Document that keypairs should not double up roles, with example

author: Ian Jackson <ijackson@chiark.greenend.org.uk> 2023-01-17 18:22:08 +0000
committer: David Goulet <dgoulet@torproject.org> 2023-01-19 10:20:45 -0500
commit: e1ee12e8107dd91599019eea84600666763e478c (patch)
tree: 4807a66b4224ce2491eaf40d67a59ea90e0f15f4 /tor-spec.txt
parent: 3bdb23706aeae16e1aae6afe081185ca77ebdc34 (diff)
download: torspec-e1ee12e8107dd91599019eea84600666763e478c.tar.gz
torspec-e1ee12e8107dd91599019eea84600666763e478c.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/tor-spec.txt b/tor-spec.txt
index c21fe49..8179a9d 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -277,6 +277,11 @@ see tor-design.pdf.
    We write KP_relayid to refer to a key which is either
    KP_relayid_rsa or KP_relayid_ed.
 
+   The same key or keypair should never be used for separate roles within
+   the Tor protocol suite, unless specifically stated.  For example,
+   a relay's identity keys K_relayid should not also be used as the
+   identity keypair for a hidden service K_hs_id (see rend-spec-v3.txt).
+
 2. Connections
 
    Connections between two Tor relays, or between a client and a relay,
author	Ian Jackson <ijackson@chiark.greenend.org.uk>	2023-01-17 18:22:08 +0000
committer	David Goulet <dgoulet@torproject.org>	2023-01-19 10:20:45 -0500
commit	e1ee12e8107dd91599019eea84600666763e478c (patch)
tree	4807a66b4224ce2491eaf40d67a59ea90e0f15f4 /tor-spec.txt
parent	3bdb23706aeae16e1aae6afe081185ca77ebdc34 (diff)
download	torspec-e1ee12e8107dd91599019eea84600666763e478c.tar.gz torspec-e1ee12e8107dd91599019eea84600666763e478c.zip