Suphanat Chunhapanya haxx.pop@gmail.com writes:
After reading the spec diff and your mail, I'm still not sure I understand the distinction -- if the x25519 is used to decrypt the descriptor then:
The spec says that the client must have both keys and use both to authenticate, but, for me, these two things are quite independent. I think they can be considered two different authentication types. The service should be able to enable one and disable the other. For example, If I disable the x25519 while I enable ed25519, I can add a new client immediately without the need to rotate the intro points.
...how does this work? If the client doesn't have the x25519 key how can it access the descriptor?
Also, separately addressing the issue of configuration and terminology, I think it's probably best if "users" (service operators and clients) don't actually have to touch the keys.
This sounds fraught with peril: a service operator has to copy-pasta the right half of the correct two keys, securely deliver them to a client and the client has to put them in the right place in a config-file. Then, if the service client has a problem later they have to remember NOT copy-paste the whole config when asking for help... sounds like lots to go wrong :) and I don't think this can be solved by tinkering with the names/layout of torrc options, personally...