--- /dev/null
+.\" -*-nroff-*-
+.so tmac.rfc
+.
+.TL "Straylight/Edgeware" "Mark Wooding"
+.TL "Request for Comments: XXXX" "Straylight/Edgeware"
+.TL "" "21 February 2001"
+
+
+.TT XXXX Wooding "February 2001" \
+ "TrIPE: The Trivial IP Encryption Protocol"
+
+.TI 0 "Status of this Memo"
+
+This memo defines an Experimental Protocol for the Internet community.
+This memo does not specify an Internet standard of any kind. Discussion
+and suggestions for improvement are requested. Distribution of this
+memo is unlimited.
+
+.T0 "Introduction"
+
+TrIPE is a simple protocol which enables IP datagrams (or other data) to
+be exchanged between a pair of hosts over a hostile network while
+maintaining the properties of secrecy and authenticity; i.e., that the
+content of the datagrams cannot be determined by eavesdroppers on the
+network, and that either endpoint can determine whether a datagram
+received is an unaltered copy of one that was sent by the other.
+
+While similar services are provided by other protocols (e.g., [IPSEC]),
+they tend to be very complicated and difficult to analyze (see, for
+example, [IPSEC-EVAL]). By contrast, TrIPE attempts to get away with
+doing as little as possible. There are no negotiations to decide which
+ciphers are to be used: these things are defined in the protocol
+specification. There is only one key-exchange algorithm defined.
+
+In addition to making analysis easier, a simpler protocol also helps
+reduce the complexity of implementations: this makes implementation
+errors less likely, and makes auditing an implementation for security
+holes a more realistic proposition.
+
+.T0 "Interpretation"
+
+The key words `MUST', `MUST NOT', `REQUIRED', `SHALL', `SHALL NOT',
+`SHOULD', `SHOULD NOT', `RECOMMENDED', `MAY', and `OPTIONAL' in this
+document are to be interpreted as described in [REQ].
+
+.T0 "Protocol overview"
+
+The TrIPE protocol sets up a secure point-to-point channel between two
+peer hosts, through which IP datagrams may be passed securely.
+
+All TrIPE messages are sent as UDP datagrams. No UDP port has been
+registered for TrIPE yet.
+
+When a pair of peer hosts are made aware of each other, they begin a key
+negotiation, using an authenticated Diffie-Hellman key exchange
+protocol. This enables them to agree a
+.I keyset :
+a collection of short-term symmetric keys and other parameters (such as
+sequence numbering spaces). Keysets expire after a fixed amount of
+time, or after they have been used to encrypt a given amount of data,
+whichever happens first. Before the current keyset expires, a new key
+negotation is started, so that the peers can seamlessly start using the
+new keys before the old ones become invalid.
+
+.T1 "Keysets"
+
+A
+.I keyset
+is a collection of symmetric keys and associated state information. The
+items required, and the symbolic names by which they are described in
+this document are:
+
+.UL
+.LI
+.B "Incoming and outgoing encryption keys"
+.K c (
+and
+.K' c "" )
+
+
+.T1 "Key exchange"
+
+
+
+.T0 "Data representation"
+
+The following data types are used in the protocol:
+
+.DL
+.DI "32-bit"
+Some guff I haven't written yet.
+
+.DI "Rather longer name"
+Some more guff.
+.LE
+
+.T0 "Security considerations"
+
+This memo describes a cryptographic protocol for ensuring secrecy and
+integrity of communications between network hosts. From this point of
+view, it is entirely about security.
+
+Before deploying TrIPE on their own systems, administrators ought to
+satisfy themselves that the cryptographic algorithms used are
+sufficiently strong for their purposes, and that their implementation of
+the TrIPE software has come from a trusted source. They should also
+ensure that they have adequate procedures in place for transporting
+public keys without a risk of them being modified by adversaries.
+
+.T0 "References"
+
+.BS IPSEC-EVAL
+.BR IPSEC
+Kent, S., Atkinson, R., `Security Architecture for the Internet
+Protocol', RFC 2401, November 1998.
+
+.BR IPSEC-EVAL
+Ferguson, N., Schneier, B., `A Cryptographic Evaluation of IPsec',
+December 1999.
+
+.BR REQ
+Bradner, S., `Key words for use in RFCs to Indicate Requirement Levels',
+BCP 14, RFC 2119, March 1997.
