[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] Update proposal 228 to reflect implementation status

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec/master] Update proposal 228 to reflect implementation status
From: nickm@xxxxxxxxxxxxxx
Date: Fri, 7 Nov 2014 16:38:17 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Nov 2014 11:38:26 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit cc453f956b8f8979e7bfa2f17be7de5587da992a
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Oct 1 14:15:08 2014 -0400

    Update proposal 228 to reflect implementation status
---
 proposals/228-cross-certification-onionkeys.txt |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/proposals/228-cross-certification-onionkeys.txt b/proposals/228-cross-certification-onionkeys.txt
index d28b714..b3b401c 100644
--- a/proposals/228-cross-certification-onionkeys.txt
+++ b/proposals/228-cross-certification-onionkeys.txt
@@ -85,6 +85,8 @@ Status: Open
    Note that this cert format has 32 bytes of of redundant data, since it
    includes the identity key an extra time.  That seems okay to me.
 
+   The signed key here is the master identity key.
+
    The TYPE field in this certificate should be set to
       [0A] - ntor onion key cross-certifying ntor identity key
 
@@ -151,3 +153,16 @@ B. Security notes
    oracle for our curve25519 ntor keys.  Fortunately, we don't, since
    nobody else can influence the certificate contents.
 
+C. Implementation notes
+
+   As implemented in Tor, I've decided to make this proposal cross-dependent
+   on proposal 220. A router descriptor must have ALL or NONE
+   of the following:
+            * An Ed25529 identity key
+            * A TAP cross-certification
+            * An ntor cross-certification
+
+   Further, if it has the above, it must also have:
+            * An ntor onion key.
+
+



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torspec/master] Bring more proposal 220 sections in sync with implementation
Next by Author: [tor-commits] [torspec/master] Update proposal 220 voting process to be actually secure
Previous by thread: [tor-commits] [torspec/master] Bring more proposal 220 sections in sync with implementation
Next by thread: [tor-commits] [torspec/master] Update proposal 220 voting process to be actually secure
Index(es):
- Author
- Thread