diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-03-12 12:48:22 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-03-12 12:48:22 -0400 |
commit | 2692b1c94ca5e2898eef8eefa2fc06545d80fe3d (patch) | |
tree | da2948e97f52730d1e5180fc43ba6e6d17a9bd2a | |
parent | 2896446cea4fe05790d7805ea6f654673069134c (diff) | |
parent | 0bfbfadc15e3f55ee0733a295c6b5237f57a9e34 (diff) | |
download | torspec-2692b1c94ca5e2898eef8eefa2fc06545d80fe3d.tar.gz torspec-2692b1c94ca5e2898eef8eefa2fc06545d80fe3d.zip |
Merge branch 'master' of git-rw.torproject.org:/torspec
-rw-r--r-- | control-spec.txt | 10 | ||||
-rw-r--r-- | proposals/313-relay-ipv6-stats.txt | 11 | ||||
-rw-r--r-- | rend-spec-v3.txt | 31 |
3 files changed, 24 insertions, 28 deletions
diff --git a/control-spec.txt b/control-spec.txt index 64a70fc..548edce 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -2706,11 +2706,6 @@ {Controllers may want to warn the user if this event occurs; further action is generally not possible.} - CONSENSUS_ARRIVED - Tor has received and validated a new consensus networkstatus. - (This event can be delayed a little while after the consensus - is received, if Tor needs to fetch certificates.) - Actions for STATUS_CLIENT events can be as follows: BOOTSTRAP @@ -2817,6 +2812,11 @@ to do so.} [Note: only REASON=CLOCK_JUMPED is implemented currently.] + CONSENSUS_ARRIVED + Tor has received and validated a new consensus networkstatus. + (This event can be delayed a little while after the consensus + is received, if Tor needs to fetch certificates.) + DANGEROUS_PORT "PORT=" port "RESULT=" "REJECT" / "WARN" diff --git a/proposals/313-relay-ipv6-stats.txt b/proposals/313-relay-ipv6-stats.txt index bd546b5..7f15e8d 100644 --- a/proposals/313-relay-ipv6-stats.txt +++ b/proposals/313-relay-ipv6-stats.txt @@ -320,13 +320,7 @@ Ticket: #33159 believe it is safe to collect the smaller IPv6 totals on bridges. The new consensus parameter should also be ignored on bridges. - The existing connection direction statistics are not reported by default, - but almost all relays actually report them. For more details, see: - [Ticket 33214: ConnDirectionStatistics is off by default, but most relays - report it]. - - If we fix the ConnDirectionStatistics default in Tor 0.4.4, we should also - implement the ConnDirectionStatistics consensus parameter. Then we can set + If we implement the ConnDirectionStatistics consensus parameter, we can set the consensus parameter to 1 for a week or two, so we can collect these statistics. @@ -391,9 +385,6 @@ References: [Relay Search]: https://metrics.torproject.org/rs.html -[Ticket 33214: ConnDirectionStatistics is off by default, but most relays report it]: - https://trac.torproject.org/projects/tor/ticket/12377 - [Tor Directory Protocol]: (version 3) https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index ccd5992..b067731 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1198,7 +1198,7 @@ Table of contents: "auth-client" SP client-id SP iv SP encrypted-cookie - [Any number] + [At least once] When client authorization is enabled, the hidden service inserts an "auth-client" line for each of its authorized clients. If client @@ -1379,11 +1379,11 @@ Table of contents: [Exactly once per introduction point] - The certificate is a proposal 220 certificate wrapped in - "-----BEGIN ED25519 CERT-----", cross-certifying the descriptor - signing key with the introduction point authentication key, which - is included in the mandatory signing-key extension. The certificate - type must be [09]. + The certificate is a proposal 220 certificate wrapped in "-----BEGIN + ED25519 CERT-----" cross-certifying the introduction point + authentication key using the descriptor signing key. The introduction + point authentication key is included in the mandatory signing-key + extension. The certificate type must be [09]. "enc-key" SP "ntor" SP key NL @@ -1396,8 +1396,8 @@ Table of contents: [Exactly once per introduction point] - Cross-certification of the descriptor signing key by the encryption - key. + Cross-certification of the encryption key using the descriptor + signing key. For "ntor" keys, certificate is a proposal 220 certificate wrapped in "-----BEGIN ED25519 CERT-----" armor, cross-certifying the @@ -1424,9 +1424,8 @@ Table of contents: MUST be present if "legacy-key" is present. The certificate is a proposal 220 RSA->Ed cross-certificate wrapped - in "-----BEGIN CROSSCERT-----" armor, cross-certifying the - descriptor signing key with the RSA public key found in - "legacy-key". + in "-----BEGIN CROSSCERT-----" armor, cross-certifying the the RSA + public key found in "legacy-key" using the descriptor signing key. To remain compatible with future revisions to the descriptor format, clients should ignore unrecognized lines in the descriptor. @@ -1465,9 +1464,15 @@ Table of contents: SALT hashed random bytes from above [16 bytes] ENCRYPTED The ciphertext [variable] - MAC MAC of both above fields [32 bytes] + MAC D_MAC of both above fields [32 bytes] - The final encryption format is ENCRYPTED = STREAM(SECRET_IV,SECRET_KEY) XOR Plaintext + The final encryption format is ENCRYPTED = STREAM(SECRET_IV,SECRET_KEY) XOR Plaintext . + + Where D_MAC = H(mac_key_len | MAC_KEY | salt_len | SALT | ENCRYPTED) + and + mac_key_len = htonll(len(MAC_KEY)) + and + salt_len = htonll(len(SALT)). 2.5.4. Number of introduction points [NUM_INTRO_POINT] |