[tor-dev] adding smartcard support to Tor
twim at riseup.net
Sun Oct 18 12:10:41 UTC 2015
> Ivan, if I understand
> correctly, the setup I've planned will no longer work once Tor switches to
> the next generation hidden services architecture, is this correct? Will
> there be any backwards compatibility or will old hidden services simply
> stop working at that point?
No, actually the setup will work. But it will not work until the code
base (of the OB) is changed*. For now one can sign arbitrary set of IPs
with their key (you can test it with e.g. Facebook HS) and this
descriptor will be valid .
Cross-certifications are just a mechanism of hardening this process. In
order to make frontend descriptor valid backend instances must "be
aware" of the frontend. So backend nodes are certifying public key of
frontend and then they can be included into a frontend descriptor.
[using OB terminology]
[*] Also there is still only RSA crypto in the OB.
\ / ASCII Ribbon Campaign
X against HTML email & Microsoft
/ \ attachments! http://arc.pasp.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the tor-dev