Age | Commit message (Collapse) | Author |
|
|
|
|
|
Prompted by
https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/105#note_2869614
|
|
Suggested here
https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/105#note_2869613
|
|
Even the ones that are actually ntor. Perhaps that's wrong and those
should be ntor? Personally I like it this way.
|
|
In particular, give these formal names which contain "hs" (since they
are part of the hidden service protocol, and not any other kind of
authentication or authorisation scheme), and "N" to indicate that they
are hash-generated nonces, not passwords.
Change the references in the formulae, which it really seems to me
ought to refer to the formal names.
|
|
|
|
Introduce the credential and subcredential before we use them.
Talk about the public identity key rather than the credential,
when we can.
|
|
|
|
|
|
All supported versions for relays on the Tor network support v3
onion services. As such, we can mark the sections about "how do I
use an 0.2.9.x relay as my intro/rend point?" as obsolete.
|
|
|
|
|
|
These patch changes describe new default behaviors for extension
field lists, as appear in ntor3 and in many places throughout the
ntor3 protocol. In general:
* Unrecognized extensions MUST be ignored.
Additionally, all the following rules apply _unless otherwise stated
in the documentation for an extension.
* Extensions are sent in sorted order.
* Extensions should only be sent once in a message
* If you receive multiple copies of an extension, only the first
one counts.
This comes out of discussions on tor!525.
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
- "auth-client" is actually a mandatory field right now.
- The intro point cross-certificates are the other way around (#29853)
- The descriptor MAC includes the salt_len and it's not the
standard v3 MAC format.
|
|
This only adds newline characters to make the existing text blocks act like
"blockquote" or "code block" syntax in Markdown, asciidoc, and others.
This was accomplished by manually reviewing the output of this script:
```bash
for f in *.txt; do
cat $f | python -c "import sys,re;print(re.sub(r'(\n {0,3}[^ \n][^\n]*\n)( {4,}[^\n]*)', r'\1\n\2', sys.stdin.read()))" > ${f}.tmp
mv ${f}.tmp $f
done
```
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This is one small step towards making these a standard, parsable format.
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Spec for #23588.
|
|
Spec for 23507 and 23818.
|
|
|
|
|
|
Pointed out by Jean Chevalier.
|
|
|
|
- Add file extension to the client auth files.
- Better specify suggested client auth file format.
- Suggest better client auth logic for client and service side.
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
Closes bug 26925.
|
|
It's meant to protect against entities that don't know the identity public
key (aka the onion address).
Closes #26379. Pointed out by Steven Murdoch.
|
|
Specification had 50 hours but the code is using 12 hours. I could only find
commit dacf568f5e28c9c48a674a45b14af9db6b4e2bde that added that 50 hours
value without much explanation.
Since tor stable is currently using 12 hours, change the spec for now and
we'll make future changes if necessary as long as the code matches the spec.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Pointed out by inkylatenoth in:
https://lists.torproject.org/pipermail/tor-dev/2017-October/012527.html
Fixes ticket #24544.
|
|
|
|
|
|
|
|
In particular, document how to derive the second half of the private key.
|
|
The implementation uses sizeof instead of strlen, so the C string NUL byte is hashed.
|
|
|
|
|