summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2004-03-31 03:54:20 +0000
committerRoger Dingledine <arma@torproject.org>2004-03-31 03:54:20 +0000
commit342ce84b013e440676cd0d9851c999c1cf85f5c7 (patch)
tree20ad5e354e5dc1ae20571f39f87972cd79eae440 /doc
parentb32440a02896d39f44664104a935f71741a8b4c4 (diff)
downloadtor-342ce84b013e440676cd0d9851c999c1cf85f5c7.tar.gz
tor-342ce84b013e440676cd0d9851c999c1cf85f5c7.zip
tweaks/patches on the rendezvous spec
svn:r1405
Diffstat (limited to 'doc')
-rw-r--r--doc/rend-spec.txt47
1 files changed, 28 insertions, 19 deletions
diff --git a/doc/rend-spec.txt b/doc/rend-spec.txt
index 2ef33f86ac..5ca2ef50ca 100644
--- a/doc/rend-spec.txt
+++ b/doc/rend-spec.txt
@@ -153,7 +153,7 @@ Tor Rendezvous Spec
Over this stream, Bob's OP makes an HTTP 'POST' request, to the URL
'/rendezvous/publish' (relative to the directory server's root),
containing as its body Bob's service descriptor. Upon receiving a
- descriptor, the director server checks the signature, and discards the
+ descriptor, the directory server checks the signature, and discards the
descriptor if the signature does not match the enclosed public key. Next,
the directory server checks the timestamp. If the timestamp is more than
24 hours in the past or more than 1 hour in the future, or the directory
@@ -168,18 +168,19 @@ Tor Rendezvous Spec
When Alice receives a pointer to a location-hidden service, it is as a
hostname of the form "y.onion", where y is a base-32 encoding of a
- ~16-octet hash of Bob's service's public key, computed as follows:
+ 10-octet hash of Bob's service's public key, computed as follows:
1. Let H = H(PK).
2. Let H' = the first 80 bits of H, considering each octet from
- most significant bit to least significant big.
- 2. Generate a 26-character encoding of H', taking H' 5 bits at
+ most significant bit to least significant bit.
+ 2. Generate a 16-character encoding of H', taking H' 5 bits at
a time, and mapping each 5-bit value to a character as follows:
0..25 map to the characters 'a'...'z', respectively.
26..31 map to the characters '0'...'5', respectively.
(We only use 80 bits instead of the 160 bits from SHA1 because we don't
- need to worry about man-in-the-middle attacks.)
+ need to worry about man-in-the-middle attacks, and because it will make
+ handling the url's more convenient.)
[Yes, numbers are allowed at the beginning. See RFC1123. -NM]
@@ -197,14 +198,19 @@ Tor Rendezvous Spec
Upon receiving a service descriptor, Alice verifies with the same process
as the directory server uses, described above in section 1.4.
- [XXXX can Alice cache the descriptor? It may make her
- partitionable. -NM]
+ The directory server gives a 400 response if it cannot understand Alice's
+ request.
+
+ Alice should cache the descriptor locally, but should not use
+ descriptors that are more than 24 hours older than their timestamp.
+ [Caching may make her partitionable, but she fetched it anonymously,
+ and we can't very well *not* cache it. -RD]
1.7. Alice's OP establishes a rendezvous point.
When Alice requests a connection to a given location-hidden service,
- and Alice's OP has not already established a circuit to that circuit,
- the OP establishes a rendezvous service. It does this by establishing
+ and Alice's OP does not have an established circuit to that service,
+ the OP builds a rendezvous circuit. It does this by establishing
a circuit to a randomly chosen OR, and sending a
RELAY_ESTABLISH_RENDEZVOUS cell to that OR. The body of that cell
contains:
@@ -214,7 +220,7 @@ Tor Rendezvous Spec
The rendezvous cookie is an arbitrary 20-byte value, chosen randomly by
Alice's OP.
- Upon receiving a RELAY_ESTABLISH_RENDEZVOUS cell, the OP associates the
+ Upon receiving a RELAY_ESTABLISH_RENDEZVOUS cell, the OR associates the
RC with the circuit that sent it.
Alice's OP MUST NOT use the circuit which sent the cell for any purpose
@@ -222,27 +228,30 @@ Tor Rendezvous Spec
1.8. Introduction: from Alice's OP to Introduction Point
- Via another circuit, Alice sends a RELAY_INTRODUCE1 cell to once of Bob's
- chosen introduction points. This cell contains:
+ Alice builds a separate circuit to one of Bob's chosen introduction
+ points, and sends it a RELAY_INTRODUCE1 cell containing:
Cleartext
- PK_ID Identifier for Bob's PK [16 octets]
+ PK_ID Identifier for Bob's PK [20 octets]
Encrypted to Bob's PK:
RP Rendezvous point's nickname [variable]
RC Rendezvous cookie [20 octets]
g^x Diffie-Hellman data, part 1 [128 octetes]
- PK_ID is the first 16 octets of the hash of Bob's public key. RP is
- NUL-terminated.
+ PK_ID is the hash of Bob's public key. RP is NUL-terminated.
The data is encrypted to Bob's PK as follows: Suppose Bob's PK is L octets
long. If the data to be encrypted is shorter than L, then it is encrypted
directly (with no padding). If the data is at least as long as L, then a
randomly generated 16-byte symmetric key is prepended to the data, after
- which the first L-1 bytes of the data are encrypted with Bob's PK; and the
+ which the first L-16 bytes of the data are encrypted with Bob's PK; and the
rest of the data is encrypted with the symmetric key.
+ [There's very little here is that is recognizable by Bob to let him
+ know if he decrypted it correctly. Perhaps we should add OAEP padding
+ to the RSA -- there is space -RD]
+
1.9. Introduction: From the Introduction Point to Bob's OP
If the Introduction Point recognizes PK_ID as a public key which has
@@ -260,7 +269,7 @@ Tor Rendezvous Spec
Bob's OP build a new Tor circuit ending at Alice's chosen rendezvous
point, and sends a RELAY_RENDEZVOUS1 cell along this circuit, containing:
- RC Rendezvous cookie [20 octets]
+ RC Rendezvous cookie [20 octets]
g^y Diffie-Hellman [128 octets]
H(KH) Handshake digest [20 octets]
@@ -285,9 +294,9 @@ Tor Rendezvous Spec
Kf = K[16..31]
Kb = K[32..47]
- Subsequently, the rendezvous point passes relay cells, unchained, from
+ Subsequently, the rendezvous point passes relay cells, unchanged, from
each of the two circuits to the other. When Alice's OP sends
- sends RELAY cells along the circuit, it first encrypts them with the
+ RELAY cells along the circuit, it first encrypts them with the
Kf, then with all of the keys for the ORs in Alice's side of the circuit;
and when Alice's OP receives RELAY cells from the circuit, it decrypts
them with the keys for the ORs in Alice's side of the circuit, then