New Parameters

1. :signature
   The value of the signature in a performative is a digital signature signed on the content of the performative. This signature is signed by the agent that sends the KQML message.

2. :senderCert
   To verify the signature in a performative, the receiver needs the public key of the sender. The included senderCert of a performative enables the receiver to get and verify the authenticity of the public key, and then to verify the signature with the authenticated public key. Generally, signature and senderCert appear at the same time in a performative.

3. :senderCertChain
   For the dynamic management of certificates, the senderCertChain, in which the certificates of the agents along the path from the root security agent through the agent that holds the senderCertChain, will be needed as parameter in the performative. See also [11].

4. :senderCertName
   This parameter indicates which kind of certificate is used by the sender of the massage, so that the receiver will be able to parse the information included in the senderCert with certain format under the name of ``senderCertName''.

5. :receiverCert
   The certificate of receiver's public key.

6. :receiverCertName
   The name of the receiver's public key certificate. This parameter indicates which public key of the receiver is used to encrypt the content of message, because with multi-certificate authentication system, a receiver can hold more than one public key certificates. Being informed of the certificate, the receiver can easily choose the corresponding private key to decrypt the encrypted content of the message.

For example, ``tell'' is one of the performatives defined in original KQML[9]. But new parameters in the performative enable agent to ``tell'' verifiable secret:
tell:
:language CIPHER
:content {the encrypted M}
:receiverCertName CMUCertificate
and M is another KQML message embodied in the first KQML package:
tell:
:language PLAINTEXT
:content {the content}
:senderCert {a public certificate of sender}
:senderCertName RetsinaCertificate
:signature {signature signed by sender}
A detailed processing of the KQML message is as following:

1. The KQML parser of receiver extracts the content of first KQML package, encrypted M and passes it with RetsinaCertificate to security execution module.
2. The security execution module picks up the corresponding private key, decrypts it and gets plain M.
3. Since M is a KQML message, it will be returned to KQML parser. The parser parses M and passes the content, signature, and senderCert to security execution module.
4. The security execution module verifies the authenticity and integrity of the content.