[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 347: Domain separation for certificate signing keys

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 347: Domain separation for certificate signing keys
From: Alexander Færøy <ahf@xxxxxxxxxxxxxx>
Date: Thu, 19 Oct 2023 17:08:54 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Oct 2023 13:09:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-eugeni; t=1697735342; bh=Hz2yevW0Aoa+7e7VDLGJECJU2cyTZtribWUs2pmPAmA=; h=Date:From:To:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=AwF/splieB6aAoc95J8YT54ElfA/sxdP6lYwiWwfF6Gyl45JaNH38bndiN50/+cti QXTeJZ57nJySjoxXyNn+6q6P6PzjFU1iyeFn7oES1wlWw3j4ninI+nQR30rt9iIMuw JDuY2ct4BTBIF9I/KyiAMKLU6UKMPl5u6Xni1fQmopFhp5vo5gtM+BLcpbbhAjJ0cw /cxhBxvitlwlfcMk05Gs8VIPf+nG0hbfzqZjE/LHCCc42HrDYOWW6uPV2yhgtnGf74 Q8r2dnFU/hDJ0dtKvVSMEPwYBWeIKds8EPoLLmzxKNi7crJ9Abd+tylT6U7nJf7MlM mMz+dfouoDR4g==
In-reply-to: <CAKDKvuy4Gvfi32rYsp0UYPLqu05_6Jj7XtuzPQ5eP9N4+Xq2kQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
References: <CAKDKvuy4Gvfi32rYsp0UYPLqu05_6Jj7XtuzPQ5eP9N4+Xq2kQ@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2023/10/19 12:49, Nick Mathewson wrote:
> To see this rendered, go to
> https://spec.torproject.org/proposals/347-domain-separation.html
> 
> ```
> Filename: 347-domain-separation.md
> Title: Domain separation for certificate signing keys
> Author: Nick Mathewson
> Created: 19 Oct 2023
> Status: Open
> ```
> 
> ## Our goal
> 
> We'd like to be able to use the "family key" from proposal 321 as a
> general purpose signing key, to authenticate other things than the
> membership of a family.  For example, we might want to have a
> challenge/response mechanism where the challenger says, "If you want
> to log in as the owner of the account corresponding to this family,
> sign the following challenge with your key.  Or we might want to
> have a message authentication scheme where an operator can
> sign a message in a way that proves key ownership.
> 
> We _might_ also like to use relay identity keys or onion service
> identitiy keys for the same purpose.

Very nice work here. This is exactly what we need for some of the
experiments we want to do under Sponsor 112.

Cheers,
Alex

-- 
Alexander Færøy
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal 347: Domain separation for certificate signing keys
  - From: Nick Mathewson

Next by Author: [tor-dev] Fact-checking a claim about relay/bridge fingerprint authentication
Previous by thread: [tor-dev] Proposal 347: Domain separation for certificate signing keys
Index(es):
- Author
- Thread