commit 01c536fa3d931401258465177b61720b1b033179 Author: Nick Mathewson <nickm@torproject.org> Date: Thu Feb 20 13:50:27 2014 +0000 Use new prop220 cert format in prop224. --- proposals/224-rend-spec-ng.txt | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index 680d449..5e4c511 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -16,8 +16,17 @@ Status: Draft in the design. Change history: + 2013-11-29: Proposal first numbered. Some TODO and XXX items remain. + 2014-01-04: Clarify some unclear sections. + + 2014-01-21: Fix a typo. + + 2014-02-20: Move more things to the revised certificate format in the + new updated proposal 220. + + 0. Hidden services: overview and preliminaries. Hidden services aim to provide responder anonymity for bidirectional @@ -787,14 +796,14 @@ Status: Draft The format for a hidden service descriptor is as follows, using the meta-format from dir-spec.txt. - "hs-descriptor" SP "3" SP public-key SP certification NL + "hs-descriptor" SP "3" certificate NL [At start, exactly once.] - public-key is the blinded public key for the service, encoded in - base 64. Certification is a certification of a short-term ed25519 - descriptor signing key using the public key, in the format of - proposal 220. + The 'certificate' field contains a certificate in the format from + proposal 220, with the short-term ed25519 descriptor-signing key + signed by the blinded public key. It must contain a + ed25519-signing-key extension containing the blinded public key. "time-period" SP YYYY-MM-DD HH:MM:SS NUM NL @@ -895,14 +904,15 @@ Status: Draft The link-specifiers is a base64 encoding of a link specifier block in the format described in BUILDING-BLOCKS. - "auth-key" SP "ed25519" SP key SP certification NL + "auth-key" SP "ed25519" certificate NL [Exactly once per introduction point] Base-64 encoded introduction point authentication key that was used to establish introduction point circuit, cross-certifying - the blinded public key key using the certification format of - proposal 220. + the blinded public key. This uses the certificate format of + proposal 220 with type [09]. The signing-key extension is + mandatory here to tell you what the public key is. "enc-key" SP "ntor" SP key NL @@ -1732,3 +1742,14 @@ Appendix C. Recommendations for searching for vanity .onions [VANITY] Appendix D. Numeric values reserved in this document [TODO: collect all the lists of commands and values mentioned above] + +Appendix E. Reserved numbers + + We reserve these certificate type values for Ed25519 certificates: + + [08] hidden service short-term ed25519 key, signed with blinded + public key. (Section 2.4) + [09] intro point authentication key, cross-certifying blinded + public key. (Section 2.5) + + [XXXX list more]