Try to make the description of RSA checking more MUSTy

author: Nick Mathewson <nickm@torproject.org> 2023-12-14 12:57:48 -0500
committer: Nick Mathewson <nickm@torproject.org> 2023-12-14 12:57:48 -0500
commit: c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3 (patch)
tree: 5c9cb48a3310a3ed5ee5a4ddec0c345ed0e78c00 /spec/tor-spec
parent: 67e7996b7150a003e816e73d547b78eb4ce22c8b (diff)
download: torspec-c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3.tar.gz
torspec-c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md
index 5b79a85..be4eab5 100644
--- a/spec/tor-spec/negotiating-channels.md
+++ b/spec/tor-spec/negotiating-channels.md
@@ -255,6 +255,9 @@ to find the other party's
 A party with a given `KP_relayid_ed` identity key
 also has a given `KP_relayid_rsa` legacy identity key
 when all of the following are true.
+(A party MUST NOT conclude that an RSA identity key
+is associated with a channel
+without checking these properties.)
 
 - The CERTS cell contains exactly one CertType 2
   `RSA_ID_X509` certificate.
author	Nick Mathewson <nickm@torproject.org>	2023-12-14 12:57:48 -0500
committer	Nick Mathewson <nickm@torproject.org>	2023-12-14 12:57:48 -0500
commit	c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3 (patch)
tree	5c9cb48a3310a3ed5ee5a4ddec0c345ed0e78c00 /spec/tor-spec
parent	67e7996b7150a003e816e73d547b78eb4ce22c8b (diff)
download	torspec-c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3.tar.gz torspec-c80bb75db52a3dbc83aaa8e01575a0bf650bfdf3.zip