Nick Mathewson nickm@torproject.org writes:
[ text/plain ] Hi! I thought I'd write this up while it was fresh in my mind. It could be used as an alternative method to the current proposed client authentication mechanism. We could implement both, or just this, or just the other.
My description here will be a bit terser than we'd want in a proper proposal, but I wanted to share it.
This design is based on George Kadianakis's client authentication design; it won't make sense unless you've read it.
OK people,
I have a more mature torspec branch now for your eyes and only. Please see branch `prop224_client_auth_4` in my torspec repo: https://gitweb.torproject.org/user/asn/torspec.git/log/?h=prop224_client_aut...
The changes are based on the feedback and discussion on this thread.
The only real changes from `prop224_client_auth_3` is that it increases the max descriptor size to 50k, and it removes the username/password intro-level authorization.
Please let me know of anything that seems off, or anything that can make the proposal more readable. Otherwise, we should merge this upstream and move forward with fixing the already merged prop224 HSDir code.
Thanks!