# Node to Coordinator Communication ```sequence Participant Node Participant Coordinator Note right of Coordinator: Generates Secret Key (CA:SK)\nand Public Key (CA:PK) Note right of Coordinator: Signs CA:PK with CA:SK\n(CA:S) Note right of Coordinator: Publishes CA:S & CA:PK\nin pointer record Note left of Node: Generates Secret Key (N1:SK)\nand Public Key(N1:PK) Node->Coordinator: Initial Connection\nSends N1:PK Note right of Coordinator: Signs N1:PK with CA:SK (N1:S) Coordinator->Node: Sends CA:N1:S Note left of Node: Verifies N1:S using known\nCA:PK from pointer\n(Good Coordinator) Note left of Node: Signs N1:PK with N1:SK (N1:S) Node->Coordinator: Sends N1:S Note right of Coordinator: Hashes(N1:S) and signs with CA:SK\nNode1 Cert (N1:C) Coordinator->Node: Sends N1:C Node->Coordinator: Request CRL Coordinator->Node: Sends CRL Note right of Node: Normal operation continues ``` # Node to Node w/ Coordinator PKI Presume the above was completed and Node2 enters the game ```sequence Participant Node1 Participant Node2 Participant Coordinator Note right of Coordinator: Generates Secret Key (CA:SK)\nand Public Key (CA:PK) Note right of Coordinator: Signs CA:PK with CA:SK\n(CA:S) Note right of Coordinator: Publishes CA:S & CA:PK\nin pointer record Note left of Node2: Generates Secret Key (N2:SK)\nand Public Key(N2:PK) Node2->Coordinator: Initial Connection\nSends N2:PK Note right of Coordinator: Signs N2:PK with CA:SK (N2:S) Coordinator->Node2: Sends CA:N2:S Note left of Node2: Verifies N2:S using known\nCA:PK from pointer\n(Good Coordinator) Note left of Node2: Signs N2:PK with N2:SK (N1:S) Node2->Coordinator: Sends N2:S Note right of Coordinator: Verifies N2:S\nHashes(N1:S) and signs with CA:SK\nNode2 Cert (N2:C) Coordinator->Node2: Sends N2:C Node2->Coordinator: Request CRL Coordinator->Node2: Sends CRL Node2->Node1: Initial connection\nSends N2:S & N2:C & N2:PK Note left of Node1: Checks CRL for N2:C value\nIf on CRL, reject Note left of Node1: Verifies N2:S\nHashes(N2:S) and verifies\nN2:C using CA:PK\nIf failed, reject Node1->Node2: Sends N1:S & N1:C Note left of Node2: Checks CRL for N1:C value\nIf on CRL, reject Note left of Node2: Verifies N1:S\nHashes(N1:S) and verifies\nN1:C using CA:PK\nIf failed, reject Note right of Node1: Normal operation continues ```
Published on HackMD
689