[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] tor-spec: Extends accept all-zero ed25519 keys



commit ce0d233f6d834be8a2fd2a10b2791978b90c1df1
Author: teor <teor@xxxxxxxxxxxxxx>
Date:   Tue Apr 28 17:30:30 2020 +1000

    tor-spec: Extends accept all-zero ed25519 keys
    
    The spec gives conficting advice about all-zero ed25519 keys in extends.
    Resolve this conflict by documenting tor's current behaviour.
    
    Also move a sentence about circuit IDs, so it's closer to the associated
    paragraph.
---
 tor-spec.txt | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/tor-spec.txt b/tor-spec.txt
index 6881436..fa6026d 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -1333,15 +1333,20 @@ see tor-design.pdf.
 
    When an onion router receives an EXTEND2 relay cell, it sends a CREATE2
    cell to the next onion router, with the enclosed HLEN, HTYPE, and HDATA
-   as its payload.
-
-   As special cases, if the EXTEND/EXTEND2 cell includes a legacy
-   identity, identity fingerprint, or Ed25519 identity of all zeroes, or
-   asks to extend back to the relay that sent the extend cell, the
-   circuit will fail and be torn down. The initiating onion router
-   chooses some circID not yet used on the connection between the two
-   onion routers.  (But see section 5.1.1 above, concerning choosing
-   circIDs.)
+   as its payload. The initiating onion router chooses some circID not yet
+   used on the connection between the two onion routers. (But see section
+   5.1.1 above, concerning choosing circIDs.)
+
+   As special cases, if the EXTEND/EXTEND2 cell includes a legacy identity, or
+   identity fingerprint of all zeroes, or asks to extend back to the relay
+   that sent the extend cell, the circuit will fail and be torn down.
+
+   Ed25519 identity keys are not required in EXTEND2 cells, so all zero
+   keys SHOULD be accepted. If the extending relay knows the ed25519 key from
+   the consensus, it SHOULD also check that key. (See section 5.1.2.)
+
+   If an EXTEND2 cell contains the ed25519 key of the relay that sent the
+   extend cell, the circuit will fail and be torn down.
 
    When an onion router receives a CREATE/CREATE2 cell, if it already has a
    circuit on the given connection with the given circID, it drops the



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits