Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17349: Create an ed25519 shared randomness key for dirauths
--------------------+------------------------------------
 Reporter:  asn     |          Owner:
     Type:  defect  |         Status:  new
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:  #16943  |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by asn):

 Replying to [comment:2 nickm]:
 > a) This one.
 >
 > RSA authority signing key ==> ed25519 master identity key -> ed25519
 signing key ==> ed25519 SR key
 >
 > The only missing parts here are the ones I've done as "==>".  The first
 means that authorities should affirm their ed25519 identities.
 >
 > b) They could go in the certificate, but I'm not 100% sure they have to.
 Certificates do not currently include the RSA OR identity key.  I think
 that putting them in the voter-info block would make more sense.  The one
 that goes
 > {{{
 > dir-source dannenberg 585769C78764D58426B8B52B6651A5A71137189A
 dannenberg.torauth.de 193.23.244.244 80 443
 > contact Andreas Lehner <ops@xxxxxxxxxx>
 > vote-digest FB581F58EFCA26CD61323CE2E2082542960AA405
 > }}}
 >
 > Votes are signed by the RSA authority signing key, so this would
 authenticate the ed25519 master identity key using that.
 >

 Thanks for the help. I think I understand a bit better now.
 Please allow me to demonstrate my understanding, by showing you the extra
 lines that have to be added in the `voter-info` block to complete this:
 {{{
 master-key-ed25519 G8F9MHeldbWqj6F9jMozR4dd8Wof7u3tVWUwxMO3t8R
 -----BEGIN ED25519 CERT----- (ed25519 master key -> ed25519 signing
 key)...
 -----BEGIN ED25519 CERT----- (ed25519 signing key -> ed25519 shard random
 key)...
 }}}

 The first line introduces the master ed25519 to the voting document
 (currently it's only in the relay descriptor of the dirauth). Since it's
 in the vote, it's signed by the RSA signing key, and hence we complete the
 `RSA authority signing key -> ed25519 master identity key` part of the
 chain.

 The second line completes the `ed25519 master identity key -> ed25519
 signing key` part of the chain. Also these ed25519 certificates (as
 defined in prop220) seem to include the to-be-certified key, so in this
 case we don't need an extra line to introduce the ed25519 signing key
 explicitly.

 The final line finishes the chain by doing `ed25519 signing key -> ed25519
 shared random key`.

 How does that sound?

 ----

 I wonder what other things I need to think about. Like what should the
 lifetime of the SR key be. But maybe I can set it to the same lifetime as
 the signing key? Or maybe a bit shorter?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17349#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs