On 18 May (19:03:09), George Kadianakis wrote:
Ian Goldberg iang@cs.uwaterloo.ca writes:
On Thu, May 10, 2018 at 12:20:05AM +0700, Suphanat Chunhapanya wrote:
On 05/09/2018 03:50 PM, George Kadianakis wrote:
b) We might also want to look into XEdDSA and see if we can potentially use the same keypair for both intro auth (ed25519) and desc auth
(x25519).
This will be a great advantage if we can do that because putting two private keys in the HidServAuth is so frustrating.
The private key for intro auth is used to make a signature (that will be different per client), while the private key for desc auth is used to decrypt the descriptor (which will be the same for all clients), no?
Hm. Both intro auth and desc auth keys are different for each client. In the case of desc auth we do that so that we can revoke a client without needing to refresh desc auth keys for all other clients.
Following yesterday's discussion on IRC with haxxpop and asn, and some more today, I worked on a revised version of the spec:
https://gitweb.torproject.org/user/dgoulet/torspec.git/commit/?h=ticket20700...
Probably will be easier to just read the whole thing instead of the diff:
https://gitweb.torproject.org/user/dgoulet/torspec.git/tree/rend-spec-v3.txt...
So the idea is that instead of making the HS client/operator have to pass around portions of a file containing private and public keys, it is to logically seperate them so that the operator only deals with one single file when wanting to transmit the keys to a client.
Thoughts? David