[OTR-dev] [PATCH 2/9] Add a simple table of contents to Protocol-v3.html.

Andreas Schlick ninox+otr at posteo.net
Wed Oct 22 14:39:20 EDT 2014


---
 Protocol-v3.html | 53 +++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 39 insertions(+), 14 deletions(-)

diff --git a/Protocol-v3.html b/Protocol-v3.html
index e598008..a27db55 100644
--- a/Protocol-v3.html
+++ b/Protocol-v3.html
@@ -24,7 +24,32 @@ messages from each of the sessions.</li>
 secure communication over a different channel (e.g., file transfer,
 voice chat).</li>
 </ul>
-<h2>Very high level overview</h2>
+
+<h2>Table of contents</h2>
+<ul>
+<li><a href="#vhloverview">Very high level overview</a></li>
+<li><a href="#hloverview">High level overview</a>
+  <ul>
+    <li><a href="#request">Requesting an OTR conversation</a>
+    <li><a href="#ake">Authenticated Key Exchange (AKE)</a>
+    <li><a href="#exchanging">Exchanging data</a>
+    <li><a href="#smp">Socialist Millionaires' Protocol (SMP)</a>
+  </ul>
+</li>
+<li><a href="#details">Details</a>
+  <ul>
+    <li><a href="#unencoded">Unencoded messages</a>
+    <li><a href="#encoded">Encoded messages</a>
+    <li><a href="#smpdetails">Socialist Millionaires' Protocol (SMP)</a>
+    <li><a href="#smpstatemachine">The SMP state machine</a>
+    <li><a href="#keymgmt">Key Management</a>
+    <li><a href="#fragmentation">Fragmentation</a>
+    <li><a href="#protocolstate">The protocol state machine</a>
+  </ul>
+</li>
+</ul>
+
+<h2 id="vhloverview">Very high level overview</h2>
 <p>OTR assumes a network model which provides in-order delivery of
 messages, but that some messages may not get delivered at all
 (for example, if the user disconnects).  There may be
@@ -40,8 +65,8 @@ Versions 2 and 3 of OTR use a variant of the SIGMA protocol as its AKE.</li>
 <li>Alice and Bob exchange Data Messages to send information to each
 other.</li>
 </ol>
-<h2>High level overview</h2>
-<h3>Requesting an OTR conversation</h3>
+<h2 id="hloverview">High level overview</h2>
+<h3 id="request">Requesting an OTR conversation</h3>
 <p>There are two ways Alice can inform Bob that she is willing to use
 the OTR protocol to speak with him: by sending him the OTR Query Message, 
 or by including a special "tag" consisting of whitespace characters in
@@ -57,7 +82,7 @@ conversation with him.  If Bob has a policy of "only use OTR when it's
 explicitly requested", for example, then he <em>would</em> start an OTR
 conversation upon receiving an OTR Query Message, but <em>would not</em>
 upon receiving the whitespace tag.</p>
-<h3>Authenticated Key Exchange (AKE)</h3>
+<h3 id="ake">Authenticated Key Exchange (AKE)</h3>
 <p>This section outlines the version of the SIGMA protocol used as the
 AKE.  All exponentiations are done modulo a particular 1536-bit prime,
 and g is a generator of that group, as indicated in the detailed
@@ -137,7 +162,7 @@ other's Diffie-Hellman public keys, and share the value s.  Alice is
 assured that s is known by someone with access to the private key
 corresponding to pub<sub>B</sub>, and similarly for Bob.</li>
 </ul>
-<h3>Exchanging data</h3>
+<h3 id="exchanging">Exchanging data</h3>
 <p>This section outlines the method used to protect data being exchanged
 between Alice and Bob.  As above, all exponentiations are done modulo
 a particular 1536-bit prime, and g is a generator of
@@ -183,7 +208,7 @@ AES-CTR<sub>ek,ctr</sub>(msg).</li>
 </ol>
 </li>
 </ul>
-<h3>Socialist Millionaires' Protocol (SMP)</h3>
+<h3 id="smp">Socialist Millionaires' Protocol (SMP)</h3>
 <p>While data messages are being exchanged, either Alice or Bob may
