Merge branch 'master' of git-rw.torproject.org:/torspec

3 files changed, 24 insertions, 28 deletions

diff --git a/control-spec.txt b/control-spec.txt
index 64a70fc..548edce 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -2706,11 +2706,6 @@
        {Controllers may want to warn the user if this event occurs; further
        action is generally not possible.}
 
-     CONSENSUS_ARRIVED
-        Tor has received and validated a new consensus networkstatus.
-        (This event can be delayed a little while after the consensus
-        is received, if Tor needs to fetch certificates.)
-
   Actions for STATUS_CLIENT events can be as follows:
 
      BOOTSTRAP
@@ -2817,6 +2812,11 @@
        to do so.}
        [Note: only REASON=CLOCK_JUMPED is implemented currently.]
 
+     CONSENSUS_ARRIVED
+        Tor has received and validated a new consensus networkstatus.
+        (This event can be delayed a little while after the consensus
+        is received, if Tor needs to fetch certificates.)
+
      DANGEROUS_PORT
      "PORT=" port
      "RESULT=" "REJECT" / "WARN"
diff --git a/proposals/313-relay-ipv6-stats.txt b/proposals/313-relay-ipv6-stats.txt
index bd546b5..7f15e8d 100644
--- a/proposals/313-relay-ipv6-stats.txt
+++ b/proposals/313-relay-ipv6-stats.txt
@@ -320,13 +320,7 @@ Ticket: #33159
    believe it is safe to collect the smaller IPv6 totals on bridges. The new
    consensus parameter should also be ignored on bridges.
 
-   The existing connection direction statistics are not reported by default,
-   but almost all relays actually report them. For more details, see:
-   [Ticket 33214: ConnDirectionStatistics is off by default, but most relays
-   report it].
-
-   If we fix the ConnDirectionStatistics default in Tor 0.4.4, we should also
-   implement the ConnDirectionStatistics consensus parameter. Then we can set
+   If we implement the ConnDirectionStatistics consensus parameter, we can set
    the consensus parameter to 1 for a week or two, so we can collect these
    statistics.
 
@@ -391,9 +385,6 @@ References:
 [Relay Search]:
    https://metrics.torproject.org/rs.html
 
-[Ticket 33214: ConnDirectionStatistics is off by default, but most relays report it]:
-   https://trac.torproject.org/projects/tor/ticket/12377
-
 [Tor Directory Protocol]:
    (version 3) https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt
 
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index ccd5992..b067731 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -1198,7 +1198,7 @@ Table of contents:
 
      "auth-client" SP client-id SP iv SP encrypted-cookie
 
-      [Any number]
+      [At least once]
 
       When client authorization is enabled, the hidden service inserts an
       "auth-client" line for each of its authorized clients. If client
@@ -1379,11 +1379,11 @@ Table of contents:
 
           [Exactly once per introduction point]
 
-          The certificate is a proposal 220 certificate wrapped in
-          "-----BEGIN ED25519 CERT-----", cross-certifying the descriptor
-          signing key with the introduction point authentication key, which
-          is included in the mandatory signing-key extension.  The certificate
-          type must be [09].
+          The certificate is a proposal 220 certificate wrapped in "-----BEGIN
+          ED25519 CERT-----" cross-certifying the introduction point
+          authentication key using the descriptor signing key. The introduction
+          point authentication key is included in the mandatory signing-key
+          extension.  The certificate type must be [09].
 
         "enc-key" SP "ntor" SP key NL
 
@@ -1396,8 +1396,8 @@ Table of contents:
 
           [Exactly once per introduction point]
 
-          Cross-certification of the descriptor signing key by the encryption
-          key.
+          Cross-certification of the encryption key using the descriptor
+          signing key.
 
           For "ntor" keys, certificate is a proposal 220 certificate wrapped
           in "-----BEGIN ED25519 CERT-----" armor, cross-certifying the
@@ -1424,9 +1424,8 @@ Table of contents:
           MUST be present if "legacy-key" is present.
 
           The certificate is a proposal 220 RSA->Ed cross-certificate wrapped
-          in "-----BEGIN CROSSCERT-----" armor, cross-certifying the
-          descriptor signing key with the RSA public key found in
-          "legacy-key".
+          in "-----BEGIN CROSSCERT-----" armor, cross-certifying the the RSA
+          public key found in "legacy-key" using the descriptor signing key.
 
    To remain compatible with future revisions to the descriptor format,
    clients should ignore unrecognized lines in the descriptor.
@@ -1465,9 +1464,15 @@ Table of contents:
 
        SALT       hashed random bytes from above  [16 bytes]
        ENCRYPTED  The ciphertext                  [variable]
-       MAC        MAC of both above fields        [32 bytes]
+       MAC        D_MAC of both above fields      [32 bytes]
 
-   The final encryption format is ENCRYPTED = STREAM(SECRET_IV,SECRET_KEY) XOR Plaintext
+   The final encryption format is ENCRYPTED = STREAM(SECRET_IV,SECRET_KEY) XOR Plaintext .
+
+   Where D_MAC = H(mac_key_len | MAC_KEY | salt_len | SALT | ENCRYPTED)
+   and
+    mac_key_len = htonll(len(MAC_KEY))
+   and
+    salt_len = htonll(len(SALT)).
 
 2.5.4. Number of introduction points [NUM_INTRO_POINT]