[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 347: Domain separation for certificate signing keys



On 2023/10/19 12:49, Nick Mathewson wrote:
> To see this rendered, go to
> https://spec.torproject.org/proposals/347-domain-separation.html
> 
> ```
> Filename: 347-domain-separation.md
> Title: Domain separation for certificate signing keys
> Author: Nick Mathewson
> Created: 19 Oct 2023
> Status: Open
> ```
> 
> ## Our goal
> 
> We'd like to be able to use the "family key" from proposal 321 as a
> general purpose signing key, to authenticate other things than the
> membership of a family.  For example, we might want to have a
> challenge/response mechanism where the challenger says, "If you want
> to log in as the owner of the account corresponding to this family,
> sign the following challenge with your key.  Or we might want to
> have a message authentication scheme where an operator can
> sign a message in a way that proves key ownership.
> 
> We _might_ also like to use relay identity keys or onion service
> identitiy keys for the same purpose.

Very nice work here. This is exactly what we need for some of the
experiments we want to do under Sponsor 112.

Cheers,
Alex

-- 
Alexander Færøy
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev