[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master] Clarify a paragraph in prop 169.
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Fri, 29 Jan 2010 16:39:27 -0500
Subject: Clarify a paragraph in prop 169.
Commit: f75f7322b9318efe25d83c77c8a29ebaefad07fb
---
.../proposals/169-eliminating-renegotiation.txt | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/doc/spec/proposals/169-eliminating-renegotiation.txt b/doc/spec/proposals/169-eliminating-renegotiation.txt
index f07ca1e..8a8ae6e 100644
--- a/doc/spec/proposals/169-eliminating-renegotiation.txt
+++ b/doc/spec/proposals/169-eliminating-renegotiation.txt
@@ -314,10 +314,13 @@ Target: 0.2.2
cells.
* Send a NETINFO cell. Wait for a CERT and a NETINFO
cell from the server.
- * If the CERT cell is a good cert signing the public
- key in the x.509 certificate we got during the TLS
- handshake, we connected to the server with that
- identity key. Otherwise close the connection.
+ * If the CERT cell contains a valid self-identity cert,
+ and the identity key in the cert can be used to check
+ the signature on the x.509 certificate we got during
+ the TLS handshake, then we know we connected to the
+ server with that identity. If any of these checks
+ fail, or the identity key was not what we expected,
+ then we close the connection.
* Once the NETINFO cell arrives, continue as before.
And V3+ responder behavior now looks like this:
--
1.6.5