From e1ee12e8107dd91599019eea84600666763e478c Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 17 Jan 2023 18:22:08 +0000
Subject: Document that keypairs should not double up roles, with example

---
 tor-spec.txt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tor-spec.txt')

diff --git a/tor-spec.txt b/tor-spec.txt
index c21fe49..8179a9d 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -277,6 +277,11 @@ see tor-design.pdf.
    We write KP_relayid to refer to a key which is either
    KP_relayid_rsa or KP_relayid_ed.
 
+   The same key or keypair should never be used for separate roles within
+   the Tor protocol suite, unless specifically stated.  For example,
+   a relay's identity keys K_relayid should not also be used as the
+   identity keypair for a hidden service K_hs_id (see rend-spec-v3.txt).
+
 2. Connections
 
    Connections between two Tor relays, or between a client and a relay,
-- 
cgit v1.2.3-54-g00ecf