diff options
Diffstat (limited to 'spec/rend-spec-v3/protocol-overview.md')
-rw-r--r-- | spec/rend-spec-v3/protocol-overview.md | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/spec/rend-spec-v3/protocol-overview.md b/spec/rend-spec-v3/protocol-overview.md index cb47184..1c03e49 100644 --- a/spec/rend-spec-v3/protocol-overview.md +++ b/spec/rend-spec-v3/protocol-overview.md @@ -1,4 +1,5 @@ <a id="rend-spec-v3.txt-1"></a> + # Protocol overview In this section, we outline the hidden service protocol. This section @@ -6,6 +7,7 @@ omits some details in the name of simplicity; those are given more fully below, when we specify the protocol in more detail. <a id="rend-spec-v3.txt-1.1"></a> + ## View from 10,000 feet A hidden service host prepares to offer a hidden service by choosing @@ -44,6 +46,7 @@ or processes configured by the server; RELAY_DATA cells are used to communicate data on those streams, and so forth. <a id="rend-spec-v3.txt-1.2"></a> + ## In more detail: naming hidden services [NAMING] A hidden service's name is its long term master identity key. This is @@ -69,6 +72,7 @@ their length. An older name might look like: ``` <a id="rend-spec-v3.txt-1.3"></a> + ## In more detail: Access control [IMD:AC] Access control for a hidden service is imposed at multiple points through @@ -103,6 +107,7 @@ optional client authorization is enabled, the service may additionally require the client to prove knowledge of a pre-shared private key. <a id="rend-spec-v3.txt-1.4"></a> + ## In more detail: Distributing hidden service descriptors. [IMD:DIST] Periodically, hidden service descriptors become stored at different @@ -147,6 +152,7 @@ its blinded signing key. The keys for the last period remain valid until the new keys come online. <a id="rend-spec-v3.txt-1.5"></a> + ## In more detail: Scaling to multiple hosts This design is compatible with our current approaches for scaling hidden @@ -168,6 +174,7 @@ enable the use of older Tor nodes as rendezvous points and introduction points. <a id="rend-spec-v3.txt-1.7"></a> + ## In more detail: Keeping crypto keys offline In this design, a hidden service's secret identity key may be @@ -194,6 +201,7 @@ only be used to create credentials for the descriptor signing keys. implemented as of 0.3.2.1-alpha.) <a id="rend-spec-v3.txt-1.8"></a> + ## In more detail: Encryption Keys And Replay Resistance To avoid replays of an introduction request by an introduction point, @@ -204,6 +212,7 @@ time can create a problematic fingerprint. (See proposal 222 for more discussion.) <a id="rend-spec-v3.txt-1.9"></a> + ## In more detail: A menagerie of keys [In the text below, an "encryption keypair" is roughly "a keypair you @@ -282,6 +291,7 @@ Public/private keypairs defined in this document: ``` <a id="rend-spec-v3.txt-1.9.1"></a> + ### In even more detail: Client authorization keys [CLIENT-AUTH] When client authorization is enabled, each authorized client of a hidden @@ -316,4 +326,3 @@ keys should be managed. [TODO: Also specify stealth client authorization.] (NOTE: client authorization is implemented as of 0.3.5.1-alpha.) - |