[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec] 04/19: rend-spec: Clarify and slightly reword credential explanation



This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository torspec.

commit b63106887099ad4bbfcd21623ab29a4b9583048c
Author: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
AuthorDate: Tue Jan 17 13:21:26 2023 +0000

    rend-spec: Clarify and slightly reword credential explanation
    
    Introduce the credential and subcredential before we use them.
    Talk about the public identity key rather than the credential,
    when we can.
---
 rend-spec-v3.txt | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index d72c36f..dacdaa9 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -495,12 +495,19 @@ Table of contents:
    hidden service descriptors are not signed with the services' public
    keys directly. Instead, we use a key-blinding system [KEYBLIND] to
    create a new key-of-the-day for each hidden service. Any client that
-   knows the hidden service's credential can derive these blinded
+   knows the hidden service's public identity key can derive these blinded
    signing keys for a given period. It should be impossible to derive
-   the blinded signing key lacking that credential.
+   the blinded signing key lacking that knowledge.
+
+   This is achieved using two nonces:
+
+    * A "credential", derived from the public identity key KP_hsid.
+
+    * A "subcredential", derived from the credential N_hs_cred
+      and information which various with the current time period.
 
    The body of each descriptor is also encrypted with a key derived from
-   the credential.
+   the public signing key.
 
    To avoid a "thundering herd" problem where every service generates
    and uploads a new descriptor at the start of each period, each

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits