[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec] 01/19: Introduce names for the principal relay keys

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec] 01/19: Introduce names for the principal relay keys
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Jan 2023 15:21:19 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Jan 2023 10:21:32 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1674141689; bh=3Agvl2MbJJuJ1+kzSH/C1CvjzdG2u6rs0MCuQEhdBJE=; h=Date:To:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Pg9HBAVNS3HDDVJTHsUBRmVX1MltvbGdZ52eBm5XdTiF0Ir0aQim1iLynyfT5eWHW Jf3PHUzE1KTedh9EsG1+H+T0HdK7/IIGCN32I4dIEXNjaF8qQKQWv4LsKh4KSOH+8n LeHk5Y60HXOshsvEKAsvFSjyVDawumvQQH/oQkI+V09CPS1Lke6yDwHZID27wfYBpx Bjsm8++itQ7E3BjFqtH8oifXl7+MjoIALUiYdDbfInIxUt9Nbq3hSAfoakm9CvqqKA PISiG8MxSwnVb0A31DxNcgH9YCraY5FGAQN4wu/hvDHzSD2I+2orBHc+a745rEWLrm oU6giVYGvDC9Q==
In-reply-to: <167414167839.25073.12624828731192029726@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <167414167839.25073.12624828731192029726@cupani.torproject.org>
Reply-to: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWHpPgt+tcTyaObWmr9/j8vA==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository torspec.

commit 5e9d6fcce64550f20e85a36323179e04f1b269d4
Author: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
AuthorDate: Tue Jan 17 13:06:08 2023 +0000

    Introduce names for the principal relay keys
---
 tor-spec.txt | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/tor-spec.txt b/tor-spec.txt
index d5305f2..d967a8e 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -230,14 +230,17 @@ see tor-design.pdf.
 
     - A long-term signing-only "Identity key" used to sign documents and
       certificates, and used to establish relay identity.
+      KP_relayid_rsa, KS_relayid_rsa.
     - A medium-term TAP "Onion key" used to decrypt onion skins when accepting
       circuit extend attempts.  (See 5.1.)  Old keys MUST be accepted for a
       while after they are no longer advertised.  Because of this,
       relays MUST retain old keys for a while after they're rotated.  (See
       "onion key lifetime parameters" in dir-spec.txt.)
+      KP_onion_tap, KS_onion_tap.
     - A short-term "Connection key" used to negotiate TLS connections.
       Tor implementations MAY rotate this key as often as they like, and
       SHOULD rotate this key at least once a day.
+      KP_conn_tls, KS_conn_tls.
 
    This is Curve25519 key:
 
@@ -247,23 +250,30 @@ see tor-design.pdf.
       longer advertised.  Because of this, relays MUST retain old keys for a
       while after they're rotated. (See "onion key lifetime parameters" in
       dir-spec.txt.)
+      KP_onion_ntor, KS_onion_ntor.
 
    These are Ed25519 keys:
 
     - A long-term "master identity" key.  This key never
       changes; it is used only to sign the "signing" key below.  It may be
       kept offline.
+      KP_relayid_ntor, KS_relayid_ntor.
     - A medium-term "signing" key.  This key is signed by the master identity
       key, and must be kept online.  A new one should be generated
       periodically.  It signs nearly everything else.
+      KP_relaysign_ntor, KS_relaysign_ntor.
     - A short-term "link authentication" key, used to authenticate
       the link handshake: see section 4 below.  This key is signed
       by the "signing" key, and should be regenerated frequently.
+      KP_link_ntor, KS_link_ntor.
 
-   The RSA identity key and Ed25519 master identity key together identify a
-   router uniquely.  Once a router has used an Ed25519 master identity key
-   together with a given RSA identity key, neither of those keys may ever be
-   used with a different key.
+   KP_relayid_* together identify a router uniquely.  Once a router
+   has used a KP_relayid_ntor (an Ed25519 master identity key)
+   together with a given KP_relayid_rsa (RSA identity key), neither of
+   those keys may ever be used with a different key.
+
+   We write KP_relayid to refer to a key which is either
+   KP_relayid_rsa or KP_relayid_ntor.
 
 2. Connections
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [torspec] branch main updated (635270c -> f16803f)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [torspec] 07/19: Use _ed rather than _ntor for ed25519 keys
Next by Author: [tor-commits] [pluggable-transports/snowflake] branch main updated: Bump version to v2.4.3
Previous by thread: [tor-commits] [torspec] branch main updated (635270c -> f16803f)
Next by thread: [tor-commits] [torspec] 02/19: Introduce names for the principal rendezvous keys
Index(es):
- Author
- Thread