[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec] branch main updated: update 343-rend-caa to include guidance on the non mandatory state of CAA

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec] branch main updated: update 343-rend-caa to include guidance on the non mandatory state of CAA
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 13 Jun 2023 16:21:05 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 13 Jun 2023 12:21:14 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1686673271; bh=7NjMb/lYb7rfV6FzfMeWLAwV0xhhHUx/V1sF8knnDJ8=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=pM0MIBsX/COuRYmNeBfObIOBskKWu0DXQCS2ozPPQ5vrKmVSwrbKHuyqKBHXfvs25 zo6ObVLLRtWobF2D6msE+AI7jM+Ym1urnqLcsG/k41++vi5rJIHPauxYbKdHl7y2tU wxngvxXvV22ZrdyDMkVVyn59yhE+Uu3pl6EsbPifL9FPWnnRe3n0uGYwX2txkb3Wbh A5k45PelQ4iNpOCpsT995kkLWI7ymKEsudgJ3RroPyWEJrk56ZL1cAovLIMpCIp/Ez 2HvpZCCBJVcmrGLO0QSc14xazCWkez8kDMj47rB+0rsVdlWs9qWsaDpV+qgxFqq1yT DNXEHxvL07jmw==
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Reply-to: Q <q@misell.cymru>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository torspec.

The following commit(s) were added to refs/heads/main by this push:
     new 67f8481  update 343-rend-caa to include guidance on the non mandatory state of CAA
     new 4a14d01  Merge branch 'tor-gitlab/mr/139'
67f8481 is described below

commit 67f8481596b010c58c406ee5c5631202a59bfc6f
Author: Q <q@misell.cymru>
AuthorDate: Tue Jun 6 23:27:36 2023 +0200

    update 343-rend-caa to include guidance on the non mandatory state of CAA
---
 proposals/343-rend-caa.txt | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/proposals/343-rend-caa.txt b/proposals/343-rend-caa.txt
index f5d449f..0859690 100644
--- a/proposals/343-rend-caa.txt
+++ b/proposals/343-rend-caa.txt
@@ -3,6 +3,7 @@ Title: CAA Extensions for the Tor Rendezvous Specification
 Author: Q Misell <q@xxxxxxxxxxxx>
 Created: 2023-04-25
 Status: Open
+Ticket: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/716
 
 Overview:
   The document defines extensions to the Tor Rendezvous Specification Hidden
@@ -22,8 +23,11 @@ Motivation:
   As Tor hidden service domains are not in the DNS another way to provide the
   same security benefits as CAA does in the DNS needed to be devised.
 
+  It is important to note that a hidden service is not required to publish a CAA
+  record to obtain a certificate, as is the case in the DNS.
+
   More information about this project in general can be found at
-  https://e.as207960.net/w4bdyj/Gm2AylEF
+  https://acmeforonions.org.
 
 Specification:
   To enable maximal code re-use in CA codebases the same CAA record format is
@@ -62,10 +66,10 @@ Specification:
     [At most once]
 
 Security Considerations:
-  The second layer descriptor is signed and MACed in a way that only a party
-  with access to the secret key of the hidden service could manipulate what is
-  published there. Therefore, Tor CAA records have at least the same security as
-  those in the DNS secured by DNSSEC.
+  The second layer descriptor is signed, encrypted and MACed in a way that only
+  a party with access to the secret key of the hidden service could manipulate
+  what is published there. Therefore, Tor CAA records have at least the same
+  security as those in the DNS secured by DNSSEC.
 
   The "caa-critical" flag is visible to anyone with knowledge of the hidden
   service's public key, however it reveals no information that could be used to
@@ -104,4 +108,4 @@ References:
 
   [tor-rend-spec-v3]
              The Tor Project, "Tor Rendezvous Specification - Version 3",
-             <https://spec.torproject.org/rend-spec-v3>.
+             <https://spec.torproject.org/rend-spec-v3>.
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [stem] 20/20: Stem release 1.8.2
Next by Author: [tor-commits] [tor] 04/04: version: Bump version to 0.4.8.1-alpha
Previous by thread: [tor-commits] [torspec] branch main updated: Describe the behavior of our HSv3 crypto layers.
Next by thread: [tor-commits] [tor] branch main updated: Fix the spacing in the 'Your Tor identity key fingerprint is' log line'
Index(es):
- Author
- Thread