commit 96427e8daa30e68d1b3cba13220fea84a4e8e842 Author: Nick Mathewson nickm@torproject.org Date: Fri Nov 23 10:51:18 2012 -0500

Explain algorithm field on directory-signature

Fix for 7072 --- dir-spec.txt | 20 +++++++++++++++++++- 1 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/dir-spec.txt b/dir-spec.txt index 8e389c9..ca5434b 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -1532,7 +1532,8 @@ The signature contains the following item, which appears Exactly Once for a vote, and At Least Once for a consensus.

- "directory-signature" SP identity SP signing-key-digest NL Signature + "directory-signature" [SP Algorithm] SP identity SP signing-key-digest + NL Signature

This is a signature of the status document, with the initial item "network-status-version", and the signature item @@ -1543,6 +1544,20 @@ the signing authority, and "signing-key-digest" is the hex-encoded digest of the current authority signing key of the signing authority.

+ The Algorithm is one of "sha1" or "sha256" if it is present; + implementations MUST ignore directory-signature entries with an + unrecognized Algorithm. "sha1" is the default, if no Algorithm is + given. The algorithm describes how to compute the hash of the + document before signing it. + + "ns"-flavored consensus documents must contain only sha1 signatures. + Votes and microdescriptor documents may contain other signature + types. Note that only one signature from each authority should be + "counted" as meaning that the authority has signed the consensus. + + (Tor clients before 0.2.3.x did not understand the 'algorithm' + field.) + 3.4. Assigning flags in a vote

(This section describes how directory authorities choose which status @@ -2101,6 +2116,9 @@ [*Before consensus method 13, this field was sometimes erroneously omitted.]

+ Additionally, a microdescriptor consensus MAY use the sha256 digest + algorithm for its signatures. + 3.7. Detached signatures

Assuming full connectivity, every authority should compute and sign the