[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] HS v3 client authorization types



Ian Goldberg <iang@xxxxxxxxxxxxxxx> writes:

> On Thu, May 10, 2018 at 12:20:05AM +0700, Suphanat Chunhapanya wrote:
>> On 05/09/2018 03:50 PM, George Kadianakis wrote:
>> > b) We might also want to look into XEdDSA and see if we can potentially
>> >    use the same keypair for both intro auth (ed25519) and desc auth
>> (x25519).
>> 
>> This will be a great advantage if we can do that because putting two
>> private keys in the HidServAuth is so frustrating.
>
> The private key for intro auth is used to make a signature (that will be
> different per client), while the private key for desc auth is used to
> decrypt the descriptor (which will be the same for all clients), no?
>

Hm. Both intro auth and desc auth keys are different for each client. In
the case of desc auth we do that so that we can revoke a client without
needing to refresh desc auth keys for all other clients.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev