<filewiki_vars>
title=Identities
menu=$title
</filewiki_vars>


# 2. Identities

This section defines the identities used for the various components
of the DarkChannel protocol.

## 2.1 Channel Servers

Servers MUST be uniquely identified by a network wide unique key
identifier (whose format depends on the type of cryptosystem used),
which has a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD
accept longer strings as they may become used in future evolutions of
the protocol.

Such a unique key identifier can be a hash of the key, a key
fingerprint or whatever means the underlaying crypto system provides
for a similar application.

Clients remember the unique key identifier of a channel server and
protect against a man-in-the-middle attack by making sure that this
unique key identifier did not change. A client MUST warn his user when
the channel server does not provide the expected key identifier in
it's HELLO message.

Channel servers MAY cooperate with other channel servers to span a
globe wide network. Cooperating channel server MUST all use the same
protocol version and by that must all use the same underlaying crypto
system.

## 2.2 Clients

Each client is distinguished from other clients by their unique key
identifier (whose format depends on the type of cryptosystem used),
which has a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD
accept longer strings as they may become used in future evolutions of
the protocol.

A client MUST generate new key material for each channel server it
connects to.

For each client connected to a channel server, the channel server MUST
have the following information:

 * the supported protocol version
 * a netwide unique key identifier
 * the public part of the client's key material

Cooperating channel servers MAY exchange these unique key identifiers
and associated channel information with each other. This MUST happen
on a need-to-know basis.

## 2.3 Users

As clients are free to create and use new client keys for every new
connection to a channel server, the DarkChannel protocol needs a means
to give users the option to have an identity.

To provide the privacy to choose when and if a identity of a user
will be visible to others, the DarkChannel protocol allows clients to
create specific key material for nick names and operator identities
within the name space of the network of that channel server.

This identity key material has to be presented and registered with a
channel server to get signed by that channel server proving that the
name space has been assigned to the owner of that key material.

The following section describe these mechanisms.

### 2.3.1 Nick Names

Each nick name is distinguished from other nick names by their unique
name identifiers having a maximum length of XXX characters.

While the maximum length is limited to XXX characters, clients SHOULD
accept longer strings as they may become used in future evolutions of
the protocol.

To register a nick name with a channel server a client MUST generate
nick name key material. It will then present the public part of the
key material to the channel server for inspection and registration.

The channel server SHOULD inspect the public part of the key material
to check if it complies with it's nick name policies. If the nick name
is still free in the channel server's name space, the channel server
SHOULD sign the public part of the client's nick name key material
with the channel server's private key material. The channel server
MUST attach a expiry time to the signature made, assuring that the
nick name registration will expire at some time in the future.

When the client receives the signed public part of it's nick name key
material after a successful registration with a channel server, it
MUST re-import the public part of the nick name key material
containing the channel server's signature.

From that point on a client MAY use the nick name key material to sign
messages to prove it's identity within the channel server's name
space.

A client MUST re-register nick name key material when it's channel
server signature has expired and it still wants to use the nick name.

A channel server MUST keep the registration of a nick name for a least
two times the expiry time allowing a client to re-register it's nick
name for a while without having to fear that another client
re-registers before it.

If the client does not re-register the nick name key material within
the given time frame, the server MAY release the nick name and
reassign it to an other user trying to register it.

If the client re-registers it's nick name key material, the channel
server MUST expand the expiry time by a certain extent, allowing a
client to keep it's registeration for a longer period of time this
time.

### 2.3.2 Operators

To allow a reasonable amount of order to be kept within the
DarkChannel network, a special class of users (operators) is allowed
to perform general maintenance functions on the network.  Although the
powers granted to an operator can be considered as 'dangerous', they
are nonetheless often necessary.  Operators SHOULD be able to perform
basic network tasks such as disconnecting and reconnecting servers as
needed.  In recognition of this need, the protocol discussed herein
provides for operators only to be able to perform such functions.

Operators will be identified by the same mechanism as nick names. See
section 2.3.1 on information on nick name key material and it's
registration with a channel server.

## 2.4 Channels

A channel server manages channels and channel membership of clients.
It provides the means for the needed public key material exchange
between participating channel member clients.

Channels names are strings (beginning with a '#' character) of length
up to XXX characters.  Apart from the requirement that the first
character is a '#' the channel name MUST consist of the characters
'a'-'z', 'A'-'Z', '-' and '_'. Channel names are case sensitive.
