diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-01-10 15:45:59 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-01-10 15:45:59 -0500 |
commit | 3c0422acc464a9da74bc35d3027ae966bf59d8d0 (patch) | |
tree | 7a9f51f01cdc20ff41608eb94eea2ef6eb267ce9 | |
parent | eee061542a7d4e9b62e64bbedc4dd583fe02e583 (diff) | |
download | torspec-3c0422acc464a9da74bc35d3027ae966bf59d8d0.tar.gz torspec-3c0422acc464a9da74bc35d3027ae966bf59d8d0.zip |
Add 240, tweak 227
-rw-r--r-- | proposals/000-index.txt | 2 | ||||
-rw-r--r-- | proposals/227-vote-on-package-fingerprints.txt | 5 | ||||
-rw-r--r-- | proposals/240-auth-cert-revocation.txt | 48 |
3 files changed, 52 insertions, 3 deletions
diff --git a/proposals/000-index.txt b/proposals/000-index.txt index 9af0405..b8d4490 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -160,6 +160,7 @@ Proposals by number: 237 All relays are directory servers [OPEN] 238 Better hidden service stats from Tor relays [DRAFT] 239 Consensus Hash Chaining [DRAFT] +240 Early signing key revocation for directory authorities [DRAFT] Proposals by status: @@ -184,6 +185,7 @@ Proposals by status: 235 Stop assigning (and eventually supporting) the Named flag [for 0.2.5] 238 Better hidden service stats from Tor relays 239 Consensus Hash Chaining + 240 Early signing key revocation for directory authorities NEEDS-REVISION: 131 Help users to verify they are using Tor 190 Bridge Client Authorization Based on a Shared Secret diff --git a/proposals/227-vote-on-package-fingerprints.txt b/proposals/227-vote-on-package-fingerprints.txt index d82f76c..83ac3da 100644 --- a/proposals/227-vote-on-package-fingerprints.txt +++ b/proposals/227-vote-on-package-fingerprints.txt @@ -31,12 +31,11 @@ Status: Open VERSION = NONSPACE URL = NONSPACE DIGESTS = DIGEST | DIGESTS SP DIGEST - DIGEST = DIGESTTYPE "=" BASE64 + DIGEST = DIGESTTYPE "=" DIGESTVAL NONSPACE = one or more non-space printing characters - BASE64 = one or more base-64 characters, with trailing =s - removed. + DIGESTVAL = any number of non-=, non-" " characters. SP = " " NL = a newline diff --git a/proposals/240-auth-cert-revocation.txt b/proposals/240-auth-cert-revocation.txt new file mode 100644 index 0000000..fa426ca --- /dev/null +++ b/proposals/240-auth-cert-revocation.txt @@ -0,0 +1,48 @@ +Filename: 240-auth-cert-revocation.txt +Title: Early signing key revocation for directory authorities. +Author: Nick Mathewson +Created: 09-Jan-2015 +Status: Draft + +1. Overview + + This proposal describes a simple way for directory authorities to + perform signing key revocation. + +2. Specification + + We add the following lines to the authority signing certificate + format: + + revoked-signing-key SP algname SP FINGERPRINT NL + + This line may appear zero or more times. + + It indicates that a particular not-yet-expired signing key should not + be used. + +3. Client and cache operation + + No client or cache should retain, use, or serve any certificate whose + signing key is described in a revoked-signing-key line in a + certificate with the same authority identity key. (If the signing + key fingerprint appears in a cert with a different identity key, it + has no effect: you aren't allowed to revoke other people's keys.) + + No Tor instance should download a certificate whose signing + key,identity key combination is known to be revoked. + +4. Authority operator interface. + + The 'tor-gencert' command will take a number of older certificates to + revoke as optional command-line arguments. It will include their + keys in revoked-signing-key lines only if they are still valid, or + have been expired for no more than a month. + +5. Circular revocation + + My first attempt at writing a proposal here included a lengthy + section about how to handle cases where certificate A revokes the key + of certificate B, and certificate B revokes the key of certificate A. + + Instead, I am inclined to say that this is a MUST NOT. |