Razor2 protocol William Stearns Copyright 2002 Released under the GPL. This is _not_ a formally released protocol description from the guys that wrote it; it's a best guess from a guy that needs to reverse engineer it. If you need a correct or dependable protocol, ask Vipul, Chad or Jordan. The client and server communicate over 2703/tcp; razor protocol 1 used port 2702/tcp. Connection stays open for all signatures, no more 20 sig limit. In a simple check session, the server starts off with an introduction: Client Server sn=N&srl=3&ep4=7542-10&a=l The client sends queries to the server, ends with a ".". Each message has three hashes to send. Server can report independantly for each hash. -a=c&e=1&s=D2BtfYn3QXxZ7Ka-a1XSh8bCXZMA a=c&e=3&s=iBIbAAAMEAOAICAJlBBIGAZMAFAElEYSTIAJiYQAUAAA a=c&e=4&ep4=7542-10&s=_npe6YMymAEuDEVcuUlANl6pbIUA . Server sends back 1 to 1 matched responses for each query: -cf=50&p=1 p=0 p=0 . Client sends signatures for up to about 20 messages (so up to 80 hashes with up to 4 hashes per message, then sends a '.' and waits for server responses to all. Client can then send off another block, and so on. The limit appears to be the bql and bqs for this particular server, or 0 for unlimited. Each (client or server) block starts with a "-" as the first character of the first line. Client quits: a=q Client atoms: atom example description used in ------ -------------- ------------------------------------------------------------------------------ ------------------------------- a= "action" a=c check hashes to see if spam check query a=g a=g&pm=csl get list of catalogue servers from discovery server discovery a=g&pm=key (future, ask server for a specific server state key) a=g&pm=nsl get list of nomination servers from discovery server discovery a=g&pm=state get server state discovery a=q quit no more queries or reports a=ai&user= client appends contents of user= field in ~/.razor/identity report session, logging in a=auth&aresp= "auth", authenticate self. aresp=sha1 of server's achal and local password. report session, logging in a=r report spam report session a=r&message=* Send the entire message, headers and all. report session e= engine=hash type report and check sessions e=1 razor1, SHA of entire body e=2 SHA1 of body part e=3 Nilsima e=4 ephemeral (default in reporting, see dre=) ep4= "collaboratively computed random number" for ephemeral signatures? ep4=7542-10 Seed-Separator, used for ephemeral hash. various places s= signature for that hash type. various places - start of a block . end of this block. Ends with 0x13, 0x10 '.', 0x13, 0x10 Server atoms: atom example description used in ------ -------------- ------------------------------------------------------------------------------ ------------------------------- a= initial server banner, optional a=l "l" login request? ac= server's average confidence server state ac=0 Current average confidence 0. Hmmm. Seems a bit low. :-) achal= (random?) token sent from server used in authentication during reporter login report session, logging in bql= maximum batched query lines. server state bql=50 bql=0 or undef no line limit bqs= maximum batched query size (in kilobytes). used in report/revoke. server state bqs=129 bql=0 or undef no size limit cf= confidence value, 0 to 100. (only there if p=1) check response cf=0 cf=50 dre= default rcheck engine. default 4. report and revoke can't use engine 1 server state dre=4 ep4= "collaboratively computed random number" for ephemeral signatures? initial server banner, optional ep4=7542-10 Seed-Separator, used for ephemeral hash. err= err=100 (returned when sending individual signatures instead of a block of 3) err=210 username already exists err=221 Attempt to revoke unknown content (received after submitting vr4 sig with ep4 uninitialized) err=230 server is asking client to send the mail report response p= p=0 NOT spam. check response p=1 IS spam check response redirect= (Unused as of client 2.07) initial server banner, optional se= server engines, bits set for each engine type server supports server state se=0F engines 1-4 supported sn= server type initial server banner, required sn=N server is a Nomination server (used by razor-{report,revoke}) sn=C server is a Catalogue server (used by razor-check) srl= serial number of server info, increases when server changes settings initial server banner, required srl=3 sv= server version server state sv=2.08 first digit must be 2 to work with razor2 clients res= res=1 server accepted the report report response res=0 server did NOT accept the report (not seen yet) report response zone= dns zone of which this server is a part server state zone=razor.cloudmark.com - start of a block . end of this block. Ends with 0x13, 0x10 '.', 0x13, 0x10 Discovery1: Client Server sn=N&srl=3&ep4=7542-10&a=l a=g&pm=csl -csl=? fire.cloudmark.com . Discovery2: Client Server sn=N&srl=3&ep4=7542-10&a=l a=g&pm=state -sv=2.08 zone=razor.cloudmark.com ac=0 dre=4 bqs=129 bql=50 se=0F sn=N . -a=c&e=1&s=WzHNiX6cKY2DZ1D7HSY7n8R6lPMA a=c&e=3&s=AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEACEAAAAAAA a=c&e=4&ep4=&s=1 . -p=0 cf=0&p=1 err=221 . a=q