+.BE
--- /dev/null
+.\" -*-nroff-*-
+.
+.\"----- Page layout --------------------------------------------------------
+.
+.pl 10.0i
+.ie t \{\
+. po 1i
+. pl 11i
+. if \n(.g \{\
+. fam P
+. \}
+.\}
+.el \{\
+. po 0
+. ll 7.2i
+. lt 7.2i
+. nr LT 7.2i
+. nr LL 7.2i
+. ad l
+.\}
+.ds LF Author
+.ie t .ds RF Page %
+.el .ds RF FORMFEED[Page %]
+.ds CF
+.ds LH RFC XXXX
+.ds RH Date
+.ds CH Title
+.hy 0
+.
+.\"----- Font handling ------------------------------------------------------
+.
+.\" .Ff font [stuff more-stuff]
+.\" Without stuff, changes to font. With stuff, prints stuff in font
+.\" and more-stuff in the current font, with no intervening space.
+.ie t \{\
+. de Ff
+. ie '\\$2'' \f\\$1\c
+. el \&\f\\$1\\$2\fP\\$3
+..
+.\}
+.el \{\
+.de Ff
+.if !'\\$2'' \\$2\\$3
+..
+.\}
+.
+.\" .R|.B|.I|... [stuff more-stuff]
+.\" Change to appropriate font, or print stuff in chosen font followed
+.\" by more-stuff in current font, with no intervening space.
+.de R
+.Ff R "\\$1" "\\$2"
+..
+.de B
+.Ff B "\\$1" "\\$2"
+..
+.de I
+.Ff I "\\$1" "\\$2"
+..
+.de P
+.Ff P "\\$1" "\\$2"
+..
+.de C
+.Ff (CR "\\$1" "\\$2"
+..
+.de CB
+.Ff (CB "\\$1" "\\$2"
+..
+.de CI
+.Ff (CI "\\$1" "\\$2"
+..
+.de H
+.Ff (HR "\\$1" "\\$2"
+..
+.de HB
+.Ff (HB "\\$1" "\\$2"
+..
+.de HI
+.Ff (HI "\\$1" "\\$2"
+..
+.
+.\"----- Titling ------------------------------------------------------------
+.
+.\" .TL left right
+.\" Typesets one of the RFC header lines.
+.de TL
+.B
+.tl '\\$1''\\$2'
+.P
+..
+.
+.\" .TT number author title
+.\" Sets the main title, and fiddles the running headers and footers.
+.ds RN xxxx
+.de TT
+.ds LH RFC \\$1
+.ds LF \\$2
+.ds RH \\$3
+.ds CH \\$4
+.HB
+.ps 18
+.ce
+\&\\$4
+.ps
+.P
+.fi
+.in +3m
+..
+.
+.\" .TI level title [number]
+.\" Sets a title without a number.
+.nr S0 14
+.nr S1 12
+.nr S2 10
+.nr S3 10
+.de TI
+.if t .sp 1
+.ne 4
+.ti -3m
+.nr _i 3m
+.ps \\n(S\\$1
+.HB
+.if !'\\$3'' \{\
+. ie t \&\\$3.\h'\\n(_iu-\w'\\$3.'u'\c
+. el \&\\$3.\ \ \c
+.\}
+\&\\$2
+.P
+.ps
+.br
+..
+.
+.\" .Tn title
+.\" Sets a level-n title (n = 0, 1, 2, 3). Does automatic numbering.
+.nr T0 0 1
+.de T0
+.nr T1 0 1
+.TI 0 "\\$1" "\\n+(T0"
+..
+.de T1
+.nr T2 0 1
+.TI 1 "\\$1" "\\n(T0.\\n+(T1"
+..
+.de T2
+.nr T3 0 1
+.TI 2 "\\$1" "\\n(T0.\\n(T1.\\n+(T2"
+..
+.de T3
+.TI 3 "\\$1" "\\n(T0.\\n(T1.\\n(T2.\\n+(T3"
+..
+.
+.\" .AP
+.\" Starts the appendix.
+.de AP
+.nr T0 0 1
+.af T0 A
+..
+.
+.\"----- Bibliography -------------------------------------------------------
+.
+.\" .BS thing
+.\" Starts a bibliography section. The thing is the widest bibliography
+.\" key.
