Merge remote-tracking branch 'tor-gitlab/mr/72'

1 files changed, 37 insertions, 14 deletions

diff --git a/proposals/326-tor-relay-well-known-uri-rfc8615.md b/proposals/326-tor-relay-well-known-uri-rfc8615.md
index 4f13835..2f820ea 100644
--- a/proposals/326-tor-relay-well-known-uri-rfc8615.md
+++ b/proposals/326-tor-relay-well-known-uri-rfc8615.md
@@ -10,22 +10,23 @@ Status: Open
 
 This is a specification for a well-known [registry](https://www.iana.org/assignments/well-known-uris/) entry according to [RFC8615](https://tools.ietf.org/html/rfc8615).
 
-This resource identifier can be used for serving and finding proofs related to [Tor](https://www.torproject.org/) relay contact information.
-It can also be used for autodiscovery of Tor relays run by a given entity, if the entity domain is known.
-It solves the issue that Tor relay contact information is an unidirectional and unverified claim by nature.
+This resource identifier can be used for serving and finding proofs related to [Tor](https://www.torproject.org/) relay and bridge contact information.
+It can also be used for autodiscovery of Tor relays run by a given entity, if the entity's domain is known.
+It solves the issue that Tor relay/bridge contact information is an unidirectional and unverified claim by nature.
 This well-known URI aims to allow the verification of the unidirectional claim.
-It aims to reduce the risk of impersonation attacks, where a Tor relay claims to be operated by a certain entity, but actually isn't.
-The automated verification will also support the [visualization of relay groups](https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001).
+It aims to reduce the risk of impersonation attacks, where a Tor relay/bridge claims to be operated by a certain entity, but actually isn't.
+The automated verification will also support the [visualization of relay/bridge groups](https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001).
 
-* An initially (unverified) Tor relay contact information might claim to be related to an
-organization by pointing to its website: Tor relay contact information field -> website
-* The "tor-relay" URI allows for the verification of that claim by fetching the files containing Tor relay ID(s) under the specified URI, 
-because attackers can not easily place these files at the given location.
+* An initially (unverified) Tor relay or bridge contact information might claim to be related to an
+organization by pointing to its website: Tor relay/bridge contact information field -> website
+* The "tor-relay" URI allows for the verification of that claim by fetching the files containing Tor relay ID(s) or hashed bridge fingerprints
+under the specified URI, because attackers can not easily place these files at the given location.
 
-* By publishing Tor relay IDs under this URI the website operator claims to be the responsible entity for these Tor relays.
-The verification of listed Tor relay IDs only succeeds if the claim can be verified bidirectionally (website -> relay and relay -> website).
+* By publishing Tor relay IDs or hashed bridge IDs under this URI the website operator claims to be the responsible entity for these Tor relays/bridges.
+The verification of listed Tor relay/bridge IDs only succeeds if the claim can be verified bidirectionally 
+(website -> relay/bridge and relay/bridge -> website).
 
-* This URI is not related to Tor bridges or Tor onion services.
+* This URI is not related to Tor onion services.
 
 * The URL MUST be HTTPS and use a valid TLS certificate from a generally trusted root CA. Plain HTTP MUST not be used.
 
@@ -34,13 +35,13 @@ The verification of listed Tor relay IDs only succeeds if the claim can be verif
 ## /.well-known/tor-relay/rsa-fingerprint.txt
 
 * The file contains one or more Tor relay RSA SHA1 fingerprints operated by the entity in control of this website.
-* Each line contains one fingerprint.
+* Each line contains one relay fingerprint.
+* The file MUST NOT contain fingerprints of Tor bridges (or hashes of bridge fingerprints). For bridges see the file `hashed-bridge-rsa-fingerprint.txt`.
 * The file may contain comments (starting with #).
 * Non-comment lines must be exactly 40 characters long and consist of the following characters [a-fA-F0-9].
 * Fingerprints are not case-sensitive.
 * Each fingerprint MUST appear at most once.
 * The file MUST not be larger than one MByte.
-* The file MUST NOT contain fingerprints of Tor bridges (or hashes of bridge fingerprints).
 * The content MUST be a media type of "text/plain".
 
 Example file content:
@@ -55,6 +56,7 @@ The RSA SHA1 relay fingerprint can be found in the file named "fingerprint" loca
 ## /.well-known/tor-relay/ed25519-master-pubkey.txt
 
 * The file contains one or more ed25519 Tor relay public master keys of relays operated by the entity in control of this website.
+* This file is not relevant for bridges.
 * Each line contains one public ed25519 master key in its base64 encoded form.
 * The file may contain comments (starting with #).
 * Non-comment lines must be exactly 43 characters long and consist of the following characters [a-zA-z0-9/+].
@@ -73,6 +75,27 @@ bHzOT41w56KHh+w6TYwUhN4KrGwPWQWJX04/+tw/+RU
 
 The base64 encoded ed25519 public master key can be found in the file named "fingerprint-ed25519" located in the Tor data directory on the relay.
 
+## /.well-known/tor-relay/hashed-bridge-rsa-fingerprint.txt
+
+* The file contains one or more SHA1 hashed Tor bridge SHA1 fingerprints operated by the entity in control of this website.
+* Each line contains one hashed bridge fingerprint.
+* The file may contain comments (starting with #).
+* Non-comment lines must be exactly 40 characters long and consist of the following characters [a-fA-F0-9].
+* Hashed fingerprints are not case-sensitive.
+* Each hashed fingerprint MUST appear at most once.
+* The file MUST not be larger than one MByte.
+* The file MUST NOT contain fingerprints of Tor relays.
+* The content MUST be a media type of "text/plain".
+
+Example file content:
+
+```
+# we operate these Tor bridges
+1234567890123456789012345678901234567ABC
+4234567890123456789012345678901234567890
+```
+
+The hashed Tor bridge fingerprint can be found in the file named "hashed-fingerprint" located in the Tor data directory on the bridge.
 
 # Change Controller