diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-10-14 14:36:12 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2023-10-14 14:36:12 -0400 |
commit | 2f357f50a0775cc684169e83d21e8e87c97bfc90 (patch) | |
tree | 5ba083d885078beed5ea3d73d37fd1eccc3153fe /spec/dir-spec/accepting-relay-documents.md | |
parent | 4ba45dfd9afd08edeb46243127a480f1d23b9640 (diff) | |
download | torspec-2f357f50a0775cc684169e83d21e8e87c97bfc90.tar.gz torspec-2f357f50a0775cc684169e83d21e8e87c97bfc90.zip |
Rename all long files.
Diffstat (limited to 'spec/dir-spec/accepting-relay-documents.md')
-rw-r--r-- | spec/dir-spec/accepting-relay-documents.md | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/spec/dir-spec/accepting-relay-documents.md b/spec/dir-spec/accepting-relay-documents.md new file mode 100644 index 0000000..b507b9c --- /dev/null +++ b/spec/dir-spec/accepting-relay-documents.md @@ -0,0 +1,52 @@ +<a id="dir-spec.txt-3.2"></a> + +## Accepting server descriptor and extra-info document uploads + +When a router posts a signed descriptor to a directory authority, the +authority first checks whether it is well-formed and correctly +self-signed. If it is, the authority next verifies that the nickname +in question is not already assigned to a router with a different +public key. +Finally, the authority MAY check that the router is not blacklisted +because of its key, IP, or another reason. + +An authority also keeps a record of all the Ed25519/RSA1024 +identity key pairs that it has seen before. It rejects any +descriptor that has a known Ed/RSA identity key that it has +already seen accompanied by a different RSA/Ed identity key +in an older descriptor. + +At a future date, authorities will begin rejecting all +descriptors whose RSA key was previously accompanied by an +Ed25519 key, if the descriptor does not list an Ed25519 key. + +At a future date, authorities will begin rejecting all descriptors +that do not list an Ed25519 key. + +If the descriptor passes these tests, and the authority does not already +have a descriptor for a router with this public key, it accepts the +descriptor and remembers it. + +If the authority _does_ have a descriptor with the same public key, the +newly uploaded descriptor is remembered if its publication time is more +recent than the most recent old descriptor for that router, and either: + +```text + - There are non-cosmetic differences between the old descriptor and the + new one. + - Enough time has passed between the descriptors' publication times. + (Currently, 2 hours.) +``` + +Differences between server descriptors are "non-cosmetic" if they would be +sufficient to force an upload as described in section 2.1 above. + +Note that the "cosmetic difference" test only applies to uploaded +descriptors, not to descriptors that the authority downloads from other +authorities. + +When a router posts a signed extra-info document to a directory authority, +the authority again checks it for well-formedness and correct signature, +and checks that its matches the extra-info-digest in some router +descriptor that it believes is currently useful. If so, it accepts it and +stores it and serves it as requested. If not, it drops it. |