[tor-dev] HS v3 client authorization types

[David Goulet]

On 18 May (19:03:09), George Kadianakis wrote:
> Ian Goldberg <iang at cs.uwaterloo.ca> writes:
> 
> > On Thu, May 10, 2018 at 12:20:05AM +0700, Suphanat Chunhapanya wrote:
> >> On 05/09/2018 03:50 PM, George Kadianakis wrote:
> >> > b) We might also want to look into XEdDSA and see if we can potentially
> >> >    use the same keypair for both intro auth (ed25519) and desc auth
> >> (x25519).
> >> 
> >> This will be a great advantage if we can do that because putting two
> >> private keys in the HidServAuth is so frustrating.
> >
> > The private key for intro auth is used to make a signature (that will be
> > different per client), while the private key for desc auth is used to
> > decrypt the descriptor (which will be the same for all clients), no?
> >
> 
> Hm. Both intro auth and desc auth keys are different for each client. In
> the case of desc auth we do that so that we can revoke a client without
> needing to refresh desc auth keys for all other clients.

Following yesterday's discussion on IRC with haxxpop and asn, and some more
today, I worked on a revised version of the spec:

https://gitweb.torproject.org/user/dgoulet/torspec.git/commit/?h=ticket20700_01

Probably will be easier to just read the whole thing instead of the diff:

https://gitweb.torproject.org/user/dgoulet/torspec.git/tree/rend-spec-v3.txt?h=ticket20700_01#n2279

So the idea is that instead of making the HS client/operator have to pass
around portions of a file containing private and public keys, it is to
logically seperate them so that the operator only deals with one single file
when wanting to transmit the keys to a client.

Thoughts?
David

-- 
fbv5H3G6O9hLu6Txl6sNIg/unJ95a7iOi43Afzw8ROs=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180712/36e4617c/attachment.sig>