[tor-dev] Proposal 228: Cross-certifying identity keys with onion keys

Nick Mathewson nickm at alum.mit.edu
Wed Feb 26 16:27:54 UTC 2014

On Wed, Feb 26, 2014 at 3:17 AM, grarpamp <grarpamp at gmail.com> wrote:
>>    that key (since you don't have the private key).  You _could_ do
>>    something weird in the TAP protocol where you .
> Seems an editing/thought dropoff up there, it happens.

Sorry, I do that a lot.  It happens because I tend to write three or
four sentences at the same time.  I start writing one, then realize I
need to write another, so I begin another sentence without finishing
the first.  Then it happens again, and I start a third sentence
without finishing the second, and so on.  Usually, I finish all the
sentences as I walk back up my stack, but that still leaves more than
a handful unfinished.

In any case, I just expanded that sentence to read:

   (You _could_ do something weird in the TAP protocol where you
   receive an onionskin that you can't process, relay it to the
   party who can process it, and receive a valid reply that you
   could send back to the user.  But this makes you a less effective
   man-in-the-middle than you would be if you had just generated
   your own onion key.  The ntor protocol shuts down this
   possibility by including the router identity in the material to
   be hashed, so that you can't complete an ntor handshake unless
   the client agrees with you about what identity goes with your
   ntor onion key.)

Thanks for catching this,

More information about the tor-dev mailing list