On 18 May (19:03:09), George Kadianakis wrote: > Ian Goldberg <iang@xxxxxxxxxxxxxxx> writes: > > > On Thu, May 10, 2018 at 12:20:05AM +0700, Suphanat Chunhapanya wrote: > >> On 05/09/2018 03:50 PM, George Kadianakis wrote: > >> > b) We might also want to look into XEdDSA and see if we can potentially > >> > use the same keypair for both intro auth (ed25519) and desc auth > >> (x25519). > >> > >> This will be a great advantage if we can do that because putting two > >> private keys in the HidServAuth is so frustrating. > > > > The private key for intro auth is used to make a signature (that will be > > different per client), while the private key for desc auth is used to > > decrypt the descriptor (which will be the same for all clients), no? > > > > Hm. Both intro auth and desc auth keys are different for each client. In > the case of desc auth we do that so that we can revoke a client without > needing to refresh desc auth keys for all other clients. Following yesterday's discussion on IRC with haxxpop and asn, and some more today, I worked on a revised version of the spec: https://gitweb.torproject.org/user/dgoulet/torspec.git/commit/?h=ticket20700_01 Probably will be easier to just read the whole thing instead of the diff: https://gitweb.torproject.org/user/dgoulet/torspec.git/tree/rend-spec-v3.txt?h=ticket20700_01#n2279 So the idea is that instead of making the HS client/operator have to pass around portions of a file containing private and public keys, it is to logically seperate them so that the operator only deals with one single file when wanting to transmit the keys to a client. Thoughts? David -- fbv5H3G6O9hLu6Txl6sNIg/unJ95a7iOi43Afzw8ROs=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev