On 05/14/2018 05:26 PM, George Kadianakis wrote:
Suphanat Chunhapanya haxx.pop@gmail.com writes:
On 05/09/2018 03:50 PM, George Kadianakis wrote:
I thought about this some more and discussed it with haxxpop on IRC. In the end, I think that perhaps starting with just desc auth and then in the future implementing intro auth is also an acceptable plan forward.
I think we have two more things to think about.
- I forgot to think about the format of client_authorized_pubkeys file.
In the client_authorized_pubkeys file, each line should indicate the auth type for which the pubkey is used instead of just specifying the client name and the pubkey. So the line should be as follows.
<client-name> <auth-type> <pubkey>
and, if auth-type is "standard", it will be equivalent to two lines of "desc" and "intro".
Sounds plausible.
BTW, what's the role of `client_authorized_pubkeys` in your opinion? Is it only used by little-t-tor internally to see which clients are recognized or not? IIUC, the onion service operator should not really need to use it since it contains pubkeys.
The role of `client_authorized_pubkeys` is to keep all pubkeys of clients so that we can use them to encrypt the descriptor when the client auth is enabled.
To specify which clients are recognized, the operator must put the client names in `HiddenServAuthorizeClient` directive. After that, the service will use the names in `HiddenServAuthorizeclient` to search for pubkeys in `client_authorized_pubkeys`. So, if there is a pubkey in `client_authorized_pubkeys` whose client name is not in `HiddenServAuthorizeClient`, that key will not be used.
I think the operator needs to use it because, in case the client wants to generate a keypair itself, the operator needs to put the client's pubkey in this file.
BTW, I noticed that in v2, when we enable client auth, the onion service also edits the `hostname` file to produce different lines for each client, so that the operator can copy-paste them directly to the users. Do you find that useful? Do you think we should do it too for v3?
I think we did that because in stealth mode, the hostname will change depending on the client. In v3, the hostname is always static, so I think we don't have to do that.