Ouroboros Protocols: Difference between revisions
Tag: Reverted |
|||
| Line 50: | Line 50: | ||
== Flow Allocation Protocol == | == Flow Allocation Protocol == | ||
Main page: [[Ouroboros Flow Allocation Protocol]] | Main page: [[Ouroboros Flow Allocation Protocol]] | ||
<pre> | |||
Client (IRMd) Server (IRMd) | |||
| | | |||
| 1. Load client cert/key | | |||
| 2. Generate ephemeral keypair | | |||
| 3. Build OAP_HDR (id, ts, crt, eph) | | |||
| 4. Sign header with client key | | |||
| | | |||
|-------- FLOW_REQ (OAP_HDR) -------------> | | |||
| | | |||
| | 5. Load server cert/key | |||
| | 6. Verify client cert against CA | |||
| | 7. Verify client signature | |||
| | 8. Generate ephemeral keypair | |||
| | 9. Derive symmetric key (ECDHE) | |||
| | 10. Build response OAP_HDR | |||
| | 11. Sign with server key | |||
| | | |||
|<------- FLOW_REPLY (OAP_HDR) ------------ | | |||
| | | |||
| 12. Verify server cert against CA | | |||
| 13. Verify server signature | | |||
| 14. Derive symmetric key (ECDHE) | | |||
| | | |||
|===========================================| | |||
| Encrypted data channel | | |||
|===========================================| | |||
</pre> | |||
The Flow Allocation Protocol resides in the [[Ouroboros Functional Layering|network end-to-end layer]]. | The Flow Allocation Protocol resides in the [[Ouroboros Functional Layering|network end-to-end layer]]. | ||
Revision as of 09:12, 3 January 2026
This page is under construction
The protocols in Ouroboros are designed with strong adherence to the principles of separation of concerns and separation of mechanism and policy in mind to prevent network ossification and protocol ossification from occuring.
There are 5 core protocols in Ouroboros.
Data Transfer Protocol
Main page: Ouroboros Data Transfer Protocol
The Data Transfer Protocol resides in the network forwarding layer.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Destination Address +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time-to-Live | QoS | ECN | PADDING |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ EID +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ N + 1 Data +
. .
. .Flow and Retransmission Control Protocol
Main page: Flow and Retransmission Control Protocol
The Flow and Retransmission Control Protocol resides in the application end-to-end layer.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Window |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Flow Allocation Protocol
Main page: Ouroboros Flow Allocation Protocol
Client (IRMd) Server (IRMd)
| |
| 1. Load client cert/key |
| 2. Generate ephemeral keypair |
| 3. Build OAP_HDR (id, ts, crt, eph) |
| 4. Sign header with client key |
| |
|-------- FLOW_REQ (OAP_HDR) -------------> |
| |
| | 5. Load server cert/key
| | 6. Verify client cert against CA
| | 7. Verify client signature
| | 8. Generate ephemeral keypair
| | 9. Derive symmetric key (ECDHE)
| | 10. Build response OAP_HDR
| | 11. Sign with server key
| |
|<------- FLOW_REPLY (OAP_HDR) ------------ |
| |
| 12. Verify server cert against CA |
| 13. Verify server signature |
| 14. Derive symmetric key (ECDHE) |
| |
|===========================================|
| Encrypted data channel |
|===========================================|
The Flow Allocation Protocol resides in the network end-to-end layer.
Connection Establishment Protocol
Main page: Ouroboros Connection Establishment Protocol
Enrollment Protocol
Main page: Ouroboros Enrolment Protocol
The Enrollment protocol is best seen as one of the application protocols for IPCPs.