[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] HS v3 client authorization types

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] HS v3 client authorization types
From: meejah <meejah@xxxxxxxxx>
Date: Sat, 28 Apr 2018 00:59:02 +0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Apr 2018 17:00:23 -0400
In-reply-to: <2481d781-904c-c967-de69-db40060d9c9d@gmail.com> (Suphanat Chunhapanya's message of "Sat, 28 Apr 2018 03:08:14 +0700")
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <2481d781-904c-c967-de69-db40060d9c9d@gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)

Suphanat Chunhapanya <haxx.pop@xxxxxxxxx> writes:

After reading the spec diff and your mail, I'm still not sure I
understand the distinction -- if the x25519 is used to decrypt the
descriptor then:

> The spec says that the client must have both keys and use both to
> authenticate, but, for me, these two things are quite independent. I
> think they can be considered two different authentication types. The
> service should be able to enable one and disable the other. For example,
> If I disable the x25519 while I enable ed25519, I can add a new client
> immediately without the need to rotate the intro points.

...how does this work? If the client doesn't have the x25519 key how can
it access the descriptor?

Also, separately addressing the issue of configuration and terminology, I
think it's probably best if "users" (service operators and clients)
don't actually have to touch the keys.

This sounds fraught with peril: a service operator has to copy-pasta the
right half of the correct two keys, securely deliver them to a client
and the client has to put them in the right place in a
config-file. Then, if the service client has a problem later they have
to remember NOT copy-paste the whole config when asking for
help... sounds like lots to go wrong :) and I don't think this can be
solved by tinkering with the names/layout of torrc options,
personally...

-- 
meejah
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] HS v3 client authorization types
  - From: Suphanat Chunhapanya
- Re: [tor-dev] HS v3 client authorization types
  - From: teor

References:
- [tor-dev] HS v3 client authorization types
  - From: Suphanat Chunhapanya

Prev by Author: Re: [tor-dev] [TSoP] stem.client - introductions
Next by Author: [tor-dev] Proposal: The move to two guard nodes
Previous by thread: [tor-dev] HS v3 client authorization types
Next by thread: Re: [tor-dev] HS v3 client authorization types
Index(es):
- Author
- Thread