From ad845bbe96926e37e65dcf3aea505c9ab31f5943 Mon Sep 17 00:00:00 2001
From: Rudolf Polzer <divverent@alientrap.org>
Date: Fri, 27 Aug 2010 19:27:02 +0200
Subject: [PATCH] add the non-blind ID protocol to the txt file for reference

---
 d0_blind_id.txt | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/d0_blind_id.txt b/d0_blind_id.txt
index 5234fe5..a469118 100644
--- a/d0_blind_id.txt
+++ b/d0_blind_id.txt
@@ -113,3 +113,31 @@ Low level protocol:
 	  "packet"
 	- a value in double quotes is also defined in terms of this protocol, i.e.
 	  the length is preceded
+
+
+
+NOTE: to generate NON blind IDs, the process is not very straightforward. It
+works like this:
+
+Server shall:
+- load private key
+
+Both shall:
+- perform authentication as usual
+
+Server shall:
+- notice that the status is false
+- call d0_blind_id_authenticate_with_private_id_generate_missing_signature
+- write public ID
+- send that data to client
+
+Client shall:
+- read own private ID
+- get fingerprint
+- read received public ID (leaves the private part alone)
+- verify fingerprint
+- possibly verify ID
+- write own private ID again
+
+This ensures that only the ID the client authenticated with is signed by the
+server
-- 
2.39.2