diff options
author | Nick Mathewson <nickm@torproject.org> | 2013-08-13 21:12:02 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-08-13 21:12:02 -0400 |
commit | 5380544e8e30408c30c057a3f4b8157815b0a059 (patch) | |
tree | ec17fb778c6bc6367517fb29e319e7b211dbcd5c /proposals/220-ecc-id-keys.txt | |
parent | 792eba1646d9fed8a93c91e5b5f705e7b8f4ffbe (diff) | |
download | torspec-5380544e8e30408c30c057a3f4b8157815b0a059.tar.gz torspec-5380544e8e30408c30c057a3f4b8157815b0a059.zip |
220-ecc-id-keys: fix gaps noted by Sebastian G
Diffstat (limited to 'proposals/220-ecc-id-keys.txt')
-rw-r--r-- | proposals/220-ecc-id-keys.txt | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 1c112b9..ebbc3b5 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -188,7 +188,7 @@ Status: Draft currently check. * If the identity-ed25519 line is present, it must be well-formed, and the certificate must be well-formed and correctly signed, - and there must be a valid. + and there must be a valid router-signature-ed25519 signature. * If we require an ed25519 key for this node (see 3.1 below), the ed25519 key must be present. @@ -467,14 +467,17 @@ Status: Draft When we need to indicate an Ed25519 identity key in an hostname format (as in a .exit address), we use the lowercased version of the - name, and perform a case-insensitive match. (This loses us one bit - per byte of name, + name, and perform a case-insensitive match. (This loses us a little + less than one bit per byte of name, leaving plenty of bits to make + sure we choose the right node.) - Nodes must not list Ed25519 identities in their family lines; clients - and authorities must not honor them there. + Nodes must not list Ed25519 identities in their family lines; clients and + authorities must not honor them there. (Doing so would make different + clients change paths differently in a possibly manipulatable way.) Clients shouldn't accept .exit addresses with Ed25519 names on SOCKS - or DNS ports by default, even when AllowDotExit is set. + or DNS ports by default, even when AllowDotExit is set. We can add + another option for the later if there's a good reason to have this. We need an identity-to-node map for ECC identity and for RSA identity. @@ -515,4 +518,3 @@ Status: Draft * Ed25519 support for hidden services * Bridge identity support. * Ed25519-aware family support - * |