[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] HS v3 client authorization types



Suphanat Chunhapanya <haxx.pop@xxxxxxxxx> writes:

After reading the spec diff and your mail, I'm still not sure I
understand the distinction -- if the x25519 is used to decrypt the
descriptor then:

> The spec says that the client must have both keys and use both to
> authenticate, but, for me, these two things are quite independent. I
> think they can be considered two different authentication types. The
> service should be able to enable one and disable the other. For example,
> If I disable the x25519 while I enable ed25519, I can add a new client
> immediately without the need to rotate the intro points.

...how does this work? If the client doesn't have the x25519 key how can
it access the descriptor?


Also, separately addressing the issue of configuration and terminology, I
think it's probably best if "users" (service operators and clients)
don't actually have to touch the keys.

This sounds fraught with peril: a service operator has to copy-pasta the
right half of the correct two keys, securely deliver them to a client
and the client has to put them in the right place in a
config-file. Then, if the service client has a problem later they have
to remember NOT copy-paste the whole config when asking for
help... sounds like lots to go wrong :) and I don't think this can be
solved by tinkering with the names/layout of torrc options,
personally...

-- 
meejah
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev