On 2023/10/19 12:49, Nick Mathewson wrote:
To see this rendered, go to https://spec.torproject.org/proposals/347-domain-separation.html
Filename: 347-domain-separation.md Title: Domain separation for certificate signing keys Author: Nick Mathewson Created: 19 Oct 2023 Status: Open## Our goal
We'd like to be able to use the "family key" from proposal 321 as a general purpose signing key, to authenticate other things than the membership of a family. For example, we might want to have a challenge/response mechanism where the challenger says, "If you want to log in as the owner of the account corresponding to this family, sign the following challenge with your key. Or we might want to have a message authentication scheme where an operator can sign a message in a way that proves key ownership.
We _might_ also like to use relay identity keys or onion service identitiy keys for the same purpose.
Very nice work here. This is exactly what we need for some of the experiments we want to do under Sponsor 112.
Cheers, Alex