Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 78 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
Transmission Control Protocol (TCP) is a connection-oriented transport layer protocol that provides reliable, ordered delivery of data streams between applications over IP networks, used by KERI infrastructure components for network communication between witnesses, watchers, controllers, and other protocol participants.
Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite, operating at the transport layer (Layer 4) to provide reliable, connection-oriented communication between networked applications. TCP establishes a bidirectional data stream between two endpoints, guaranteeing ordered delivery, error detection, and retransmission of lost packets.
Within the KERI ecosystem, TCP serves as a fundamental transport mechanism for protocol message exchange between distributed infrastructure components. KERI's architecture explicitly supports TCP as one of several transport options for streaming CESR-encoded messages.
Witness Communication: Witnesses use TCP endpoints to receive key events from controllers and exchange with other witnesses. The consensus algorithm operates over TCP connections to achieve agreement on key state.
KERI implementations should support multiple transports including TCP, with selection based on deployment requirements. TCP is appropriate for:
TCP's stateful nature requires careful connection lifecycle management:
Since TCP uses client address/port for session identification, implementations must:
TCP provides no inherent security. KERI's security model relies on:
Never rely on TCP connection security for KERI protocol security guarantees.
For high-throughput KERI deployments:
Watcher Networks: Watchers maintain TCP connections to witnesses and other watchers to perform duplicity detection by comparing KEL versions across the network.
Direct Mode Operations: In KERI's direct mode, controllers establish peer-to-peer TCP connections to exchange key events without witness intermediation, as demonstrated in the demo scripts (keri_bob, keri_eve).
OOBI Resolution: TCP endpoints are discovered through OOBI URLs (e.g., http://witness-demo:5642/oobi/[AID]), enabling controllers to locate and connect to infrastructure services.
TCP's session identification mechanism is particularly relevant to KERI implementations. Unlike protocols with explicit session identifiers, TCP identifies sessions through the combination of client address and port. When a KERI component receives a TCP packet, it must perform a lookup to route the packet to the appropriate process handling that connection. This stateful connection model contrasts with KERI's stateless, event-driven architecture, requiring careful implementation to maintain protocol semantics.
KERI's design as a spanning layer protocol means it operates independently of the underlying transport. While TCP is commonly used, KERI also supports:
This transport agnosticism allows KERI to function across diverse network environments while maintaining cryptographic security guarantees through end-to-end verification rather than transport-layer security.