 run SMP to detect impersonation or man-in-the-middle attacks.
 As above, all exponentiations are done modulo a particular 1536-bit
@@ -251,8 +276,8 @@ g<sub>2</sub><sup>a<sub>3</sub>b<sub>3</sub></sup> is a random number
 not known to any party, if x is not equal to y, no other information is
 revealed.</li>
 </ul>
-<h2>Details of the protocol</h2>
-<h3>Unencoded messages</h3>
+<h2 id="details">Details of the protocol</h2>
+<h3 id="unencoded">Unencoded messages</h3>
 <p>This section describes the messages in the OTR protocol that are not
 base-64 encoded binary.</p>
 <h4>OTR Query Messages</h4>
@@ -324,7 +349,7 @@ of the AKE), she should stop sending him the whitespace tag.</p>
 <p>Any message containing the string "?OTR Error:" is an OTR Error
 Message.  The following part of the message should contain
 human-readable details of the error.</p>
-<h3>Encoded messages</h3>
+<h3 id="encoded">Encoded messages</h3>
 <p>This section describes the byte-level format of the base-64 encoded
 binary OTR messages.  The binary form of each of the messages is
 described below.  To transmit one of these messages, construct the ASCII
@@ -703,7 +728,7 @@ this message.</dd>
 <dt>Old MAC keys to be revealed (DATA)</dt>
 <dd>See "Revealing MAC Keys", below.</dd>
 </dl>
-<h3>Socialist Millionaires' Protocol (SMP)</h3>
+<h3 id="smpdetails">Socialist Millionaires' Protocol (SMP)</h3>
 <p>The Socialist Millionaires' Protocol allows two parties with secret
 information x and y respectively to check whether (x==y) without revealing
 any additional information about the secrets.  The protocol used by OTR is
@@ -733,7 +758,7 @@ using in the current conversation.</dd>
 actual secret (x or y) to be used in SMP.  The additional fields insure
 that not only do both parties know the same secret input string, but no
 man-in-the-middle is capable of reading their communication either.</p>
-<h3>The SMP state machine</h3>
+<h3 id="smpstatemachine">The SMP state machine</h3>
 <p>Whenever the OTR message state machine has MSGSTATE_ENCRYPTED set
 (see below), the SMP state machine may progress.  If at any point 
 MSGSTATE_ENCRYPTED becomes unset, SMP must abandon its state and return
@@ -1068,7 +1093,7 @@ Set smpstate to SMPSTATE_EXPECT2.</dd>
 <h4>User requests to abort SMP</h4>
 <p>In all cases, send a type 6 TLV (SMP abort) to the correspondent and
 set smpstate to SMPSTATE_EXPECT1.</p>
-<h3>Key Management</h3>
+<h3 id="keymgmt">Key Management</h3>
 <p>For each correspondent, keep track of:</p>
 <dl>
 <dt>Your two most recent DH public/private key pairs</dt>
@@ -1246,7 +1271,7 @@ can modify an OTR message and still have it appear valid.  But since we
 don't reveal the MAC keys until their corresponding pubkeys are being
 discarded, there is no danger of accepting a message as valid which
 uses a MAC key which has already been revealed.</p>
-<h3>Fragmentation</h3>
+<h3 id="fragmentation">Fragmentation</h3>
 <p>Some networks may have a maximum message size that is too small to
 contain an encoded OTR message.  In that event, the sender may choose
 to split the message into a number of <em>fragments</em>.  This section
@@ -1369,7 +1394,7 @@ HwNiIi5Ms+4PsY/L2i,
 ?OTR|5a73a599|27e31597,00003,00003,pkTtquknfx6HodLvk3RAAAAAA
 ==.,
 </pre></blockquote>
-<h3>The protocol state machine</h3>
+<h3 id="protocolstate">The protocol state machine</h3>
 <p>An OTR client maintains separate state for every correspondent.  For
 example, Alice may have an active OTR conversation with Bob, while
 having an unprotected conversation with Charlie.  This state consists of
-- 
2.1.2



More information about the OTR-dev mailing list