[or-cvs] Clarify who sends certs and chains

[Nick Mathewson]

Update of /home/or/cvsroot/tor/doc
In directory moria.mit.edu:/tmp/cvs-serv23380

Modified Files:
	tor-spec.txt 
Log Message:
Clarify who sends certs and chains

Index: tor-spec.txt
===================================================================
RCS file: /home/or/cvsroot/tor/doc/tor-spec.txt,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -d -r1.76 -r1.77
--- tor-spec.txt	21 Dec 2004 05:43:17 -0000	1.76
+++ tor-spec.txt	30 Jan 2005 00:20:15 -0000	1.77
@@ -71,11 +71,10 @@
    support any suite without ephemeral keys, symmetric keys of at
    least 128 bits, and digests of at least 160 bits.
 
-[what kind of cert does an OP send? -RD]
-   An OR always sends a two-certificate chain, consisting of a self-signed
-   certificate containing the OR's identity key, and a second certificate
-   using a short-term connection key.  The commonName of the second
-   certificate is the OR's nickname, and the commonName of the first
+   An OP or OR always sends a two-certificate chain, consisting of a
+   self-signed certificate containing the OR's identity key, and a second
+   certificate using a short-term connection key.  The commonName of the
+   second certificate is the OR's nickname, and the commonName of the first
    certificate is the OR's nickname, followed by a space and the string
    "<identity>".
 
@@ -85,6 +84,10 @@
    EXTEND cell, the expected identity key is the one given in the cell.)  If
    the key is not as expected, the party must close the connection.
 
+   All parties SHOULD reject connections to or from ORs that have malformed
+   or missing certificates.  ORs MAY accept connections from OPs with
+   malformed or missing certificates.
+
    Once a TLS connection is established, the two sides send cells
    (specified below) to one another.  Cells are sent serially.  All
    cells are 512 bytes long.  Cells may be sent embedded in TLS