[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reconciling link authentication and key rotation
On Sat, 1 Mar 2003, Roger Dingledine wrote:
> I think I tend toward what the design doc says -- the hash included in
> the message is a hash of the identity (signature) key of the next mix.
>
> So when two nodes create a forward secure link with each other, they
> each provide a certificate, including the transport key, signed by their
> signature key? Is there a standard procedure for providing a new transport
> key that's just as authentic (signed) as the old one?
This is how we have implemented it here in Cambridge. We should clarify in
the spec that the signature is the one of the long term signature key.
G.