diff options
Diffstat (limited to 'spec/dir-spec/server-descriptor-format.md')
-rw-r--r-- | spec/dir-spec/server-descriptor-format.md | 106 |
1 files changed, 53 insertions, 53 deletions
diff --git a/spec/dir-spec/server-descriptor-format.md b/spec/dir-spec/server-descriptor-format.md index 97b7d09..49820fc 100644 --- a/spec/dir-spec/server-descriptor-format.md +++ b/spec/dir-spec/server-descriptor-format.md @@ -16,7 +16,7 @@ such blank lines. "router" nickname address ORPort SOCKSPort DirPort NL -[At start, exactly once.] +\[At start, exactly once.\] Indicates the beginning of a server descriptor. "nickname" must be a valid router nickname as specified in section 2.1.3. "address" must @@ -36,33 +36,33 @@ authorities MAY reject any descriptor with both DirPort and ORPort of "-----END ED25519 CERT-----" NL ``` -[Exactly once, in second position in document.] -[No extra arguments] +\[Exactly once, in second position in document.\] +\[No extra arguments\] The certificate is a base64-encoded Ed25519 certificate (see cert-spec.txt) with terminating =s removed. When this element is present, it MUST appear as the first or second element in the router descriptor. -The certificate has CERT_TYPE of [04]. It must include a +The certificate has CERT_TYPE of \[04\]. It must include a signed-with-ed25519-key extension (see cert-spec.txt, section 2.2.1), so that we can extract the master identity key. -[Before Tor 0.4.5.1-alpha, this field was optional.] +\[Before Tor 0.4.5.1-alpha, this field was optional.\] "master-key-ed25519" SP MasterKey NL -[Exactly once] +\[Exactly once\] Contains the base-64 encoded ed25519 master key as a single argument. If it is present, it MUST match the identity key in the identity-ed25519 entry. -[Before Tor 0.4.5.1-alpha, this field was optional.] +\[Before Tor 0.4.5.1-alpha, this field was optional.\] "bandwidth" bandwidth-avg bandwidth-burst bandwidth-observed NL -[Exactly once] +\[Exactly once\] Estimated bandwidth for this router, in bytes per second. The "average" bandwidth is the volume per second that the OR is willing to @@ -78,7 +78,7 @@ day. These versions are no longer supported or recommended. "platform" string NL -[At most once] +\[At most once\] A human-readable string describing the system on which this OR is running. This MAY include the operating system, and SHOULD include @@ -86,14 +86,14 @@ the name and version of the software implementing the Tor protocol. "published" YYYY-MM-DD HH:MM:SS NL -[Exactly once] +\[Exactly once\] The time, in UTC, when this descriptor (and its corresponding extra-info document if any) was generated. "fingerprint" fingerprint NL -[At most once] +\[At most once\] A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in hex, with a single space after every 4 characters) for this router's @@ -125,8 +125,8 @@ descriptor was published, and shouldn't be used to build circuits. "onion-key" NL a public key in PEM format ``` -[Exactly once] -[No extra arguments] +\[Exactly once\] +\[No extra arguments\] This key is used to encrypt CREATE cells for this OR. The key MUST be accepted for at least 1 week after any new key is published in a @@ -138,8 +138,8 @@ KEY-----" and "-----END RSA PUBLIC KEY-----". "onion-key-crosscert" NL a RSA signature in PEM format. -[Exactly once] -[No extra arguments] +\[Exactly once\] +\[No extra arguments\] This element contains an RSA signature, generated using the onion-key, of the following: @@ -162,12 +162,12 @@ This signature proves that the party creating the descriptor had control over the secret key corresponding to the onion-key. -[Before Tor 0.4.5.1-alpha, this field was optional whenever -identity-ed25519 was absent.] +\[Before Tor 0.4.5.1-alpha, this field was optional whenever +identity-ed25519 was absent.\] "ntor-onion-key" base-64-encoded-key -[Exactly once] +\[Exactly once\] A curve25519 public key used for the ntor circuit extended handshake. It's the standard encoding of the OR's curve25519 @@ -176,7 +176,7 @@ omitted from the base64 encoding. The key MUST be accepted for at least 1 week after any new key is published in a subsequent descriptor. -[Before Tor 0.4.5.1-alpha, this field was optional.] +\[Before Tor 0.4.5.1-alpha, this field was optional.\] ```text "ntor-onion-key-crosscert" SP Bit NL @@ -184,12 +184,12 @@ subsequent descriptor. "-----END ED25519 CERT-----" NL ``` -[Exactly once] -[No extra arguments] +\[Exactly once\] +\[No extra arguments\] A signature created with the ntor-onion-key, using the certificate format documented in cert-spec.txt, with type -[0a]. The signed key here is the master identity key. +\[0a\]. The signed key here is the master identity key. Bit must be "0" or "1". It indicates the sign of the ed25519 public key corresponding to the ntor onion key. If Bit is "0", @@ -204,13 +204,13 @@ This signature proves that the party creating the descriptor had control over the secret key corresponding to the ntor-onion-key. -[Before Tor 0.4.5.1-alpha, this field was optional whenever -identity-ed25519 was absent.] +\[Before Tor 0.4.5.1-alpha, this field was optional whenever +identity-ed25519 was absent.