nit-picky spec questions about connection protocol please....
nickm at freehaven.net
Wed Jan 3 20:06:59 UTC 2007
On Wed, Jan 03, 2007 at 02:32:56PM -0500, chris at seberino.org wrote:
> I'm studying section 2 of the spec on connections
> and just wanted to confirm some items with the good people of Tor....
> * The 'short-term connection key' mentioned in third paragraph is an AES key
No; it's a short term RSA key. We don't say that, because you can't
(sanely) stick symmetric keys in a certificate. I'll fix the spec so
it's (hopefully) readable without assuming the reader knows so much
> * The 'identity key' is the RSA public key associated with a router right?
> * Spec says this identity key is self-signed but did not say the 'short-term
> connection key' is signed. The 'short-term connection key' is signed by
> encrypting its hash with router's RSA private key right?
The identity key certificate is self-signed.
The certificate with the short term connection key is signed by the
> * Spec introduced the terms digital signature and certs in section 2 without
> mentioning all the boring details like what standard is used for these two
> things...e.g. X509?
X.509 is the only certificate standard supported by TLS (at least, in
any implementation I've seen).
> * Are all the aforementioned certs and keys mentioned above sent in
> 'cells'? Which cell types? This was not specified.
No. This is part of the TLS handshake. I'll try to make that clear
if I can.
> * It appears each onion router has a RSA public key that can be
> acquired from a directory server or EXTEND cells. The begs the
> question how do the Onion Routers safely get the public keys of
> directory servers? I assume routers talk to them over HTTS / SSL
Directory servers are specified in dir-spec.txt. Directory _authority_
locations and keys ship with the tor source; clients learn about
caches from the authorities.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 652 bytes
Desc: not available
More information about the tor-dev