aboutsummaryrefslogtreecommitdiff
path: root/spec/rend-spec/deriving-keys.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/rend-spec/deriving-keys.md')
-rw-r--r--spec/rend-spec/deriving-keys.md28
1 files changed, 14 insertions, 14 deletions
diff --git a/spec/rend-spec/deriving-keys.md b/spec/rend-spec/deriving-keys.md
index cbf62fe..e3cca79 100644
--- a/spec/rend-spec/deriving-keys.md
+++ b/spec/rend-spec/deriving-keys.md
@@ -1,6 +1,6 @@
<a id="rend-spec-v3.txt-2.1"></a>
-## Deriving blinded keys and subcredentials {#SUBCRED}
+# Deriving blinded keys and subcredentials {#SUBCRED}
In each time period (see \[TIME-PERIODS\] for a definition of time
periods), a hidden service host uses a different blinded private key
@@ -58,7 +58,7 @@ Which Tor servers hosts a hidden service depends on:
<a id="rend-spec-v3.txt-2.2.1"></a>
-### Dividing time into periods {#TIME-PERIODS}
+## Dividing time into periods {#TIME-PERIODS}
To prevent a single set of hidden service directory from becoming a
target by adversaries looking to permanently censor a hidden service,
@@ -90,7 +90,7 @@ after the epoch, at 2016-04-12 12:00 UTC, and ended at 16904*1440*60 +
<a id="rend-spec-v3.txt-2.2.2"></a>
-### When to publish a hidden service descriptor {#WHEN-HSDESC}
+## When to publish a hidden service descriptor {#WHEN-HSDESC}
Hidden services periodically publish their descriptor to the responsible
HSDirs. The set of responsible HSDirs is determined as specified in
@@ -104,7 +104,7 @@ descriptor again to the responsible HSDirs for that time period.
<a id="rend-spec-v3.txt-2.2.2.1"></a>
-#### Overlapping descriptors {#OVERLAPPING-DESCS}
+### Overlapping descriptors {#OVERLAPPING-DESCS}
Hidden services need to upload multiple descriptors so that they can be
reachable to clients with older or newer consensuses than them. Services
@@ -125,7 +125,7 @@ achieved.
<a id="rend-spec-v3.txt-2.2.3"></a>
-### Where to publish a hidden service descriptor {#WHERE-HSDESC}
+## Where to publish a hidden service descriptor {#WHERE-HSDESC}
This section specifies how the HSDir hash ring is formed at any given
time. Whenever a time value is needed (e.g. to get the current time period
@@ -190,7 +190,7 @@ choosing the spread for a replica.
<a id="rend-spec-v3.txt-2.2.4"></a>
-### Using time periods and SRVs to fetch/upload HS descriptors {#FETCHUPLOADDESC}
+## Using time periods and SRVs to fetch/upload HS descriptors {#FETCHUPLOADDESC}
Hidden services and clients need to make correct use of time periods (TP)
and shared random values (SRVs) to successfully fetch and upload
@@ -228,7 +228,7 @@ Let's start with an illustration of the system:
<a id="rend-spec-v3.txt-2.2.4.1"></a>
-#### Client behavior for fetching descriptors {#CLIENTFETCH}
+### Client behavior for fetching descriptors {#CLIENTFETCH}
And here is how clients use TPs and SRVs to fetch descriptors:
@@ -258,7 +258,7 @@ after SRV#2, it will still use TP#1 and SRV#1.
<a id="rend-spec-v3.txt-2.2.4.2"></a>
-#### Service behavior for uploading descriptors {#SERVICEUPLOAD}
+### Service behavior for uploading descriptors {#SERVICEUPLOAD}
As discussed above, services maintain two active descriptors at any time. We
call these the "first" and "second" service descriptors. Services rotate
@@ -272,7 +272,7 @@ values based on their position in the graph above. Here is the logic:
<a id="rend-spec-v3.txt-2.2.4.2.1"></a>
-##### First descriptor upload logic {#FIRSTDESCUPLOAD}
+#### First descriptor upload logic {#FIRSTDESCUPLOAD}
Here is the service logic for uploading its first descriptor:
@@ -308,7 +308,7 @@ first descriptor using TP#1 and SRV#1.
<a id="rend-spec-v3.txt-2.2.4.2.2"></a>
-##### Second descriptor upload logic {#SECONDDESCUPLOAD}
+#### Second descriptor upload logic {#SECONDDESCUPLOAD}
Here is the service logic for uploading its second descriptor:
@@ -342,7 +342,7 @@ second descriptor using TP#2 and SRV#2.
<a id="rend-spec-v3.txt-2.2.4.3"></a>
-#### Directory behavior for handling descriptor uploads \[DIRUPLOAD\]
+### Directory behavior for handling descriptor uploads \[DIRUPLOAD\]
Upon receiving a hidden service descriptor publish request, directories MUST
check the following:
@@ -368,7 +368,7 @@ necessary client credentials (for decrypting the second layer).
<a id="rend-spec-v3.txt-2.2.5"></a>
-### Expiring hidden service descriptors {#EXPIRE-DESC}
+## Expiring hidden service descriptors {#EXPIRE-DESC}
Hidden services set their descriptor's "descriptor-lifetime" field to 180
minutes (3 hours). Hidden services ensure that their descriptor will remain
@@ -381,7 +381,7 @@ the time period has changed).
<a id="rend-spec-v3.txt-2.2.6"></a>
-### URLs for anonymous uploading and downloading {#urls}
+## URLs for anonymous uploading and downloading {#urls}
Hidden service descriptors conforming to this specification are uploaded
with an HTTP POST request to the URL `/tor/hs/<version>/publish` relative to
@@ -395,7 +395,7 @@ anything else.
<a id="rend-spec-v3.txt-2.2.7"></a>
-### Client-side validation of onion addresses {#addr-validation}
+## Client-side validation of onion addresses {#addr-validation}
When a Tor client receives a prop224 onion address from the user, it
MUST first validate the onion address before attempting to connect or
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion