diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2023-01-17 13:21:26 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2023-01-19 10:20:45 -0500 |
commit | b63106887099ad4bbfcd21623ab29a4b9583048c (patch) | |
tree | 6e14e04af475faabf6d7bdd988716718d67ebba0 /rend-spec-v3.txt | |
parent | e3dd51226418f13d13eb86de58d955787fa3709e (diff) | |
download | torspec-b63106887099ad4bbfcd21623ab29a4b9583048c.tar.gz torspec-b63106887099ad4bbfcd21623ab29a4b9583048c.zip |
rend-spec: Clarify and slightly reword credential explanation
Introduce the credential and subcredential before we use them.
Talk about the public identity key rather than the credential,
when we can.
Diffstat (limited to 'rend-spec-v3.txt')
-rw-r--r-- | rend-spec-v3.txt | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index d72c36f..dacdaa9 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -495,12 +495,19 @@ Table of contents: hidden service descriptors are not signed with the services' public keys directly. Instead, we use a key-blinding system [KEYBLIND] to create a new key-of-the-day for each hidden service. Any client that - knows the hidden service's credential can derive these blinded + knows the hidden service's public identity key can derive these blinded signing keys for a given period. It should be impossible to derive - the blinded signing key lacking that credential. + the blinded signing key lacking that knowledge. + + This is achieved using two nonces: + + * A "credential", derived from the public identity key KP_hsid. + + * A "subcredential", derived from the credential N_hs_cred + and information which various with the current time period. The body of each descriptor is also encrypted with a key derived from - the credential. + the public signing key. To avoid a "thundering herd" problem where every service generates and uploads a new descriptor at the start of each period, each |