[tor-commits] [torspec/master] Use new prop220 cert format in prop224.

nickm at torproject.org nickm at torproject.org
Thu Feb 20 14:01:46 UTC 2014 

commit 01c536fa3d931401258465177b61720b1b033179
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Feb 20 13:50:27 2014 +0000

    Use new prop220 cert format in prop224.
---
 proposals/224-rend-spec-ng.txt |   37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 680d449..5e4c511 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -16,8 +16,17 @@ Status: Draft
    in the design.
 
    Change history:
+
        2013-11-29: Proposal first numbered. Some TODO and XXX items remain.
 
+       2014-01-04: Clarify some unclear sections.
+
+       2014-01-21: Fix a typo.
+
+       2014-02-20: Move more things to the revised certificate format in the
+           new updated proposal 220.
+
+
 0. Hidden services: overview and preliminaries.
 
    Hidden services aim to provide responder anonymity for bidirectional
@@ -787,14 +796,14 @@ Status: Draft
    The format for a hidden service descriptor is as follows, using the
    meta-format from dir-spec.txt.
 
-     "hs-descriptor" SP "3" SP public-key SP certification NL
+     "hs-descriptor" SP "3" certificate NL
 
        [At start, exactly once.]
 
-       public-key is the blinded public key for the service, encoded in
-       base 64. Certification is a certification of a short-term ed25519
-       descriptor signing key using the public key, in the format of
-       proposal 220.
+       The 'certificate' field contains a certificate in the format from
+       proposal 220, with the short-term ed25519 descriptor-signing key
+       signed by the blinded public key.  It must contain a
+       ed25519-signing-key extension containing the blinded public key.
 
      "time-period" SP YYYY-MM-DD HH:MM:SS NUM NL
 
@@ -895,14 +904,15 @@ Status: Draft
           The link-specifiers is a base64 encoding of a link specifier
           block in the format described in BUILDING-BLOCKS.
 
-        "auth-key" SP "ed25519" SP key SP certification NL
+        "auth-key" SP "ed25519" certificate NL
 
           [Exactly once per introduction point]
 
           Base-64 encoded introduction point authentication key that was
           used to establish introduction point circuit, cross-certifying
-          the blinded public key key using the certification format of
-          proposal 220.
+          the blinded public key.  This uses the certificate format of
+          proposal 220 with type [09].  The signing-key extension is
+          mandatory here to tell you what the public key is.
 
         "enc-key" SP "ntor" SP key NL
 
@@ -1732,3 +1742,14 @@ Appendix C. Recommendations for searching for vanity .onions [VANITY]
 Appendix D. Numeric values reserved in this document
 
   [TODO: collect all the lists of commands and values mentioned above]
+
+Appendix E. Reserved numbers
+
+  We reserve these certificate type values for Ed25519 certificates:
+
+      [08] hidden service short-term ed25519 key, signed with blinded
+           public key. (Section 2.4)
+      [09] intro point authentication key, cross-certifying blinded
+           public key. (Section 2.5)
+
+  [XXXX list more]

More information about the tor-commits mailing list