<-- Return to ib
"ib Ident-Auth Protocol"
One of the key architectural facets of ib is its provision of crpyotgraphic authentication and identification mechanisms. In the main protocol’s HELO subprotocol, asymmetric ciphers are used to establish secure communication using ephemeral symmetric encryption keys. While this is effective at securing communications from tampering and eavesdropping within a given session, it does not address the larger problem of establishing a trust context to give meaning to the authenticity of that session. To provide means for turning what is "anyone" into "someone", the ib-IAP, or internetworked binary Ident-Auth Protocol, was created.
Most sysadmins know of the root certificates installed on most Linux operating systems, usually from Mozilla, that provide the authoritative basis for all communications secured by TLS. The integrity of those root certificates are vetted by the system’s package manager, which verifies the package’s authenticity using OpenPGP. Those PGP keys were ensured as correct by the makers of the ISO installer image, whose integrity was presumably verified using OpenPGP on the computer that made the installer image.
The lesson here is that there is a high level of dynamism to the chain of trust enabling us to securely use the Web. So, the purpose of ib-IAP is to provide mechanisms to build such "webs of trust", even as they must ultimately be derived from elsewhere.