diff options
author | Nick Mathewson <nickm@torproject.org> | 2022-06-10 10:21:27 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2022-06-10 10:21:27 -0400 |
commit | a5a88998989ec1123d07cf12f204f78ae0db9750 (patch) | |
tree | 71011d310e13f393849cae05c5a10576b80f197a | |
parent | b29e64e5617f83131bc56b5d851c4dd6c27e510d (diff) | |
parent | 7e505e651695122fd46404643ca9ea149bbfbb13 (diff) | |
download | torspec-a5a88998989ec1123d07cf12f204f78ae0db9750.tar.gz torspec-a5a88998989ec1123d07cf12f204f78ae0db9750.zip |
Merge remote-tracking branch 'tor-gitlab/mr/72'
-rw-r--r-- | proposals/326-tor-relay-well-known-uri-rfc8615.md | 51 |
1 files changed, 37 insertions, 14 deletions
diff --git a/proposals/326-tor-relay-well-known-uri-rfc8615.md b/proposals/326-tor-relay-well-known-uri-rfc8615.md index 4f13835..2f820ea 100644 --- a/proposals/326-tor-relay-well-known-uri-rfc8615.md +++ b/proposals/326-tor-relay-well-known-uri-rfc8615.md @@ -10,22 +10,23 @@ Status: Open This is a specification for a well-known [registry](https://www.iana.org/assignments/well-known-uris/) entry according to [RFC8615](https://tools.ietf.org/html/rfc8615). -This resource identifier can be used for serving and finding proofs related to [Tor](https://www.torproject.org/) relay contact information. -It can also be used for autodiscovery of Tor relays run by a given entity, if the entity domain is known. -It solves the issue that Tor relay contact information is an unidirectional and unverified claim by nature. +This resource identifier can be used for serving and finding proofs related to [Tor](https://www.torproject.org/) relay and bridge contact information. +It can also be used for autodiscovery of Tor relays run by a given entity, if the entity's domain is known. +It solves the issue that Tor relay/bridge contact information is an unidirectional and unverified claim by nature. This well-known URI aims to allow the verification of the unidirectional claim. -It aims to reduce the risk of impersonation attacks, where a Tor relay claims to be operated by a certain entity, but actually isn't. -The automated verification will also support the [visualization of relay groups](https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001). +It aims to reduce the risk of impersonation attacks, where a Tor relay/bridge claims to be operated by a certain entity, but actually isn't. +The automated verification will also support the [visualization of relay/bridge groups](https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001). -* An initially (unverified) Tor relay contact information might claim to be related to an -organization by pointing to its website: Tor relay contact information field -> website -* The "tor-relay" URI allows for the verification of that claim by fetching the files containing Tor relay ID(s) under the specified URI, -because attackers can not easily place these files at the given location. +* An initially (unverified) Tor relay or bridge contact information might claim to be related to an +organization by pointing to its website: Tor relay/bridge contact information field -> website +* The "tor-relay" URI allows for the verification of that claim by fetching the files containing Tor relay ID(s) or hashed bridge fingerprints +under the specified URI, because attackers can not easily place these files at the given location. -* By publishing Tor relay IDs under this URI the website operator claims to be the responsible entity for these Tor relays. -The verification of listed Tor relay IDs only succeeds if the claim can be verified bidirectionally (website -> relay and relay -> website). +* By publishing Tor relay IDs or hashed bridge IDs under this URI the website operator claims to be the responsible entity for these Tor relays/bridges. +The verification of listed Tor relay/bridge IDs only succeeds if the claim can be verified bidirectionally +(website -> relay/bridge and relay/bridge -> website). -* This URI is not related to Tor bridges or Tor onion services. +* This URI is not related to Tor onion services. * The URL MUST be HTTPS and use a valid TLS certificate from a generally trusted root CA. Plain HTTP MUST not be used. @@ -34,13 +35,13 @@ The verification of listed Tor relay IDs only succeeds if the claim can be verif ## /.well-known/tor-relay/rsa-fingerprint.txt * The file contains one or more Tor relay RSA SHA1 fingerprints operated by the entity in control of this website. -* Each line contains one fingerprint. +* Each line contains one relay fingerprint. +* The file MUST NOT contain fingerprints of Tor bridges (or hashes of bridge fingerprints). For bridges see the file `hashed-bridge-rsa-fingerprint.txt`. * The file may contain comments (starting with #). * Non-comment lines must be exactly 40 characters long and consist of the following characters [a-fA-F0-9]. * Fingerprints are not case-sensitive. * Each fingerprint MUST appear at most once. * The file MUST not be larger than one MByte. -* The file MUST NOT contain fingerprints of Tor bridges (or hashes of bridge fingerprints). * The content MUST be a media type of "text/plain". Example file content: @@ -55,6 +56,7 @@ The RSA SHA1 relay fingerprint can be found in the file named "fingerprint" loca ## /.well-known/tor-relay/ed25519-master-pubkey.txt * The file contains one or more ed25519 Tor relay public master keys of relays operated by the entity in control of this website. +* This file is not relevant for bridges. * Each line contains one public ed25519 master key in its base64 encoded form. * The file may contain comments (starting with #). * Non-comment lines must be exactly 43 characters long and consist of the following characters [a-zA-z0-9/+]. @@ -73,6 +75,27 @@ bHzOT41w56KHh+w6TYwUhN4KrGwPWQWJX04/+tw/+RU The base64 encoded ed25519 public master key can be found in the file named "fingerprint-ed25519" located in the Tor data directory on the relay. +## /.well-known/tor-relay/hashed-bridge-rsa-fingerprint.txt + +* The file contains one or more SHA1 hashed Tor bridge SHA1 fingerprints operated by the entity in control of this website. +* Each line contains one hashed bridge fingerprint. +* The file may contain comments (starting with #). +* Non-comment lines must be exactly 40 characters long and consist of the following characters [a-fA-F0-9]. +* Hashed fingerprints are not case-sensitive. +* Each hashed fingerprint MUST appear at most once. +* The file MUST not be larger than one MByte. +* The file MUST NOT contain fingerprints of Tor relays. +* The content MUST be a media type of "text/plain". + +Example file content: + +``` +# we operate these Tor bridges +1234567890123456789012345678901234567ABC +4234567890123456789012345678901234567890 +``` + +The hashed Tor bridge fingerprint can be found in the file named "hashed-fingerprint" located in the Tor data directory on the bridge. # Change Controller |