From a8cf1279f58e4363ea3c84a9d89390e1cda76b62 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 12 Feb 2024 13:25:36 -0500 Subject: Clarify when we use CREATE_FAST --- spec/tor-spec/create-created-cells.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/spec/tor-spec/create-created-cells.md b/spec/tor-spec/create-created-cells.md index 95727d0..a9b7a12 100644 --- a/spec/tor-spec/create-created-cells.md +++ b/spec/tor-spec/create-created-cells.md @@ -530,12 +530,12 @@ their circuit keys. ## CREATE_FAST/CREATED_FAST cells {#create_fast} -When initializing the first hop of a circuit, the OP has already +When creating a one-hop circuit, the OP has already established the OR's identity and negotiated a secret key using TLS. -Because of this, it is not always necessary for the OP to perform the -public key operations to create a circuit. In this case, the -OP MAY send a CREATE_FAST cell instead of a CREATE cell for the first -hop only. The OR responds with a CREATED_FAST cell, and the circuit is +Because of this, it is not necessary for the OP to perform the +public key operations to create a circuit. +In this case, the OP MAY send a CREATE_FAST cell instead of a CREATE cell. +The OR responds with a CREATED_FAST cell, and the circuit is created. A CREATE_FAST cell contains: @@ -556,11 +556,7 @@ The values of `X` and `Y` must be generated randomly. Once both parties have `X` and `Y`, they derive their shared circuit keys and 'derivative key data' value via the [KDF-TOR function](./setting-circuit-keys.md#kdf-tor). -The CREATE_FAST handshake is currently deprecated whenever it is not -necessary; the migration is controlled by the "usecreatefast" -networkstatus parameter as described in dir-spec.txt. - -\[Tor 0.3.1.1-alpha and later disable CREATE_FAST by default.\] +Parties SHOULD NOT use CREATE_FAST except for creating one-hop circuits. -- cgit v1.2.3-54-g00ecf