2.2.2.5 INQUIRE
The INQUIRE message is sent by a Resolver to a Publisher so that it can obtain a CPA. Or, it can be sent from one Publisher to another so that it can verify that it is still in the cloud.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
FieldID1 |
Length1 |
||||||||||||||||||||||||||||||
Reserved1 |
A |
X |
C |
Reserved2 |
Padding |
||||||||||||||||||||||||||
FieldID2 |
Length2 |
||||||||||||||||||||||||||||||
Validate Key (32 bytes) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
FieldID3 (optional) |
Length3 (optional) |
||||||||||||||||||||||||||||||
Nonce (16 bytes, optional) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
FieldID4 (optional) |
Length4 (optional) |
||||||||||||||||||||||||||||||
Credential (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
FieldID5 (optional) |
Length5 (optional) |
||||||||||||||||||||||||||||||
Signature (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
FieldID6 (optional) |
Length6 (optional) |
||||||||||||||||||||||||||||||
KeyIdentifier (variable) |
|||||||||||||||||||||||||||||||
... |
FieldID1 (2 bytes): MUST be set to 0x0040 (FLAGS_FIELD).
Length1 (2 bytes): MUST be set to 0x0006.
Reserved1 (11 bits): MUST be set to zero and ignored on receipt.
A (1 bit): If set, the sender is requesting that a CPA appear in the AUTHORITY message response. If unset, the sender is requesting that a CPA not appear in the AUTHORITY message response. SHOULD always be set.
X (1 bit): If set, the sender is requesting that an EXTENDED_PAYLOAD message (if any exists) appear in the AUTHORITY message response. If unset, the sender is requesting that an EXTENDED_PAYLOAD not appear. SHOULD be set if the INQUIRE was generated as part of an application-requested resolve.
C (1 bit): If set, the sender is requesting that a Certificate Chain (if any exists) appear in the AUTHORITY message response. If unset, the sender is requesting that a Certificate Chain not appear. SHOULD always be set.
Reserved2 (2 bits): MUST be set to zero and ignored on receipt.
Padding (2 bytes): MUST be set to zero and ignored on receipt.
FieldID2 (2 bytes): MUST be set to 0x0039 (VALIDATE_DRT_ID).
Length2 (2 bytes): MUST be set to 0x0024.
Validate Key (32 bytes): The key to validate.
FieldID3 (2 bytes): It MUST be present if and only if the A bit is set. If present, MUST be set to 0x0093 (NONCE).
Length3 (2 bytes): This field MUST be present if and only if FieldID3 is present. If present, this field MUST be set to 0x0014 (20 bytes).
Nonce (16 bytes): A nonce value that the sender copies into a CPA before it is signed in order to prevent replay attacks. This field MUST be present if and only if FieldID3 is present.
FieldID4 (2 bytes): MUST be set to 0x0080 (CREDENTIAL). MUST be present if and only if the protocol is executing in membership or confidential security mode.
Length4 (2 bytes): MUST be present if and only if FieldID4 is present. If present, it MUST be set to 4 plus the length in bytes of the Credential field.
Credential (variable): MUST be present if and only if FieldID4 is present. Contains a Credential structure defined in the security profile and provided by the upper-layer application.
FieldID5 (2 bytes): MUST be set to 0x00A5 (SIGNATURE). MUST be present if and only if the protocol is executing in membership or confidential security mode.
Length5 (2 bytes): MUST be present if and only if FieldID5 is present. If present, it MUST be set to 4 plus the length in bytes of the Signature field.
Signature (variable): MUST be present if and only if FieldID5 is present. Contains a Signature structure defined in the security profile and provided by the upper-layer application. The signature is calculated over the Validate Key field.
FieldID6 (2 bytes): MUST be set to 0x00A6 (KEY_IDENTIFIER). MUST be present if and only if the protocol is executing in membership or confidential security mode.
Length6 (2 bytes): MUST be present if and only if FieldID6 is present. If present, it MUST be set to 4 plus the length in bytes of the KeyIdentifier field.
KeyIdentifier (variable): MUST be present if and only if FieldID6 is present. Contains a Key Identifier structure defined in the security profile and provided by the upper-layer application. This field is used to indicate which portion of the Credential field was used to generate the Signature field.