\] "signing-key" NL a public key in PEM format -[Exactly once] -[No extra arguments] +\[Exactly once\] +\[No extra arguments\] The OR's long-term RSA identity key. It MUST be 1024 bits. @@ -219,7 +219,7 @@ The encoding is as for "onion-key" above. "accept" exitpattern NL "reject" exitpattern NL -[Any number] +\[Any number\] These lines describe an "exit policy": the rules that an OR follows when deciding whether to allow a new stream to a given address. The @@ -230,7 +230,7 @@ be accept *:* or reject *:*. "ipv6-policy" SP ("accept" / "reject") SP PortList NL -[At most once.] +\[At most once.\] An exit-policy summary as specified in sections 3.4.1 and 3.8.2, summarizing @@ -240,7 +240,7 @@ the router's rules for connecting to IPv6 addresses. A missing "overload-general" SP version SP YYYY-MM-DD HH:MM:SS NL -[At most once.] +\[At most once.\] Indicates that a relay has reached an "overloaded state" which can be one or many of the following load metrics: @@ -286,13 +286,13 @@ The signature is encoded in Base64, with terminating =s removed. The signing key in the identity-ed25519 certificate MUST be the one used to sign the document. -[Before Tor 0.4.5.1-alpha, this field was optional whenever -identity-ed25519 was absent.] +\[Before Tor 0.4.5.1-alpha, this field was optional whenever +identity-ed25519 was absent.\] "router-signature" NL Signature NL -[At end, exactly once] -[No extra arguments] +\[At end, exactly once\] +\[No extra arguments\] The "SIGNATURE" object contains a signature of the PKCS1-padded hash of the entire server descriptor, taken from the beginning of the @@ -302,14 +302,14 @@ with the router's identity key. "contact" info NL -[At most once] +\[At most once\] Describes a way to contact the relay's administrator, preferably including an email address and a PGP key fingerprint. "bridge-distribution-request" SP Method NL -[At most once, bridges only.] +\[At most once, bridges only.\] The "Method" describes how a Bridge address is distributed by BridgeDB. Recognized methods are: "none", "any", "https", "email", @@ -338,12 +338,12 @@ BridgeDB SHOULD treat unrecognized Method values as if they were (Default: "any") -[This line was introduced in 0.3.2.3-alpha, with a minimal backport -to 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, and later.] +\[This line was introduced in 0.3.2.3-alpha, with a minimal backport +to 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, and later.\] "family" names NL -[At most once] +\[At most once\] 'Names' is a space-separated list of relay nicknames or hexdigests. If two ORs list one another in their "family" entries, @@ -366,7 +366,7 @@ appeared in extra-info descriptors since 0.2.0.x.) "eventdns" bool NL -[At most once] +\[At most once\] Declare whether this version of Tor is using the newer enhanced dns logic. Versions of Tor with this field set to false SHOULD NOT @@ -379,17 +379,17 @@ be used for reverse hostname lookups. "caches-extra-info" NL ``` -[At most once.] -[No extra arguments] +\[At most once.\] +\[No extra arguments\] Present only if this router is a directory cache that provides extra-info documents. -[Versions before 0.2.0.1-alpha don't recognize this] +\[Versions before 0.2.0.1-alpha don't recognize this\] -"extra-info-digest" SP sha1-digest [SP sha256-digest] NL +"extra-info-digest" SP sha1-digest \[SP sha256-digest\] NL -[At most once] +\[At most once\] "sha1-digest" is a hex-encoded SHA1 digest (using upper-case characters) of the router's extra-info document, as signed in the router's @@ -405,12 +405,12 @@ to roll out an incremental fix for, not a design choice. Future digest algorithms specified should not include the signature in the data used to compute the digest. -[Versions before 0.2.7.2-alpha did not include a SHA256 digest.] -[Versions before 0.2.0.1-alpha don't recognize this field at all.] +\[Versions before 0.2.7.2-alpha did not include a SHA256 digest.\] +\[Versions before 0.2.0.1-alpha don't recognize this field at all.\] "hidden-service-dir" NL -[At most once.] +\[At most once.\] Present only if this router stores and serves hidden service descriptors. This router supports the descriptor versions declared @@ -431,8 +431,8 @@ parse this line. "allow-single-hop-exits" NL -[At most once.] -[No extra arguments] +\[At most once.\] +\[No extra arguments\] Present only if the router allows single-hop circuits to make exit connections. Most Tor relays do not support this: this is @@ -441,7 +441,7 @@ access and such. This is obsolete in tor version >= 0.3.1.0-alpha. "or-address" SP ADDRESS ":" PORT NL -[Any number] +\[Any number\] ADDRESS = IP6ADDR | IP4ADDR IPV6ADDR = an ipv6 address, surrounded by square brackets. @@ -465,8 +465,8 @@ Tor 0.2.3.x only the first address/port pair is advertised and used. "tunnelled-dir-server" NL -[At most once.] -[No extra arguments] +\[At most once.\] +\[No extra arguments\] ```text Present if the router accepts "tunneled" directory requests using a @@ -505,4 +505,4 @@ larger than 63. This field was first added in Tor 0.2.9.x. -[Before Tor 0.4.5.1-alpha, this field was optional.] +\[Before Tor 0.4.5.1-alpha, this field was optional.\] |