This is an old revision of the document!

New America Foundation - Contractor Agreement #32-OTIUSAID2013

In November 2013, The Serval Project commenced a fourth round of work for the New America Foundation's Open Technology Institute to improve key management within Serval, which is used by Commotion. Specifically, extend multi-key support for node addressing, allowing each node to announce multiple keys, enabling multiple Serval identities for each node.

Section 1: Work to be Performed (Scope of Work)

  • <BOOKMARK:r1>R1. Complete multi-SID support to serval routing engine and network layer.
  • <BOOKMARK:r1>R2. Implement servald id enter pin <PIN> which unlocks any SID identities protected by that PIN. If the SID already has a remote route, then the SID is not announced, but if no remote route exists, then the SID is announced as routable to this node. Returns the list of identities unlocked by that pin, and whether each is announced or already has a remote route.
  • <BOOKMARK:r1>R3. Implement SID roaming handshake procedure with servald id announce <SID>.
  • <BOOKMARK:r1>R4. Implement servald id relinquish pin <PIN|SID>, which releases the specified identities, and removes those identities from the local routing table.
  • <BOOKMARK:r1>R5. Add ability to store tags (which could be IEMI/IMSIs) in keyring entries.
  • <BOOKMARK:r1>R6. Implement servald id list [<TAG|SID>] that lists all unlocked identities, or only those unlocked identities with a supplied SID or tag (which could be the IEMI/IMSI).
  • <BOOKMARK:r1>R7. Extend test suite to cover the above.


Summary of work performed to date;

73342a9 - R1, Announce fake links in the routing table to secondary identities.

ae7e120 - R2, Pass a pin to servald to unlock an identity from the keyring.

ef7351b - R4, Relinquish identities based on either the entry pin or SID.

0c1c767 - R1, automatically claim the route to an identity with an existing route when all possible routes disappear.

b8ec568 - R3, When a SID is unlocked, but is a route already exists, automatically trigger a request / challenge / response handshake with the existing instance of this SID so it can be unlocked and routable locally.

Design decisions not directly specified by this agreement;

  • A single instance of a running daemon will have only one keyring pin.
  • Each daemon has a main device identity that cannot be relinquished.
  • Only identities that are unlocked after the daemon has already started will gracefully be handed over from other devices. There are many other situations involving routes to duplicate identities that will not be handled automatically.
content/activity/naf5.1381729639.txt.gz · Last modified: 13/10/2013 22:47 by Jeremy Lakeman