+.de BS
+.nr bw \\w'[\\$1]\h'1m''
+.in +\\n(bwu
+..
+.
+.\" .BR ref
+.\" Puts in the header for a bibliography item.
+.de BR
+.ne 2
+.ti -\\n(bwu
+[\\$1]\h'\\n(bwu-\\w'[\\$1]'u'\c
+..
+.
+.\" .BE
+.\" Ends a bibliography section.
+.de BE
+.in -4
+..
+.
+.\"----- Lists of things ----------------------------------------------------
+.
+.\" .LS [indent]
+.\" Starts a list
+.nr ld 0
+.de LS
+.ie '\\$1'' .ds _i 4n
+.el .ds _i \\$1
+.in +\\*(_i
+.rn L L\\n(ld
+.rn LE E\\n(ld
+.de LE
+.in -\\*(_i
+.rn L\\n(ld L
+.rn E\\n(ld LE
+.nr ld \\n(ld
+\\..
+.nr ld +1
+..
+.
+.\" .LE
+.\" Ends a list
+.de LE
+.ab unexpected .LE (at line \\n(.c)
+..
+.
+.\" .UL
+.\" Starts an unordered list
+.nr ul 0
+.de do
+.ie t .ds b\\$1 \\$2
+.el .ds b\\$1 \\$3
+..
+.do 0 \(bu o
+.do 1 \(em \-
+.do 2 \(sq []
+.do 3 \(ci *
+.de UL
+.LS
+.ds L \\*(b\\n(ul
+.nr ul +1
+.am E
+.nr ul -1
+\\..
+..
+.
+.\" .OL
+.\" Starts an ordered (numbered) list
+.nr ol 0
+.de do
+.ds l\\$1 \\$2
+.ds m\\$1 \\$3
+.ds r\\$1 \\$4
+..
+.do 0 "" 1 .
+.do 1 ( a )
+.do 2 ( i )
+.do 3 "" A .
+.
+.de OL
+.LS
+.nr i\\n(ol 0 1
+.af i\\n(ol \\*(m\\n(ol
+.ds L \\*(l\\n(ol\\\\n+(i\\n(ol\\*(r\\n(ol
+.nr ol +1
+.am E
+.nr ol -1
+\\..
+..
+.
+.\" .DL
+.\" Starts a definition list
+.de DL
+.LS 1i
+..
+.
+.\" .DI name
+.\" Starts a definition item for `name'
+.de DI
+.br
+.B
+\h'-1i'\\$1\c
+.ie \w'\\$1\h'2n''u<1i \h'1i-\w'\\$1'u'\c
+.el .br
+.P
+..
+.
+.\" .LI [tag]
+.\" Starts a new list item
+.de LI
+.br
+.ie '\\$1'' .ds LL \\*L
+.el .ds LL \\$1
+\h'-\w'\\*(LL\h'1n''u'\\*(LL\h'1n'\c
+..
+.
+.\" --- Displays ---
+.
+.\" .QS
+.\" Starts a display.
+.de QS
+.in +4n
+.ll -4n
+..
+.
+.\" .QE
+.\" Ends a display
+.de QE
+.in -4n
+.ll +4n
+..
+.
+.\" .VS
+.\" Starts a listing kinda thing.
+.de VS
+.QS
+.nf
+.fam C
+..
+.
+.\" .VE
+.\" Ends a listing kinda thing.
+.de VE
+.fam P
+.fi
+.QE
+..
+.
+.\" --- Mathematical things ---
+.
+.\" Superscript and subscript (not very good).
+.ie t \{\
+. ds ^( \s8\v'-.5m'
+. ds ^) \v'.5m'\s0
+. ds _( \s8\v'.2m'
+. ds _) \v'-.2m'\s0
+.\}
+.el \{\
+. ds ^( ^
+. ds ^)
+. ds _( _
+. ds _)
+.\}
+.
+.de K
+\&\\$2\c
+.I K \c
+.R \*(_(\\$1\*(_)\c
+\&\\$3
+..
+.de K'
+\&\\$2\c
+.I K \c
+.R \z'\*(_(\\$1\*(_)\c
+\&\\$3
+..
+.
+.\"------ That's all, folks -------------------------------------------------
~mdw / tripe / commitdiff