The following two timestamp fields are not in the spec, added for convenience. Both are 4-byte unsigned integers representing the elapsed time since 00:00:00 UTC, January 1970 in seconds. the created time of the identifier

last time the identifier was updated at the server

interpreted as int32 when type is 1

Spec: An unsigned 32-bit integer that uniquely differentiates an element from all the other elements in the identifier record. The index 0 is reserved. For maximum compatibility with existing implementations, indexes greater than or equal to 2^31 (which would represent negative values if interpreted as signed integers) should not be used.

Spec: A UTF8-string that specifies the identifier for the type of the value field in the element.

The field is used to specify the identifier of the type that defines the syntax, format, and possible semantics of the data in the element's field. The identifier for a type can be specified by the creator of the element as desired, but this standard recommends that it be an identifier resolvable using DO-IRP to make it globally resolvable and accessible. See section 9 on Type Identifiers Consideration for more details.

The UTF8-string in the field shall not end with the "." character. However, for clarity, the "." character may appear in the end of the prefix used in an identifier query. This prefix string is used to query for all elements under a common type hierarchy. For example, one may query for all elements under the type hierarchy "a.b" (e.g., elements of "a.b.x", "a.b.y" and "a.b.z") by setting the parameter of the query to "a.b. ". Note here that the prefix in the query must specifically end with the "." character. Details of the query operation can be found in the protocol specification in section 7.2.

an eight-bit bit-mask for access control of the element, see Permission for details

TTL of the element, see Ttl for details

A 4-byte unsigned integer that records the created of the identifier. The field contains elapsed time since 00:00:00 UTC, January 1970 in seconds. This field is not in the spec, added for convenience.

Spec: A 4-byte unsigned integer that records the last time the element was updated at the server. The field contains elapsed time since 00:00:00 UTC, January 1970 in seconds.

Spec: A sequence of octets (preceded by its length in a 4-byte unsigned integer). The syntax, format, and semantics of these octets are determined by the field.

This field is for custom element types defined by the IRS users. For standard types, use the dedicated typed fields defined below.

Spec: 4.3.1 IDENTIFIER ADMINISTRATOR: HS_ADMIN See element/hs_admin.proto for details

Spec: 4.3.2 SERVICE SITE INFORMATION: HS_SITE 4.3.3 SERVICE SITE INFORMATION: HS_SITE.PREFIX See element/hs_site.proto for details

Spec: 4.3.4 SERVICE IDENTIFIER: HS_SERV 4.3.5 SERVICE IDENTIFIER: HS_SERV.PREFIX See element/hs_serv.proto for details

Spec: 4.3.6 IDENTITY: HS_PUBKEY See element/hs_pubkey.proto for details

require minimum length of 16 bytes for security

Spec: 4.3.8 VALUE LIST: HS_VLIST

HS_VLIST allows referencing a list of elements in other identifiers, and allows the referenced elements to be updated without requiring an update of the referring identifier record. An HS_VLIST element is one whose is HS_VLIST and whose consists of a 4-byte unsigned integer followed by a list of references to other elements. The integer specifies the number of references in the list. The references may refer to elements under the same identifier or elements from other identifiers. Each reference is encoded as an UTF8-string followed by a 4-byte unsigned integer that identifies the referenced identifier and its index.

HS_VLIST elements may be used to define administrator groups for identifiers. Each administrator (as defined in 4.3.1) in the HS_VLIST includes is a member of the administrator group. Each element reference is defined in terms of an : pair. An administrator group may also contain other administrator groups as its members. This allows administrator groups to be defined in a hierarchical fashion. Care must be taken, however, to avoid a cyclic definition of administrators or administrator groups. Multiple levels of administrator groups should be avoided due to their lack of efficiency, but will not be signaled as an error. Client software should be prepared to detect any potential cyclic definition of administrators that refer to non-existent elements and treat them as errors.

referenced DOID

Spec: 6.2.2.3

The is a 32-bit bit-mask that defines various control options for protocol operation. The following figure shows the location of each option flag in the field.

