Proposal 176: Proposed version-3 link handshake for Tor
nickm at freehaven.net
Tue Feb 1 02:52:00 UTC 2011
On Mon, Jan 31, 2011 at 9:50 PM, Nick Mathewson <nickm at freehaven.net> wrote:
> To authenticate the server, the client MUST check the following:
> * The CERTS cell contains exactly one CertType 1 "Link" certificate.
> * The CERTS cell contains exactly one CertType 2 "ID"
> * Both certificates have validAfter and validUntil dates that
> are not expired.
> * The certified key in the Link certificate matches the
> link key that was used to negotiate the TLS connection.
> * The certified key in the ID certificate is a 1024-bit RSA key.
> * The certified key in the ID certificate was used to sign both
> * The link certificate is correctly signed with the key in the
> ID certificate
> * The ID certificate is correctly self-signed.
Robert Ransom responded to an earlier draft of this proposal,
suggesting that instead of being self-signed, the ID certificate
should be cross-certified by the link key. He said:
> > Yes. I'm not exactly sure why I'm suggesting it.
> > When an OpenPGP public key has a subkey which can be used to generate
> > signatures, GPG requires that that subkey sign the main public key, in
> > addition to requiring that the main public key sign the subkey. The
> > GPG man page states that this prevents some attacks. I don't know
> > whether the cross-certification I'm asking for above prevents any
> > attacks we care about.
[Posted here with permission]
More information about the tor-dev