diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-01 10:07:43 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-01 10:07:43 -0400 |
| commit | 51d8807bb652bfb0e0c23c9bdfc2ce39415e049f (patch) | |
| tree | b67687cbf469c88f00dcf8a1e6012ffa7e21d8c7 /proposals/220-ecc-id-keys.txt | |
| parent | 38e1ccdecac69be6651fc6d0ffb0b7c0f68ae3ed (diff) | |
| download | torspec-51d8807bb652bfb0e0c23c9bdfc2ce39415e049f.tar.gz torspec-51d8807bb652bfb0e0c23c9bdfc2ce39415e049f.zip | |
Bring more proposal 220 sections in sync with implementation
Diffstat (limited to 'proposals/220-ecc-id-keys.txt')
| -rw-r--r-- | proposals/220-ecc-id-keys.txt | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 95ed4dd..f669f57 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -186,9 +186,10 @@ Status: Draft We specify the following element that may appear at most once in each router descriptor: - "identity-ed25519" SP certificate NL + "identity-ed25519" NL "-----BEGIN ED25519 CERT-----" NL certificate + "-----END ED25519 CERT-----" NL - The identity-key and certificate are base64-encoded with + The certificate is base64-encoded with terminating =s removed. When this element is present, it MUST appear as the first or second element in the router descriptor. [XXX The rationale here is to allow extracting the identity key and @@ -200,15 +201,15 @@ Status: Draft can extract the identity key. When an identity-ed25519 element is present, there must also be a - "router-signature-ed25519" element. It MUST be the next-to-last - element in the descriptor, appearing immediately before the RSA - signature. (In future versions of the descriptor format that do not - require an RSA identity key, it MUST be last.) It MUST contain an - ed25519 signature of the entire document, from the first character up - to but not including the "router-signature-ed25519" element, prefixed + "router-sig-ed25519" element. It MUST be the next-to-last element in + the descriptor, appearing immediately before the RSA signature. (In + future versions of the descriptor format that do not require an RSA + identity key, it MUST be last.) It MUST contain an ed25519 signature + of a SHA256 digest of the entire document, from the first character + up to but not including the "router-sig-ed25519" element, prefixed with the string "Tor router descriptor signature v1". Its format is: - "router-signature-ed25519" SP signature NL + "router-sig-ed25519" SP signature NL Where 'signature' is encoded in base64 with terminating =s removed. |