diff options
author | David Goulet <dgoulet@torproject.org> | 2016-08-24 13:17:28 -0400 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2016-08-24 13:17:28 -0400 |
commit | d0e79a351cfcadbd6ce654521d416ac04c6f9f7c (patch) | |
tree | 96a7c17acdedc573da30444d684936c5631efa87 /proposals/224-rend-spec-ng.txt | |
parent | d4607a7d2e24ef304021a6e88824647ec330b7f3 (diff) | |
download | torspec-d0e79a351cfcadbd6ce654521d416ac04c6f9f7c.tar.gz torspec-d0e79a351cfcadbd6ce654521d416ac04c6f9f7c.zip |
prop224: Change format of enc-key cross certification
Use a more standard format from Tor and proposal 220 instead of our own
construction.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'proposals/224-rend-spec-ng.txt')
-rw-r--r-- | proposals/224-rend-spec-ng.txt | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index 9833b49..fd0f76c 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -1036,17 +1036,16 @@ Table of contents: Cross-certification of the descriptor signing key by the enc-key. The format of this certificate depends on the type of enc-key. - For "ntor" keys, certificate is a proposal 220 certificate in - "-----BEGIN ED25519 CERT-----" armor, cross-certifying the + For "ntor" keys, certificate is a proposal 220 certificate wrapped + in "-----BEGIN ED25519 CERT-----" armor, cross-certifying the descriptor signing key with the ed25519 equivalent of the curve25519 public key from "enc-key" derived using the process in proposal 228 appendix A. The certificate type must be [10], and the signing-key extension is mandatory. - For "legacy" keys, certificate is an RSA signature wrapped in - "-----BEGIN SIGNATURE-----" of the digest: - H("legacy introduction point encryption key" | ED25519_KEY) - ED25519_KEY is the 32 byte descriptor signing public key. + For "legacy" keys, certificate is a proposal 220 certificate wrapped + in "-----BEGIN CROSSCERT-----" armor, cross-certifying the + descriptor signing key with the legacy RSA encryption key. To remain compatible with future revisions to the descriptor format, clients should ignore unrecognized lines in the descriptor. |