[tor-dev] Alternative directory format for v3 client auth

[George Kadianakis]

George Kadianakis <desnacked at riseup.net> writes:

> George Kadianakis <desnacked at riseup.net> writes:
>
>> Hello haxxpop and David,
>>
>> here is a patch with an alternative directory format for v3 client auth
>> crypto key bookkeeping as discussed yesterday on IRC:
>>        https://github.com/torproject/torspec/pull/23
>>
>> Thanks for making me edit the spec because it made me think of various
>> details that had to be thought of.
>
> Hello again,
>
> there have been many discussions about client auth since that last email
> a month ago. Here is a newer branch that we want to get merged so that
> we proceed with implementation: https://github.com/torproject/torspec/pull/33
>
> The first commit is the same as in the original post, and all subsequent
> commits are improvements on top of it.
>
> Here are a few high-level changes that were made after discussion:
>
> - Ditched intro auth for now, since descriptor auth is sufficient for
>   our threat model, and trying to support two different auth types would
>   complicate things.
>
> - Opted for a KISS design for now where we don't ask Tor to generate
>   client auth keys neither on the client side or on the service side.
>   For now we assume that client/service-side generated their keys with
>   an external tool, and we will build such tools in the future, instead
>   of spending too much time bikeshedding about it right now.
>
> - Client auth is enabled if the client auth directory is populated with
>   the right files, instead of relying on torrc switches etc.
>
> Furthermore, the last three commits are quick mainly-cosmetic changes I
> did alone before posting this here. Inform me if you don't like those.
>
> I'll let this simmer here for a few days before merging it in torspec.
> Let me know if you have questions! Thanks for reading!
>

FWIW, the above spec branch has been merged upstream to torspec.git!

Feedback is still welcome and we will patch upstream if needed! :)