commit cc453f956b8f8979e7bfa2f17be7de5587da992a Author: Nick Mathewson nickm@torproject.org Date: Wed Oct 1 14:15:08 2014 -0400

Update proposal 228 to reflect implementation status --- proposals/228-cross-certification-onionkeys.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+)

diff --git a/proposals/228-cross-certification-onionkeys.txt b/proposals/228-cross-certification-onionkeys.txt index d28b714..b3b401c 100644 --- a/proposals/228-cross-certification-onionkeys.txt +++ b/proposals/228-cross-certification-onionkeys.txt @@ -85,6 +85,8 @@ Status: Open Note that this cert format has 32 bytes of of redundant data, since it includes the identity key an extra time. That seems okay to me.

+ The signed key here is the master identity key. + The TYPE field in this certificate should be set to [0A] - ntor onion key cross-certifying ntor identity key

@@ -151,3 +153,16 @@ B. Security notes oracle for our curve25519 ntor keys. Fortunately, we don't, since nobody else can influence the certificate contents.

+C. Implementation notes + + As implemented in Tor, I've decided to make this proposal cross-dependent + on proposal 220. A router descriptor must have ALL or NONE + of the following: + * An Ed25529 identity key + * A TAP cross-certification + * An ntor cross-certification + + Further, if it has the above, it must also have: + * An ntor onion key. + +