diff options
author | Gabriela Moldovan <gabi@torproject.org> | 2023-06-05 19:52:30 +0100 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2023-06-20 09:38:44 -0400 |
commit | aa68b6c62fd57157bf111c96ed45fb8c539e865a (patch) | |
tree | e5e846276c271c08c255a64b19ccf1546a61504d /rend-spec-v3.txt | |
parent | cf44439a2c4cbbf843c66ea24f1842266a566d80 (diff) | |
download | torspec-aa68b6c62fd57157bf111c96ed45fb8c539e865a.tar.gz torspec-aa68b6c62fd57157bf111c96ed45fb8c539e865a.zip |
rend-spec: Document directory behaviour for handling descriptor uploads.
This adds a paragraph describing the checks hidden service directories
are supposed to perform before accepting a descriptor upload.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
Diffstat (limited to 'rend-spec-v3.txt')
-rw-r--r-- | rend-spec-v3.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 53880db..bbe7b91 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -995,6 +995,28 @@ Table of contents: Consider that the service is at 01:00 right after SRV#2: it will upload its second descriptor using TP#2 and SRV#2. +2.2.4.3. Directory behavior for handling descriptor uploads [DIRUPLOAD] + + Upon receiving a hidden service descriptor publish request, directories MUST + check the following: + + * The outer wrapper of the descriptor can be parsed according to + [DESC-OUTER] + * The version-number of the descriptor is "3" + * If the directory has already cached a descriptor for this hidden service, + the revision-counter of the uploaded descriptor must be greater than the + revision-counter of the cached one + * The descriptor signature is valid + + If any of these basic validity checks fails, the directory MUST reject the + descriptor upload. + + NOTE: Even if the descriptor passes the checks above, its first and second + layers could still be invalid: directories cannot validate the encrypted + layers of the descriptor, as they do not have access to the public key of the + service (required for decrypting the first layer of encryption), or the + necessary client credentials (for decrypting the second layer). + 2.2.5. Expiring hidden service descriptors [EXPIRE-DESC] Hidden services set their descriptor's "descriptor-lifetime" field to 180 |