[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec] 04/19: rend-spec: Clarify and slightly reword credential explanation

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec] 04/19: rend-spec: Clarify and slightly reword credential explanation
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Jan 2023 15:21:22 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Jan 2023 10:21:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1674141695; bh=+x46IssIERa5QtQGMvjgsPqjIKKnrr36WajfynOZUhg=; h=Date:To:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=nV4fRzjunYkHvlgZT4AEOmtlfyXdLYzjoYDDvT4p07BasQZko8LXysbbtr4cRpk0B tUDkUc2N9eywt04QgfFP+hz8DdRLB4z1tHq7+HBnJlILQvbT6CTE3yJw+u8eaXDW6J I8Nfczibo8oSR9jebgvvAtMSQXcdlNI3IDefM/DlKSCzIGh20MOQfcA5FoizE7HbJI uZHT+wCvxDC8nv1dOPrFv6EtFuOOqXKk6PQCaCUikbPph1tbZjvN4xTh96L98j8vA1 a5y9k4KfUqkYWYGZAInsqMa4bLzIjpnQlAxnSvJWIiiJFprU/q9eQ4eOf/RculZTtJ tvv4p94VGpu3Q==
In-reply-to: <167414167839.25073.12624828731192029726@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <167414167839.25073.12624828731192029726@cupani.torproject.org>
Reply-to: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWHpPgt+tcTyaObWmr9/j8vA==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository torspec.

commit b63106887099ad4bbfcd21623ab29a4b9583048c
Author: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
AuthorDate: Tue Jan 17 13:21:26 2023 +0000

    rend-spec: Clarify and slightly reword credential explanation
    
    Introduce the credential and subcredential before we use them.
    Talk about the public identity key rather than the credential,
    when we can.
---
 rend-spec-v3.txt | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index d72c36f..dacdaa9 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -495,12 +495,19 @@ Table of contents:
    hidden service descriptors are not signed with the services' public
    keys directly. Instead, we use a key-blinding system [KEYBLIND] to
    create a new key-of-the-day for each hidden service. Any client that
-   knows the hidden service's credential can derive these blinded
+   knows the hidden service's public identity key can derive these blinded
    signing keys for a given period. It should be impossible to derive
-   the blinded signing key lacking that credential.
+   the blinded signing key lacking that knowledge.
+
+   This is achieved using two nonces:
+
+    * A "credential", derived from the public identity key KP_hsid.
+
+    * A "subcredential", derived from the credential N_hs_cred
+      and information which various with the current time period.
 
    The body of each descriptor is also encrypted with a key derived from
-   the credential.
+   the public signing key.
 
    To avoid a "thundering herd" problem where every service generates
    and uploads a new descriptor at the start of each period, each

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [torspec] branch main updated (635270c -> f16803f)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor] 07/15: Merge branch 'mr-674-fixup' into main+mr-674-fixup
Next by Author: [tor-commits] [tor] 01/03: compress_lzma: New enum values from liblzma 5.3.x
Previous by thread: [tor-commits] [torspec] 03/19: Say that HS identity keys are not the same as relay identity keys
Next by thread: [tor-commits] [torspec] 05/19: Give a formal name to shared_random_value
Index(es):
- Author
- Thread