Here are the main goals of the CAKE protocol:
The most important goal of CAKE is ensuring that it's always possible to know that the entitiy who's communicating with you today is the same entity you communicated with yesterday.
This is distinctly different from the PKI philosophy if trying to tell you that someone (or something) you're communicating with has a particular publicly recognized identity by the standards of some certificate authority or other traditional public authority.
It achieves this by using public keys as the source or destination addresses of messages. It also uses digital signatures for integrity protection, so you can also be sure the a message came from the stated source address.
I've chosen to do it this way because public keys are natural identifiers for things you hold conversations with. Because things you hold conversations with have internal state that's hidden from you, you can use a public key to verify that they know the associated private key (an internal state that's hiddent from you), without finding out what that private key is.
I wrote a paper awhile ago that inspired me to do this. It's a more
detailed, long-winded and less refined paper on why I think public keys are
the rght kinds of names:
Naming and
the Internet
These are the goals that are hoped to be achieved by this:
The last goal is difficult to achieve for single-shot unicast messages as such messages are vulnerable to replay attacks. If you have a protocol that involves the exchange of several such messages, CAKE provides some protection in the form of 'cookies' in the message. These cookies are publicly readable nonces. A reply that happens within a certain timeframe is expected to include the senders cookie.
I'm still thinking through cookies, so I'm not sure if the CAKE layer will reject messages that do not include a cookie that was recently sent to the message sender by the message recipient. I may decide that this should be left to the higher layer protocols.
CAKE is also designed to be filterable by firewalls on a per-protocol basis.
CAKE achieves this by leaving the source, destination, protocol, and cookies of a message unencrypted. These fields are integrity protected, so they cannot be altered. But, since they are readable by entities other than the recipient, they can be filtered on.
In reality, of course, once you've let any kind of communication with the outside world, there is no feasible way of preventing any information whatsoever from being communicated. Though you can make communicating some things and communicating in some ways more difficult than others.