commit 7901fc11a9ecc6e857bf860fecb5ed25bd073378 Author: Nick Mathewson nickm@torproject.org Date: Mon Apr 7 18:17:35 2014 -0400

Clarify KH behavior in rend-spec.txt --- rend-spec.txt | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/rend-spec.txt b/rend-spec.txt index d030b8e..b070a18 100644 --- a/rend-spec.txt +++ b/rend-spec.txt @@ -736,6 +736,10 @@ and generate KH, Df, Db, Kf, and Kb as in the KDF-TOR key derivation approach documented in tor-spec.txt.

+ As in the TAP handshake, if the KH value derived from KDF-Tor does not + match the value in the RENDEZVOUS2 cell, the client must close the + circuit. + Subsequently, the rendezvous point passes relay cells, unchanged, from each of the two circuits to the other. When Alice's OP sends RELAY cells along the circuit, it authenticates with Df, and encrypts them with the