This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository torspec.
commit 90919950d131cb9a0b6bae4778822d0c565757eb Author: Ian Jackson ijackson@chiark.greenend.org.uk AuthorDate: Tue Jan 17 18:10:51 2023 +0000
Use _ed rather than _ntor for ed25519 keys
Even the ones that are actually ntor. Perhaps that's wrong and those should be ntor? Personally I like it this way. --- rend-spec-v3.txt | 4 ++-- tor-spec.txt | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index bc565fa..4d598cc 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -586,7 +586,7 @@ Table of contents: KP_hsid, KS_hsid.
For services which run on a relay, this key SHOULD NOT be the - same as the Tor instance's KP_relayid_ntor. + same as the Tor instance's KP_relayid_ed.
Blinded signing key -- A keypair derived from the identity key, used to sign descriptor signing keys. It changes periodically for @@ -631,7 +631,7 @@ Table of contents:
Public/private keypairs defined elsewhere:
- Onion key -- Short-term encryption keypair (K_onion_ntor). + Onion key -- Short-term encryption keypair (K_onion_ed).
(Node) identity key (K_relayid).
diff --git a/tor-spec.txt b/tor-spec.txt index 6654e0e..c21fe49 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -252,30 +252,30 @@ see tor-design.pdf. longer advertised. Because of this, relays MUST retain old keys for a while after they're rotated. (See "onion key lifetime parameters" in dir-spec.txt.) - KP_onion_ntor, KS_onion_ntor. + KP_onion_ed, KS_onion_ed.
These are Ed25519 keys:
- A long-term "master identity" key. This key never changes; it is used only to sign the "signing" key below. It may be kept offline. - KP_relayid_ntor, KS_relayid_ntor. + KP_relayid_ed, KS_relayid_ed. - A medium-term "signing" key. This key is signed by the master identity key, and must be kept online. A new one should be generated periodically. It signs nearly everything else. - KP_relaysign_ntor, KS_relaysign_ntor. + KP_relaysign_ed, KS_relaysign_ed. - A short-term "link authentication" key, used to authenticate the link handshake: see section 4 below. This key is signed by the "signing" key, and should be regenerated frequently. - KP_link_ntor, KS_link_ntor. + KP_link_ed, KS_link_ed.
KP_relayid_* together identify a router uniquely. Once a router - has used a KP_relayid_ntor (an Ed25519 master identity key) + has used a KP_relayid_ed (an Ed25519 master identity key) together with a given KP_relayid_rsa (RSA identity key), neither of those keys may ever be used with a different key.
We write KP_relayid to refer to a key which is either - KP_relayid_rsa or KP_relayid_ntor. + KP_relayid_rsa or KP_relayid_ed.
2. Connections