[tor-dev] HS v3 client authorization types

meejah meejah at meejah.ca
Fri Apr 27 20:59:02 UTC 2018

Suphanat Chunhapanya <haxx.pop at gmail.com> writes:

After reading the spec diff and your mail, I'm still not sure I
understand the distinction -- if the x25519 is used to decrypt the
descriptor then:

> The spec says that the client must have both keys and use both to
> authenticate, but, for me, these two things are quite independent. I
> think they can be considered two different authentication types. The
> service should be able to enable one and disable the other. For example,
> If I disable the x25519 while I enable ed25519, I can add a new client
> immediately without the need to rotate the intro points.

...how does this work? If the client doesn't have the x25519 key how can
it access the descriptor?

Also, separately addressing the issue of configuration and terminology, I
think it's probably best if "users" (service operators and clients)
don't actually have to touch the keys.

This sounds fraught with peril: a service operator has to copy-pasta the
right half of the correct two keys, securely deliver them to a client
and the client has to put them in the right place in a
config-file. Then, if the service client has a problem later they have
to remember NOT copy-paste the whole config when asking for
help... sounds like lots to go wrong :) and I don't think this can be
solved by tinkering with the names/layout of torrc options,


More information about the tor-dev mailing list