[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] prop224: Change format of enc-key cross certification

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec/master] prop224: Change format of enc-key cross certification
From: nickm@xxxxxxxxxxxxxx
Date: Wed, 7 Sep 2016 00:12:45 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Sep 2016 20:13:04 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit d0e79a351cfcadbd6ce654521d416ac04c6f9f7c
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Wed Aug 24 13:17:28 2016 -0400

    prop224: Change format of enc-key cross certification
    
    Use a more standard format from Tor and proposal 220 instead of our own
    construction.
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 proposals/224-rend-spec-ng.txt | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 9833b49..fd0f76c 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -1036,17 +1036,16 @@ Table of contents:
           Cross-certification of the descriptor signing key by the enc-key.
           The format of this certificate depends on the type of enc-key.
 
-          For "ntor" keys, certificate is a proposal 220 certificate in
-          "-----BEGIN ED25519 CERT-----" armor, cross-certifying the
+          For "ntor" keys, certificate is a proposal 220 certificate wrapped
+          in "-----BEGIN ED25519 CERT-----" armor, cross-certifying the
           descriptor signing key with the ed25519 equivalent of the curve25519
           public key from "enc-key" derived using the process in proposal 228
           appendix A. The certificate type must be [10], and the signing-key
           extension is mandatory.
 
-          For "legacy" keys, certificate is an RSA signature wrapped in
-          "-----BEGIN SIGNATURE-----" of the digest:
-              H("legacy introduction point encryption key" | ED25519_KEY)
-          ED25519_KEY is the 32 byte descriptor signing public key.
+          For "legacy" keys, certificate is a proposal 220 certificate wrapped
+          in "-----BEGIN CROSSCERT-----" armor, cross-certifying the
+          descriptor signing key with the legacy RSA encryption key.
 
    To remain compatible with future revisions to the descriptor format,
    clients should ignore unrecognized lines in the descriptor.



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] changes file for 19767
Next by Author: [tor-commits] [tor/master] Refactor Single Onion code to improve consistency
Previous by thread: [tor-commits] [torspec/master] Merge remote-tracking branch 'asn/ticket19972_01'
Next by thread: [tor-commits] [tor/master] Add !(...) to BUG() log messages
Index(es):
- Author
- Thread