George Kadianakis desnacked@riseup.net writes:
Hello haxxpop and David,
here is a patch with an alternative directory format for v3 client auth crypto key bookkeeping as discussed yesterday on IRC: https://github.com/torproject/torspec/pull/23
Thanks for making me edit the spec because it made me think of various details that had to be thought of.
Hello again,
there have been many discussions about client auth since that last email a month ago. Here is a newer branch that we want to get merged so that we proceed with implementation: https://github.com/torproject/torspec/pull/33
The first commit is the same as in the original post, and all subsequent commits are improvements on top of it.
Here are a few high-level changes that were made after discussion:
- Ditched intro auth for now, since descriptor auth is sufficient for our threat model, and trying to support two different auth types would complicate things.
- Opted for a KISS design for now where we don't ask Tor to generate client auth keys neither on the client side or on the service side. For now we assume that client/service-side generated their keys with an external tool, and we will build such tools in the future, instead of spending too much time bikeshedding about it right now.
- Client auth is enabled if the client auth directory is populated with the right files, instead of relying on torrc switches etc.
Furthermore, the last three commits are quick mainly-cosmetic changes I did alone before posting this here. Inform me if you don't like those.
I'll let this simmer here for a few days before merging it in torspec. Let me know if you have questions! Thanks for reading!