[tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

George Kadianakis desnacked at riseup.net
Thu Dec 1 21:17:06 UTC 2016

George Kadianakis <desnacked at riseup.net> writes:

> Nick Mathewson <nickm at torproject.org> writes:
>> [ text/plain ]
>> Hi!  I thought I'd write this up while it was fresh in my mind.  It
>> could be used as an alternative method to the current proposed client
>> authentication mechanism.  We could implement both, or just this, or
>> just the other.
>> My description here will be a bit terser than we'd want in a proper
>> proposal, but I wanted to share it.
>> This design is based on George Kadianakis's client authentication
>> design; it won't make sense unless you've read it.
> OK people,
> I have a more mature torspec branch now for your eyes and only.  Please
> see branch `prop224_client_auth_4` in my torspec repo:
>        https://gitweb.torproject.org/user/asn/torspec.git/log/?h=prop224_client_auth_4
> The changes are based on the feedback and discussion on this thread.
> The only real changes from `prop224_client_auth_3` is that it increases
> the max descriptor size to 50k, and it removes the username/password
> intro-level authorization.
> Please let me know of anything that seems off, or anything that can make
> the proposal more readable. Otherwise, we should merge this upstream and
> move forward with fixing the already merged prop224 HSDir code.
> Thanks!


I merged the above patch to torspec.git.

Thanks for the feedback and helpful comments everyone!

More information about the tor-dev mailing list