diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-10-01 14:15:08 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-10-01 14:15:08 -0400 |
commit | cc453f956b8f8979e7bfa2f17be7de5587da992a (patch) | |
tree | 3b6b2b6ebb3db00f4945ae6ad2ce385ec550bd8e /proposals/228-cross-certification-onionkeys.txt | |
parent | 51d8807bb652bfb0e0c23c9bdfc2ce39415e049f (diff) | |
download | torspec-cc453f956b8f8979e7bfa2f17be7de5587da992a.tar.gz torspec-cc453f956b8f8979e7bfa2f17be7de5587da992a.zip |
Update proposal 228 to reflect implementation status
Diffstat (limited to 'proposals/228-cross-certification-onionkeys.txt')
-rw-r--r-- | proposals/228-cross-certification-onionkeys.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/proposals/228-cross-certification-onionkeys.txt b/proposals/228-cross-certification-onionkeys.txt index d28b714..b3b401c 100644 --- a/proposals/228-cross-certification-onionkeys.txt +++ b/proposals/228-cross-certification-onionkeys.txt @@ -85,6 +85,8 @@ Status: Open Note that this cert format has 32 bytes of of redundant data, since it includes the identity key an extra time. That seems okay to me. + The signed key here is the master identity key. + The TYPE field in this certificate should be set to [0A] - ntor onion key cross-certifying ntor identity key @@ -151,3 +153,16 @@ B. Security notes oracle for our curve25519 ntor keys. Fortunately, we don't, since nobody else can influence the certificate contents. +C. Implementation notes + + As implemented in Tor, I've decided to make this proposal cross-dependent + on proposal 220. A router descriptor must have ALL or NONE + of the following: + * An Ed25529 identity key + * A TAP cross-certification + * An ntor cross-certification + + Further, if it has the above, it must also have: + * An ntor onion key. + + |