commit 3762272611aca1ffd0c5896d713c94ecf98b8f47 Author: Nick Mathewson nickm@torproject.org Date: Wed May 28 09:21:29 2014 -0400

tweak proposal 220 based on comments from george, nick hopper --- proposals/220-ecc-id-keys.txt | 42 ++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 94ec9a3..6f60ca5 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -78,8 +78,8 @@ Status: Draft EXPIRATION_DATE [3 Bytes] CERT_KEY_TYPE [1 byte] CERTIFIED_KEY [32 Bytes] - EXTENSIONS [variable length, up to length of certificate - minus 64 bytes.] + N_EXTENSIONS [1 byte] + EXTENSIONS [N_EXTENSIONS times] SIGNATURE [64 Bytes]

The "VERSION" field holds the value [01]. The "CERT_TYPE" field @@ -94,14 +94,19 @@ Status: Draft The EXTENSIONS field contains zero or more extensions, each of the format:

- ExtLength [1 or 2 bytes] - ExtType [1 or 2 bytes] + ExtLength [2 bytes] + ExtType [1 byte] + ExtFlags [1 byte] ExtData [Length bytes]

- The ExtLength and ExtType fields can represent values between 0 - and 2^15-1, representing values under 128 as "0xxxxxxx" and - values over 128 as "1xxxxxxx yyyyyyyy". The meaning of the - ExtData field in an extension is type-dependent. + The meaning of the ExtData field in an extension is type-dependent. + + The ExtFlags field holds flags; this flag is currently defined: + + 1 -- AFFECTS_VALIDATION. If this flag is present, then the + extension affects whether the certificate is valid; clients + must not accept the certificate as valid unless they + understand the extension.

It is an error for an extension to be truncated; such a certificate is invalid. @@ -142,8 +147,10 @@ Status: Draft SIGNATURE [64 Bytes]

FIXED_PREFIX is "REVOKEID" or "REVOKESK". VERSION is [01]. KEYTYPE is - [01] for revoking a signing key or [02] for revoking an identity key. - REVOKED_KEY is the key being revoked; IDENTITY_KEY is the node's + [01] for revoking a signing key, [02] for revoking an identity key, + or [03] for revoking an RSA identity key. + REVOKED_KEY is the key being revoked or a SHA256 hash of the key if + it is an RSA identity key; IDENTITY_KEY is the node's Ed25519 identity key. PUBLISHED is the time that the document was generated, in seconds since the epoch. REV_EXTENSIONS is left for a future version of this document. The SIGNATURE is generated with @@ -194,10 +201,11 @@ Status: Draft When an identity-ed25519 element is present, there must also be a "router-signature-ed25519" element. It MUST be the next-to-last element in the descriptor, appearing immediately before the RSA - signature. It MUST contain an ed25519 signature of the entire - document, from the first character up to but not including the - "router-signature-ed25519" element, prefixed with the string "Tor - router descriptor signature v1". Its format is: + signature. (In future versions of the descriptor format that do not + require an RSA identity key, it MUST be last.) It MUST contain an + ed25519 signature of the entire document, from the first character up + to but not including the "router-signature-ed25519" element, prefixed + with the string "Tor router descriptor signature v1". Its format is:

"router-signature-ed25519" SP signature NL

@@ -285,10 +293,6 @@ Status: Draft 0.2.4 without being de-listed from the consensus.

- [XXX I could specify a way to do a signed "I'm downgrading for a - while!" statement, and kludge some code back into 0.2.4.x to better - support that?] - 3.2. Formats

Vote and microdescriptor documents now contain an optional "id" @@ -404,7 +408,7 @@ Status: Draft certificate, and an authentication certificate signed with the identity key. The AUTHENTICATE cell contains a signature of various fields, including the contents of the AUTH_CHALLENGE - which the server sent cell, using the client's authentication + which the server sent, using the client's authentication key. These cells allow the client to authenticate to the server.