diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-12-14 13:08:20 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2023-12-14 13:08:20 -0500 |
commit | 6a8e4a85280f5ec37dd6a2a546c9108d7480fa66 (patch) | |
tree | f010eac634dfdc92cc157a6caa6a9a73609c0b86 /spec | |
parent | 2825753c0b09e73ed594ae309dabc74c8bafe5bf (diff) | |
download | torspec-6a8e4a85280f5ec37dd6a2a546c9108d7480fa66.tar.gz torspec-6a8e4a85280f5ec37dd6a2a546c9108d7480fa66.zip |
Try to be more explicit about when initiator authentication happens
Diffstat (limited to 'spec')
-rw-r--r-- | spec/tor-spec/channels.md | 10 | ||||
-rw-r--r-- | spec/tor-spec/negotiating-channels.md | 18 |
2 files changed, 19 insertions, 9 deletions
diff --git a/spec/tor-spec/channels.md b/spec/tor-spec/channels.md index 046181b..a649409 100644 --- a/spec/tor-spec/channels.md +++ b/spec/tor-spec/channels.md @@ -24,11 +24,15 @@ of one or more [**relay identities**](./relay-keys.md), using a [handshake](./negotiating-channels.md) that combines TLS facilities and a series of Tor messages. -The initiator MAY prove cryptographic ownership -of their own relay identities, -if they have any: + +<span id="does-initiator-authenticate"> +As part of this handshake, +the initiator MAY also prove cryptographic ownership +of its own relay identities, +if it has any: public relays SHOULD prove their identities when they initiate a channel, whereas clients and bridges SHOULD NOT do so. +</span> Parties should usually reuse an existing channel rather than opening new a channel to the same relay. diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md index be4eab5..5734728 100644 --- a/spec/tor-spec/negotiating-channels.md +++ b/spec/tor-spec/negotiating-channels.md @@ -22,9 +22,11 @@ In brief: to establish clock skew and IP addresses. - The initiator checks whether the CERTS cell is correct, and decides whether to authenticate. - - If the initiator does not wants to authenticate, + - If the initiator + [is not authenticating itself](./channels.md#does-initiator-authenticate), it sends a [NETINFO cell](#NETINFO-cells). - - If the initiator wants to authenticate, + - If the initiator + [is authenticating itself](./channels.md#does-initiator-authenticate), it sends a [CERTS cell](#CERTS-cells), an [AUTHENTICATE cell](#AUTHENTICATE-cells), a [NETINFO cell](#NETINFO-cells). @@ -47,7 +49,7 @@ sequenceDiagram Initiator ->> Responder: VERSIONS Responder ->> Initiator: VERSIONS, CERTS, AUTH_CHALLENGE, NETINFO - opt if the initiator wants to authenticate + opt if the initiator is authenticating Initiator ->> Responder: CERTS, AUTHENTICATE end @@ -209,7 +211,8 @@ in that it contains a `SIGNING_V_LINK_AUTH` certificate instead of a `SIGNING_V_TLS_CERT` certificate. -> First, recall that the initiator is not required to authenticate; +> First, recall that +> [not all initiators authenticate themselves](./channels.md#does-initiator-authenticate); > bridges and clients do not do so. > > Second, if the initiator *does* choose to authenticate: @@ -318,10 +321,13 @@ These methods are defined: ## AUTHENTICATE cells{#AUTHENTICATE-cells} -If an initiator wants to authenticate, -it responds to the AUTH_CHALLENGE cell +To authenticate, an initiator MUST +it respond to the AUTH_CHALLENGE cell with a CERTS cell and an AUTHENTICATE cell. +> Recall that initiators are +> [not always required to authenticate](./channels.md#does-initiator-authenticate). + ([As discussed above](#validate-initiator-certs), the initiator's CERTS cell differs slightly from what a responder would send.) |