[tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 14 19:29:11 UTC 2015
#17349: Create an ed25519 shared randomness key for dirauths
--------------------+------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #16943 | Points:
Sponsor: |
--------------------+------------------------------------
Comment (by asn):
Replying to [comment:2 nickm]:
> a) This one.
>
> RSA authority signing key ==> ed25519 master identity key -> ed25519
signing key ==> ed25519 SR key
>
> The only missing parts here are the ones I've done as "==>". The first
means that authorities should affirm their ed25519 identities.
>
> b) They could go in the certificate, but I'm not 100% sure they have to.
Certificates do not currently include the RSA OR identity key. I think
that putting them in the voter-info block would make more sense. The one
that goes
> {{{
> dir-source dannenberg 585769C78764D58426B8B52B6651A5A71137189A
dannenberg.torauth.de 193.23.244.244 80 443
> contact Andreas Lehner <ops at torauth.de>
> vote-digest FB581F58EFCA26CD61323CE2E2082542960AA405
> }}}
>
> Votes are signed by the RSA authority signing key, so this would
authenticate the ed25519 master identity key using that.
>
Thanks for the help. I think I understand a bit better now.
Please allow me to demonstrate my understanding, by showing you the extra
lines that have to be added in the `voter-info` block to complete this:
{{{
master-key-ed25519 G8F9MHeldbWqj6F9jMozR4dd8Wof7u3tVWUwxMO3t8R
-----BEGIN ED25519 CERT----- (ed25519 master key -> ed25519 signing
key)...
-----BEGIN ED25519 CERT----- (ed25519 signing key -> ed25519 shard random
key)...
}}}
The first line introduces the master ed25519 to the voting document
(currently it's only in the relay descriptor of the dirauth). Since it's
in the vote, it's signed by the RSA signing key, and hence we complete the
`RSA authority signing key -> ed25519 master identity key` part of the
chain.
The second line completes the `ed25519 master identity key -> ed25519
signing key` part of the chain. Also these ed25519 certificates (as
defined in prop220) seem to include the to-be-certified key, so in this
case we don't need an extra line to introduce the ed25519 signing key
explicitly.
The final line finishes the chain by doing `ed25519 signing key -> ed25519
shared random key`.
How does that sound?
----
I wonder what other things I need to think about. Like what should the
lifetime of the SR key be. But maybe I can set it to the same lifetime as
the signing key? Or maybe a bit shorter?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17349#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list