2. Identities

This section defines the identities used for the various components of the DarkChannel protocol.

2.1 Channel Servers

Servers MUST be uniquely identified by a network wide unique key identifier (whose format depends on the type of cryptosystem used), which has a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD accept longer strings as they may become used in future evolutions of the protocol.

Such a unique key identifier can be a hash of the key, a key fingerprint or whatever means the underlaying crypto system provides for a similar application.

Clients remember the unique key identifier of a channel server and protect against a man-in-the-middle attack by making sure that this unique key identifier did not change. A client MUST warn his user when the channel server does not provide the expected key identifier in it's HELLO message.

Channel servers MAY cooperate with other channel servers to span a globe wide network. Cooperating channel server MUST all use the same protocol version and by that must all use the same underlaying crypto system.

2.2 Clients

Each client is distinguished from other clients by their unique key identifier (whose format depends on the type of cryptosystem used), which has a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD accept longer strings as they may become used in future evolutions of the protocol.

A client MUST generate new key material for each channel server it connects to.

For each client connected to a channel server, the channel server MUST have the following information:

• the supported protocol version
• a netwide unique key identifier
• the public part of the client's key material

Cooperating channel servers MAY exchange these unique key identifiers and associated channel information with each other. This MUST happen on a need-to-know basis.

2.3 Users

As clients are free to create and use new client keys for every new connection to a channel server, the DarkChannel protocol needs a means to give users the option to have an identity.

To provide the privacy to choose when and if a identity of a user will be visible to others, the DarkChannel protocol allows clients to create specific key material for nick names and operator identities within the name space of the network of that channel server.

This identity key material has to be presented and registered with a channel server to get signed by that channel server proving that the name space has been assigned to the owner of that key material.

The following section describe these mechanisms.

2.3.1 Nick Names

Each nick name is distinguished from other nick names by their unique name identifiers having a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD accept longer strings as they may become used in future evolutions of the protocol.

To register a nick name with a channel server a client MUST generate nick name key material. It will then present the public part of the key material to the channel server for inspection and registration.

The channel server SHOULD inspect the public part of the key material to check if it complies with it's nick name policies. If the nick name is still free in the channel server's name space, the channel server SHOULD sign the public part of the client's nick name key material with the channel server's private key material. The channel server MUST attach a expiry time to the signature made, assuring that the nick name registration will expire at some time in the future.

When the client receives the signed public part of it's nick name key material after a successful registration with a channel server, it MUST re-import the public part of the nick name key material containing the channel server's signature.

From that point on a client MAY use the nick name key material to sign messages to prove it's identity within the channel server's name space.

A client MUST re-register nick name key material when it's channel server signature has expired and it still wants to use the nick name.

A channel server MUST keep the registration of a nick name for a least two times the expiry time allowing a client to re-register it's nick name for a while without having to fear that another client re-registers before it.

If the client does not re-register the nick name key material within the given time frame, the server MAY release the nick name and reassign it to an other user trying to register it.

If the client re-registers it's nick name key material, the channel server MUST expand the expiry time by a certain extent, allowing a client to keep it's registeration for a longer period of time this time.

2.3.2 Operators

To allow a reasonable amount of order to be kept within the DarkChannel network, a special class of users (operators) is allowed to perform general maintenance functions on the network. Although the powers granted to an operator can be considered as 'dangerous', they are nonetheless often necessary. Operators SHOULD be able to perform basic network tasks such as disconnecting and reconnecting servers as needed. In recognition of this need, the protocol discussed herein provides for operators only to be able to perform such functions.

Operators will be identified by the same mechanism as nick names. See section 2.3.1 on information on nick name key material and it's registration with a channel server.

2.4 Channels

A channel server manages channels and channel membership of clients. It provides the means for the needed public key material exchange between participating channel member clients.

Channels names are strings (beginning with a '#' character) of length up to XXX characters. Apart from the requirement that the first character is a '#' the channel name MUST consist of the characters 'a'-'z', 'A'-'Z', '-' and '_'. Channel names are case sensitive.