[tor-dev] (Draft) Proposal 224: Next-Generation Hidden Services in Tor

Nick Mathewson nickm at alum.mit.edu
Thu Dec 5 15:09:32 UTC 2013


On Thu, Dec 5, 2013 at 8:31 AM, Kang <td66bshwu at gmail.com> wrote:
> Hello.
> I gave it a quick once over and these are my thoughts.
>
> I very much appreciate the ``Participants'' and ``In more detail: A
> menagerie of keys'' sections.
> I've had trouble in the past where I've been reading Tor specs and a
> new (or inconsistently named) key or actor is mentioned in passing.
> Likewise I appreciate that | was explicitly defined as concatenation,
> since in the current rend-spec it's left ambiguous.

Yeah; the current Tor specs do have a problem where they  all kind of
assume that you've read all the other specs.  That's one reason I
wanted to

> A few times you mention ``consensus parameters''.
> I assume these are values that go in the params field of the
> consensus, although it wasn't particularly clear (for me) until I
> looked it up in dir-spec.

Right; I should add a reference to dir-spec at the appropriate place.

> I like the ``Offline operation'' idea; that would certainly be more
> secure than distributing the same private key to several servers.
>
> In the hsdir_index(node) formula what exactly is ``node_identity_digest''?

It's an identity digest as used in tor-spec: a SHA1 digest of the
node's RSA identity key. I should add a reference there too.

(See proposal 220 for the start of migrating keys away from RSA1024
and SHA1, though in this case I don't think that matters.)

yrs,
-- 
Nick


More information about the tor-dev mailing list