1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 .---------------------------------------------------------------. |AT |CT |ENC|REC|CA |CN |KC |PO |RD |OWE|MNS|DNR| Reserved | |---------------------------------------------------------------| | Reserved | '---------------------------------------------------------------'

Figure 6.2.2.3: Option flags in the field

AT AuThoritative bit. A request with the AT bit set (to 1) indicates that the request should be directed to the primary service site (instead of any mirroring sites). A response message with the AT bit set (to 1) indicates that the message is returned from a primary server (within the primary service site)

CT CerTified bit. A request with the CT bit set (to 1) asks the server to sign its response with its digital signature by including a Message Credential (see section 6.2.4). A response with the CT bit set (to 1) indicates that the message is signed. The server must sign its response if the request has its CT bit set (to 1). If the server fails to provide a valid signature in its response, the client should discard the response and treat the request as failed.

ENC ENCryption bit. A request with the ENC bit set (to 1) requires the server to encrypt its response using the pre-established session key.

REC RECursive bit. A request with the REC bit set (to 1) asks the server to forward the query on behalf of the client if the request has to be processed by another DO-IRP server. The server may honor the request by forwarding the request to the appropriate server and passing on any result back to the client. The server may also deny any such request by sending a response with set to RC_SERVER_NOT_RESP.

CA Cache Authentication. This bit is reserved.

CN ContiNuous bit. A message with the CN bit set (to 1) tells the message recipient that more messages that are part of the same request (or response) will follow. This happens if a request (or response) has data that is sent as multiple messages. Unlike truncation at the level of the Message Envelope, which breaks down a single message into multiple for reasons of transport such as UDP message size, this indicates a request or response that is deliberately sent as multiple messages. This is used for example for the responses to requests to list identifiers.

KC Keep Connection bit. A message with the KC bit set requests that the message recipient keep the TCP connection open (after the response is sent back). This allows the same TCP connection to be used for multiple operations.

PO Public Only bit. Used by query operations only. A query request with the PO bit set (to 1) indicates that the client is only asking for elements that have the PUB_READ permission. A request with PO bit set to zero asks for all the elements regardless of their read permission. If any of the elements require ADMIN_READ permission, the server must authenticate the client as an administrator.

RD Request-Digest bit. A request with the RD bit set (to 1) asks the server to include in its response the message digest of the request. A response message with the RD bit set (to 1) indicates that the first field in the Message Body contains the message digest of the original request. The message digest can be used to check the integrity of the server response. Details of these are discussed in section 6.2.3.

OWE Overwrite when exists. When this bit is set on a request with OpCode OC_CREATE_ID or OC_ADD_ELEMENT, elements which already exist will be overwritten by the elements presented in the request. Otherwise the request will result in an error.

MNS Mint new suffix. When this bit is set on a request to create an identifier, the "identifier" field of the request will be considered the initial portion of the eventual identifier, which will be extended by the server to a new complete identifier. The initial portion should contain the slash.

DNR Do not refer. When this bit is set, a request which would normally result in a service referral or prefix referral response, will instead be applied on the server where the request is

Spec: 6.2.2.4

The is a two-byte unsigned integer. The in a request refers to the of the HS_SITE element used by the client (to access the server). Servers can check the in the request to find out if the client has up-to-date service information.

When possible, the server should fulfill a client's request even if the service information used by the client is out-of-date. However, the response message should specify the latest version of service information in the field. Clients with out-of-date service information can update the service information. If the server cannot fulfill a client's request due to expired service information, it should reject the request and return an error message with set to RC_EXPIRED_SITE_INFO.

Spec: 6.2.2.5

The is a one-byte unsigned integer that specifies the number of service recursions. Service recursion happens if the server has to forward the client's request to another server. Any request directly from the client must have its set to 0. If the server has to send a recursive request on behalf of the client, it must increment the by 1. Any response from the server must maintain the same as the one in the request. To prevent an infinite loop of service recursion, the server should be configurable to stop sending a recursive request when the reaches a certain value.

Spec: 6.2.2.6

The is a 4-byte unsigned integer that specifies the time when the message should be considered expired, relative to January 1st, 1970 GMT, in seconds. It is set to zero if no expiration is expected.

Spec: A UTF8-String that explains the error.

Spec: An optional field. Each index in the list is a 4-byte unsigned integer that refers to an element that contributed to the error.

An example would be a server that is asked to add three elements, with indexes 1, 2, and 3, and elements with indexes of 1 and 2 already in existence. In this case, the server could return an error message with set to RC_ELEMENT_ALREADY_EXIST and add index 1 and 2 to the . Note that the server is not obligated to return the complete list of indexes that may have caused the error.

Spec: A UTF8-String that identifies the identifier (e.g., a service identifier) that maintains the referral information (i.e., the service information of the DO-IRP service to which it corresponds).

