aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--proposals/000-index.txt2
-rw-r--r--proposals/227-vote-on-package-fingerprints.txt5
-rw-r--r--proposals/240-auth-cert-revocation.txt48
3 files changed, 52 insertions, 3 deletions
diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 9af0405..b8d4490 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -160,6 +160,7 @@ Proposals by number:
237 All relays are directory servers [OPEN]
238 Better hidden service stats from Tor relays [DRAFT]
239 Consensus Hash Chaining [DRAFT]
+240 Early signing key revocation for directory authorities [DRAFT]
Proposals by status:
@@ -184,6 +185,7 @@ Proposals by status:
235 Stop assigning (and eventually supporting) the Named flag [for 0.2.5]
238 Better hidden service stats from Tor relays
239 Consensus Hash Chaining
+ 240 Early signing key revocation for directory authorities
NEEDS-REVISION:
131 Help users to verify they are using Tor
190 Bridge Client Authorization Based on a Shared Secret
diff --git a/proposals/227-vote-on-package-fingerprints.txt b/proposals/227-vote-on-package-fingerprints.txt
index d82f76c..83ac3da 100644
--- a/proposals/227-vote-on-package-fingerprints.txt
+++ b/proposals/227-vote-on-package-fingerprints.txt
@@ -31,12 +31,11 @@ Status: Open
VERSION = NONSPACE
URL = NONSPACE
DIGESTS = DIGEST | DIGESTS SP DIGEST
- DIGEST = DIGESTTYPE "=" BASE64
+ DIGEST = DIGESTTYPE "=" DIGESTVAL
NONSPACE = one or more non-space printing characters
- BASE64 = one or more base-64 characters, with trailing =s
- removed.
+ DIGESTVAL = any number of non-=, non-" " characters.
SP = " "
NL = a newline
diff --git a/proposals/240-auth-cert-revocation.txt b/proposals/240-auth-cert-revocation.txt
new file mode 100644
index 0000000..fa426ca
--- /dev/null
+++ b/proposals/240-auth-cert-revocation.txt
@@ -0,0 +1,48 @@
+Filename: 240-auth-cert-revocation.txt
+Title: Early signing key revocation for directory authorities.
+Author: Nick Mathewson
+Created: 09-Jan-2015
+Status: Draft
+
+1. Overview
+
+ This proposal describes a simple way for directory authorities to
+ perform signing key revocation.
+
+2. Specification
+
+ We add the following lines to the authority signing certificate
+ format:
+
+ revoked-signing-key SP algname SP FINGERPRINT NL
+
+ This line may appear zero or more times.
+
+ It indicates that a particular not-yet-expired signing key should not
+ be used.
+
+3. Client and cache operation
+
+ No client or cache should retain, use, or serve any certificate whose
+ signing key is described in a revoked-signing-key line in a
+ certificate with the same authority identity key. (If the signing
+ key fingerprint appears in a cert with a different identity key, it
+ has no effect: you aren't allowed to revoke other people's keys.)
+
+ No Tor instance should download a certificate whose signing
+ key,identity key combination is known to be revoked.
+
+4. Authority operator interface.
+
+ The 'tor-gencert' command will take a number of older certificates to
+ revoke as optional command-line arguments. It will include their
+ keys in revoked-signing-key lines only if they are still valid, or
+ have been expired for no more than a month.
+
+5. Circular revocation
+
+ My first attempt at writing a proposal here included a lengthy
+ section about how to handle cases where certificate A revokes the key
+ of certificate B, and certificate B revokes the key of certificate A.
+
+ Instead, I am inclined to say that this is a MUST NOT.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion