correct 202, and 303 was used to indicate RC_SERVER_BACKUP

2.6: Message signatures in server-public-key-signed messages ensure integrity of request id, session id, protocol version, and session counter

2.6: Use UTF-8 strings rather than single bytes to identify hash algorithm in message signatures, to conform to RFC

Robert

On 2014-01-27, at 18:32 , Socrates Varakliotis <socratez@gmail.com> wrote:

> Hi,
> 
> RFC 3652 specifies Handle System Protocol v2.1. The s/w 'Release
> Notes' refer to v2.5. Are the specs of v2.5 documented somewhere? (or
> the diffs to v2.1?)
> 
> Related to the above:
> - The hdl-admintool of s/w release 7.3.1 performs admin authentication
> (which accesses the GHR) using protocol v2.2, as reported on the
> console.
> - A handle look-up by the admin tool to the LHR seems to be using protocol v2.5.
> 
> Is this OK?
> 
> Thanks,
> -- 
> Socrates.
> 
> _______________________________________________
> Handle-Info mailing list
> Handle-Info@cnri.reston.va.us
> http://www.handle.net/mailman/listinfo/handle-info


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

References:
- [Handle-info] Protocol spec >= 2.1
  - From: Socrates Varakliotis <socratez@gmail.com>

Prev by Date: [Handle-info] Protocol spec >= 2.1
Next by Date: Re: [Handle-info] Protocol spec >= 2.1
Previous by thread: [Handle-info] Protocol spec >= 2.1
Next by thread: Re: [Handle-info] Protocol spec >= 2.1
Index(es):
- Date
- Thread