Each member in the coalition checks the validity of the Config_Cert_Request message, looks
in its CRL and BL tables if no member of the coalition is malicious nor his public key is
revoked. If this holds, then each member starts the threshold signature protocol providing an
‘On-line Joint IP address and Public Key Certificate’ for the requester. The member of the
coalition with the lowest IP address will act as the combiner of the partial signatures, replies to
the requester by a Config_Cert_Reply message, and has in addition the task to inform all
nodes by a Config_Advert message that an IP address has been attributed to the node in
question. Then, all nodes increment its Requester Counter (RC) and delete this address from
the FAT and save it in the PAT. Hence, a new coming node will not have the possibility of
choosing this address.
If a malicious node has been discovered among the coalition members, a Config_Alert message
is sent to the honest members of the coalition and to the new joining node. This message
includes the list of approved malicious members and/or the list of approved revoked public
keys. The algorithm for this processing is shown in Figure 1.
The new joining node checks the correctness of this information by means of the On-line
Certificate Authority’s public key. Hence, it will be able to isolate the misbehaving nodes
(either the node sending the Config_Alert message or nodes appearing in this message).
Subsequently, the requester performs a new coalition selection while excluding the malicious
Figure 1: Processing a certification request by a co-signer