Spec: An optional field that must be empty if the is provided. When not empty, it consists a list of HS_SITE or HS_SERV elements, or, in the case of a prefix referral, HS_SITE.PREFIX or HS_SERV.PREFIX elements.

Spec: A UTF8-String (as defined in section 6.1.4) that specifies the identifier to be resolved.

Spec: Each number in the integer array is an index and refers to an element to be retrieved. Set to an empty array to ask for all the elements regardless of their index.

Spec: Each UTF8-String in the list specifies a type. This tells the server to return all elements whose type is listed in the list. If a UTF8-String ends with the "." (0x2E) character, the server must return all elements whose type is under the type hierarchy specified in the UTF8-String. This means that the type is either exactly the supplied UTF8-String omitting the terminal "." character, or starts with the supplied UTF8- String including the "." character. The may be empty. In this case, the server must return all elements regardless of their type.

contains and

a service referral (see section 7.4)

Spec: A UTF8-String that specifies the identifier.

Spec: A 4-byte unsigned integer followed by a list of elements. The integer indicates the number of elements in the list.

Spec: A UTF8-String that specifies the identifier whose element(s) needs to be removed.

Spec: A 4-byte unsigned integer followed by a list of indexes. Each index refers to an element to be removed from the . The integer specifies the number of indexes in the list. Each index is also encoded as a 4-byte unsigned integer.

Spec: A UTF8-String that specifies the identifier whose element(s) needs to be modified.

Spec: A 4-byte unsigned integer followed by a list of elements. The integer specifies the number of elements in the list. Each element in the specifies an element that will replace the existing element with the same index.

contains and

Spec:

Spec: A UTF8-String that specifies the identifier.

Spec: A UTF8-String that identifies the type of authentication key used by the client. The field is set to "HS_SECKEY" if the client chooses to use a secret key for its authentication. The field is set to "HS_PUBKEY" if a public key is used instead.

Spec: A UTF8-String that identifies the identifier that holds the public or secret key of the administrator.

A 4-byte unsigned integer that specifies the index of the element (of the ) that holds the public or secret key of the administrator.

Spec: A 4-byte unsigned integer indicating the length of the following byte array, which contains either the Message Authentication Code (MAC) or the digital signature over the challenge from the server. The used to produce the MAC or signature is the concatenation of the bytes of the from the CHALLENGE message, excluding the initial 4 length bytes, followed by the from the CHALLENGE message, excluding the initial byte.

Reserved

Identifier query

Get HS_SITE element

Create new identifier

Delete existing identifier

Add element(s)

Remove element(s)

Modify element(s)

List identifiers

List derived prefixes

Response to challenge

Verify challenge response

Home prefix (instruct server to consider itself responsible for the prefix)

Unhome prefix

List homed prefixes

Session setup request

Session termination request

Reserved for request

Success response

General error

Server too busy to respond

Corrupted or unrecognizable message

Unsupported operation

Too many recursions for the request

Server storage is temporarily read-only as for backup

Identifier not found

Identifier already exists

Encoding (or syntax) error

Element not found

ALREADY_EXIST Element already exists

Invalid Element

SITE_INFO out of date

Server not responsible

Server referral

Prefix referral

Not an admin for operation

Insufficient permissions

Authentication required

Failed to authenticate

Invalid message credential

Authentication timed out

Unexpected error authenticating

Session expired

Unable to establish session

Invalid session key or session authentication failure

Potential session replay attack

Spec: PUBLIC_WRITE (0x01) permission that allows anyone to modify or delete the element.

Spec: PUBLIC_READ (0x02) permission that allows anyone to read the element.

Spec: ADMIN_WRITE (0x04) permission that allows any authenticated administrator with Modify_Element Delete_Element privileges (see 4.3.1) to update or delete the element

Spec: ADMIN_READ (0x08) permission that allows any authenticated administrator with "Authorized_Read" privilege (see section 4.3.1 below) to read the element.

0.TYPE/HS_ADMIN

0.TYPE/HS_SITE

0.TYPE/HS_SITE.PREFIX

0.TYPE/HS_SERV

0.TYPE/HS_SERV.PREFIX

0.TYPE/HS_PUBKEY

0.TYPE/HS_SECKEY

0.TYPE/HS_VLIST

0.TYPE/HS_ALIAS

0.TYPE/HS_CERT

0.TYPE/HS_SIGNATURE