diff options
Diffstat (limited to 'spec/rend-spec-v3/introduction-protocol-intro-protocol.md')
-rw-r--r-- | spec/rend-spec-v3/introduction-protocol-intro-protocol.md | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/spec/rend-spec-v3/introduction-protocol-intro-protocol.md b/spec/rend-spec-v3/introduction-protocol-intro-protocol.md index a9813c2..e1977fc 100644 --- a/spec/rend-spec-v3/introduction-protocol-intro-protocol.md +++ b/spec/rend-spec-v3/introduction-protocol-intro-protocol.md @@ -1,4 +1,5 @@ <a id="rend-spec-v3.txt-3"></a> + # The introduction protocol [INTRO-PROTOCOL] The introduction protocol proceeds in three steps. @@ -28,9 +29,11 @@ the introduction circuit to the hidden service host, and acknowledges the introduction request to the client. <a id="rend-spec-v3.txt-3.1"></a> + ## Registering an introduction point [REG_INTRO_POINT] <a id="rend-spec-v3.txt-3.1.1"></a> + ### Extensible ESTABLISH_INTRO protocol. [EST_INTRO] When a hidden service is establishing a new introduction point, it @@ -111,6 +114,7 @@ Otherwise, the node must associate the key with the circuit, for use later in INTRODUCE1 cells. <a id="rend-spec-v3.txt-3.1.1.1"></a> + #### Denial-of-Service Defense Extension. [EST_INTRO_DOS_EXT] This extension can be used to send Denial-of-Service (DoS) parameters to @@ -210,6 +214,7 @@ Older versions of Tor always use a 1024-bit RSA key for these introduction authentication keys. <a id="rend-spec-v3.txt-3.1.3"></a> + ### Acknowledging establishment of introduction point [INTRO_ESTABLISHED] After setting up an introduction circuit, the introduction point reports its @@ -234,6 +239,7 @@ The same rules for multiplicity, ordering, and handling unknown types apply to the extension fields here as described [EST_INTRO] above. <a id="rend-spec-v3.txt-3.2"></a> + ## Sending an INTRODUCE1 cell to the introduction point. [SEND_INTRO1] In order to participate in the introduction protocol, a client must @@ -260,6 +266,7 @@ or that its request will not succeed. ``` <a id="rend-spec-v3.txt-3.2.1"></a> + ### INTRODUCE1 cell format [FMT_INTRO1] When a client is connecting to an introduction point, INTRODUCE1 cells @@ -302,6 +309,7 @@ The same rules for multiplicity, ordering, and handling unknown types apply to the extension fields here as described [EST_INTRO] above. <a id="rend-spec-v3.txt-3.2.2"></a> + ### INTRODUCE_ACK cell format. [INTRO_ACK] An INTRODUCE_ACK cell has the following fields: @@ -326,6 +334,7 @@ The same rules for multiplicity, ordering, and handling unknown types apply to the extension fields here as described [EST_INTRO] above. <a id="rend-spec-v3.txt-3.3"></a> + ## Processing an INTRODUCE2 cell at the hidden service. [PROCESS_INTRO2] Upon receiving an INTRODUCE2 cell, the hidden service host checks whether @@ -422,6 +431,7 @@ The same rules for multiplicity, ordering, and handling unknown types apply to the extension fields here as described [EST_INTRO] above. <a id="rend-spec-v3.txt-3.3.1"></a> + ### Introduction handshake encryption requirements [INTRO-HANDSHAKE-REQS] When decoding the encrypted information in an INTRODUCE2 cell, a @@ -569,6 +579,7 @@ computed in tor-spec.txt section 5.1.4, except that instead of using AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256. <a id="rend-spec-v3.txt-3.4"></a> + ## Authentication during the introduction phase. [INTRO-AUTH] Hidden services may restrict access only to authorized users. @@ -578,7 +589,8 @@ know the credential for a hidden service may connect at all. There is one defined authentication type: `ed25519`. <a id="rend-spec-v3.txt-3.4.1"></a> -### Ed25519-based authentication `ed25519`. + +### Ed25519-based authentication `ed25519` (NOTE: This section is not implemented by Tor. It is likely that we would want to change its design substantially before @@ -618,4 +630,3 @@ on the authentication. Users SHOULD NOT use the same public key with multiple hidden services. - |