On 18 Nov. 2016, at 09:20, David Goulet dgoulet@ev0ke.net wrote:
On 18 Nov (08:27:53), teor wrote:
On 18 Nov. 2016, at 03:52, David Goulet dgoulet@ev0ke.net wrote:
I ended up using the x25519 scheme described above by Nick.
I also ended up dodging the UX questions raised on this thread, by only specifying the Tor protocol level details, and leaving the out-of-band HS<->client protocol mostly unspecified. I believe that this out-of-band protocol and configuration details can be figured out in the future, and we should not block on them right now.
Yes, I believe this is fine. Note that tor-keygen tool is getting another _very_ important use case here that is the key generation on client side.
The tor-keygen tool is not currently included in the Tor Browser bundle. So we would have to add it (or provide an alternate method) for Tor Browser users.
It also does not really exists :). But we have a ticket for it and it's very important also for HS offline keys!
Oh right, I had it confused with tor-gencert.
And yes, I like you idea that TBB should have it included coupled with a nice UI for HS auth.
And the Tor Expert Bundle (Windows) so people can run HSs on Windows using it.
T