diff options
| author | Nick Mathewson <nickm@torproject.org> | 2023-11-22 17:31:43 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2023-11-22 17:31:43 +0000 |
| commit | 360808dd9670f9544f13a5bf5466b972d1c63588 (patch) | |
| tree | 165f3c295c58d2a18c0d4db3c1f105699fbe9e86 /spec/tor-spec | |
| parent | 7e608a189b4e0c85764399d01f5edf0e8e96c385 (diff) | |
| parent | 3c144ee285a97823fc06fca0e56e3af7b0bbf224 (diff) | |
| download | torspec-360808dd9670f9544f13a5bf5466b972d1c63588.tar.gz torspec-360808dd9670f9544f13a5bf5466b972d1c63588.zip | |
Merge branch 'certs-revision' into 'main'
Revise cert-spec
See merge request tpo/core/torspec!221
Diffstat (limited to 'spec/tor-spec')
| -rw-r--r-- | spec/tor-spec/relay-keys.md | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/spec/tor-spec/relay-keys.md b/spec/tor-spec/relay-keys.md index 8e2b955..6086819 100644 --- a/spec/tor-spec/relay-keys.md +++ b/spec/tor-spec/relay-keys.md @@ -45,7 +45,7 @@ is the same as the lifetime of the relay. Two identity keys are currently defined: -- `KP_relayid_ed`, `KS_relayid_ed`: +- <span id="relayid_ed">`KP_relayid_ed`, `KS_relayid_ed`:</span> An "ed25519 identity key", also sometimes called a "master identity key". @@ -56,7 +56,7 @@ Two identity keys are currently defined: which is used to sign other important keys and objects. -- `KP_relayid_rsa`, `KS_relayid_rsa`. +- <span id="relayid_rsa">`KP_relayid_rsa`, `KS_relayid_rsa`:</span> A _legacy_ "RSA identity key". This is an RSA key. @@ -79,13 +79,13 @@ Parties SHOULD NOT use the RSA identity on its own. We write `KP_relayid` to refer to a key which is either `KP_relayid_rsa` or `KP_relayid_ed`. -## Online signing keys +## Online signing keys {#online-signing} Since Tor's design tries to support keeping the high-value Ed25519 relay identity key offline, we need a corresponding key that can be used for online signing: -- `KP_relaysign_ed`, `KS_relaysign_ed`: +- <span id="relaysign_ed">`KP_relaysign_ed`, `KS_relaysign_ed`:</span> A medium-term Ed25519 "signing" key. This key is signed by the identity key `KP_relayid_ed`, and must be kept online. @@ -94,6 +94,11 @@ we need a corresponding key that can be used for online signing: including directory objects, and certificates for other keys. +When this key is generated, +it needs to be signed with the `KP_relayid_ed` key, +producing a [certificate of type `IDENTITY_V_SIGNING`](../cert-spec.md). +The `KP_relayid_ed` key is not used for anything else. + ## Circuit extension keys @@ -120,13 +125,13 @@ after publishing any new key. There are two current kinds of circuit extension keys: -- `KP_ntor`, `KS_ntor`: +- <span id="ntor">`KP_ntor`, `KS_ntor`</span>: A curve25519 key used for the [`ntor`](./create-created-cells.md#ntor) and [`ntorv3`](./create-created-cells.md#ntor-v3) circuit extension handshakes. -- `KP_onion_tap`, `KS_onion_tap`: +- <span id="onion_tap">`KP_onion_tap`, `KS_onion_tap`</span>: A 1024 bit RSA key used for the obsolete [`TAP`](./create-created-cells.md#ntor) circuit extension handshake. @@ -145,12 +150,12 @@ and SHOULD rotate them frequently—typically, at least once a day. handshake distinction. As it stands I'm not at all sure I can describe them correctly. --> -- `KP_legacy_conn_tls`, `KS_legacy_conn_tls`: +- <span id="legacy_conn_tls">`KP_legacy_conn_tls`, `KS_legacy_conn_tls`</span>: A short-term RSA "Connection key" used to negotiate TLS connections. Tor implementations MAY rotate this key as often as they like, and SHOULD rotate this key at least once a day. -- `KP_link_ed`, `KS_link_ed`. +- <span id="link_ed">`KP_link_ed`, `KS_link_ed`</span>. A short-term Ed25519 "link authentication" key, used to authenticate the link handshake: see ["Negotiating and initializing channels"](./negotiating-channels.md#negotiating). |