This is an automated email from the git hooks/post-receive script.
nickm pushed a change to branch main in repository torspec.
from 4234d93 Merge remote-tracking branches 'tor-gitlab/mr/114' and 'tor-gitlab/mr/115' new 7838586 Refer to N_hs_desc_enc in description of encrypted-cookie new ecd718e Add `ed25519`, the name of the auth type, to the heading new 51fd440 Talk of "defined" rather than "recognized" auth types new dc82243 Properly define "authentication types" in the relevant section new 28cc4dc Mention, hopelessly, the undocumented "password" auth type new e8aea86 Merge remote-tracking branch 'tor-gitlab/mr/113'
The 6 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
Summary of changes: rend-spec-v3.txt | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-)
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit ecd718e116c3cb76ccea205c885d5d110bbe65bd Author: Ian Jackson ijackson@chiark.greenend.org.uk AuthorDate: Mon Feb 6 15:04:46 2023 +0000
Add `ed25519`, the name of the auth type, to the heading --- rend-spec-v3.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index a8ac264..48d2ba3 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2071,7 +2071,7 @@ Table of contents: One mechanism to do so is the credential mechanism, where only users who know the credential for a hidden service may connect at all.
-3.4.1. Ed25519-based authentication. +3.4.1. Ed25519-based authentication `ed25519`.
To authenticate with an Ed25519 private key, the user must include an extension field in the encrypted part of the INTRODUCE1 cell with an
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit 51fd440a19f1e41931049b72aae2d3cca0697d0c Author: Ian Jackson ijackson@chiark.greenend.org.uk AuthorDate: Mon Feb 6 15:06:41 2023 +0000
Talk of "defined" rather than "recognized" auth types
We're not the code, we're the spec. We can define things, not recognise them. --- rend-spec-v3.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 48d2ba3..b533895 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1360,7 +1360,7 @@ Table of contents: A space-separated list of introduction-layer authentication types; see section [INTRO-AUTH] for more info. A client that does not support at least one of these authentication types will not be able to contact the - host. Recognized types are: 'password' and 'ed25519'. + host. Defined types are: 'password' and 'ed25519'.
"single-onion-service"
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit dc822431f3bf2d9a31d83662982cafbc2a6d4a38 Author: Ian Jackson ijackson@chiark.greenend.org.uk AuthorDate: Mon Feb 6 15:07:10 2023 +0000
Properly define "authentication types" in the relevant section
Use the phrase which is used elsehwer, and enumerate them again since this is where one would expect to find that enumeration. --- rend-spec-v3.txt | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index b533895..33415e4 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2071,6 +2071,8 @@ Table of contents: One mechanism to do so is the credential mechanism, where only users who know the credential for a hidden service may connect at all.
+ There are two defined authentication types, `ed25519` and `password`. + 3.4.1. Ed25519-based authentication `ed25519`.
To authenticate with an Ed25519 private key, the user must include an
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit 28cc4dc16b79ac31f2a3bfdc3a49387b1912c39b Author: Ian Jackson ijackson@chiark.greenend.org.uk AuthorDate: Mon Feb 6 15:08:00 2023 +0000
Mention, hopelessly, the undocumented "password" auth type --- rend-spec-v3.txt | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 33415e4..fb570b4 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2073,6 +2073,9 @@ Table of contents:
There are two defined authentication types, `ed25519` and `password`.
+ However, the `password` authentication type is not documented + and ??? ??? ???. + 3.4.1. Ed25519-based authentication `ed25519`.
To authenticate with an Ed25519 private key, the user must include an
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit 78385868959876f08149d7cd0346b2603d327a0f Author: Nick Mathewson nickm@torproject.org AuthorDate: Wed Feb 8 11:39:37 2023 -0500
Refer to N_hs_desc_enc in description of encrypted-cookie --- rend-spec-v3.txt | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 0dc20db..947d82e 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1242,13 +1242,8 @@ Table of contents: a pre-shared x25519 keypair (`KP_hsc_desc_enc`) which is used to decrypt the descriptor cookie.
- - We now describe the descriptor cookie encryption scheme. Here are the - relevant keys: - - descriptor_cookie = descriptor cookie used to encrypt the descriptor - - And here is what the hidden service computes: + We now describe the descriptor cookie encryption scheme. Here is what + the hidden service computes:
SECRET_SEED = x25519(KS_hs_desc_ephem, KP_hsc_desc_enc) KEYS = KDF(N_hs_subcred | SECRET_SEED, 40) @@ -1263,7 +1258,7 @@ Table of contents:
- The "encrypted-cookie" field contains the descriptor cookie ciphertext as follows and is encoded in base64: - encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR descriptor_cookie + encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR N_hs_desc_enc.
See section [FIRST-LAYER-CLIENT-BEHAVIOR] for the client-side logic of how to decrypt the descriptor cookie.
This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit e8aea8668870f9652b1d5c7446bed56d92c9f37d Merge: 7838586 28cc4dc Author: Nick Mathewson nickm@torproject.org AuthorDate: Wed Feb 8 11:40:11 2023 -0500
Merge remote-tracking branch 'tor-gitlab/mr/113'
rend-spec-v3.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --cc rend-spec-v3.txt index 947d82e,fb570b4..13eb758 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@@ -2071,7 -2071,12 +2071,10 @@@ Table of contents One mechanism to do so is the credential mechanism, where only users who know the credential for a hidden service may connect at all.
- 3.4.1. Ed25519-based authentication. - There are two defined authentication types, `ed25519` and `password`. ++ There is one defined authentication type: `ed25519`. + - However, the `password` authentication type is not documented - and ??? ??? ???. + + 3.4.1. Ed25519-based authentication `ed25519`.
To authenticate with an Ed25519 private key, the user must include an extension field in the encrypted part of the INTRODUCE1 cell with an
tor-commits@lists.torproject.org
-
gitolite role