[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reconciling link authentication and key rotation



On Sun, 2003-03-02 at 07:04, George Danezis wrote:
> On Sat, 1 Mar 2003, Roger Dingledine wrote:
> > I think I tend toward what the design doc says -- the hash included in
> > the message is a hash of the identity (signature) key of the next mix.
> > 
> > So when two nodes create a forward secure link with each other, they
> > each provide a certificate, including the transport key, signed by their
> > signature key? Is there a standard procedure for providing a new transport
> > key that's just as authentic (signed) as the old one?
> 
> This is how we have implemented it here in Cambridge. We should clarify in 
> the spec that the signature is the one of the long term signature key.

Eeek.  FYI, this means that the current code is wrong.  I'm going to fix
it, and fix the spec too if nobody has done so.

-- 
Nick Mathewson <nickm@alum.mit.edu>