[tor-commits] [torspec] 07/14: Rename three keys.

gitolite role git at cupani.torproject.org
Wed Feb 8 16:38:21 UTC 2023


This is an automated email from the git hooks/post-receive script.

nickm pushed a commit to branch main
in repository torspec.

commit da8ecedde5c62d2d48930d8ec09708cd123b2258
Author: Nick Mathewson <nickm at torproject.org>
AuthorDate: Tue Feb 7 14:51:08 2023 -0500

    Rename three keys.
    
    These names are slightly shorter and a bit more descriptive IMO, and
    now (when they are still fresh) is the best time to rename these
    keys.
    
    `hs_intro_tid` becomes `hs_ipt_sid`: It is a _session identifier_
    key used with an _introduction point_.  Using `ipt` here emphasizes
    that it is not part of the introduction _handshake_.
    
    `hs_intro_ntor` becomes `hss_ntor`. The extra "s" means it is owned
    by the service. Renaming "intro" here removes the implication that
    it is held by or used by the introduction point.
    
    `onion_ntor` becomes `ntor`: There is no such thing as an ntor key
    that is not an onion key.
---
 rend-spec-v3.txt | 14 +++++++-------
 tor-spec.txt     |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index a8ac264..76d02cf 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -611,14 +611,14 @@ Table of contents:
         can get their introduction requests sent to the right
         service. No keypair is ever used with more than one introduction
         point. (previously called a "service key" in rend-spec.txt)
-        KP_hs_intro_tid, KS_hs_intro_tid
+        KP_hs_ipt_sid, KS_hs_ipt_sid
 	("hidden service introduction point temporary id").
 
       Introduction point encryption key -- A short-term encryption
         keypair used when establishing connections via an introduction
         point. Plays a role analogous to Tor nodes' onion keys. A fresh
         keypair is made for each introduction point.
-        KP_hs_intro_ntor, KS_hs_intro_ntor.
+        KP_hss_ntor, KS_hss_ntor.
 
    Symmetric keys defined in this document:
 
@@ -629,7 +629,7 @@ Table of contents:
 
    Public/private keypairs defined elsewhere:
 
-      Onion key -- Short-term encryption keypair (KS_onion_ntor, KP_onion_ntor).
+      Onion key -- Short-term encryption keypair (KS_ntor, KP_ntor).
 
       (Node) identity key (KP_relayid).
 
@@ -1419,7 +1419,7 @@ Table of contents:
 
           The certificate is a proposal 220 certificate wrapped in
           "-----BEGIN ED25519 CERT-----".  It contains the introduction
-          point authentication key (`KP_hs_intro_tid`), signed by
+          point authentication key (`KP_hs_ipt_sid`), signed by
           the descriptor signing key (`KP_hs_desc_sign`).  The
           certificate type must be [09], and the signing key extension
           is mandatory.
@@ -1438,7 +1438,7 @@ Table of contents:
           [Exactly once per introduction point]
 
           The key is a base64 encoded curve25519 public key used to encrypt
-          the introduction request to service. (`KP_hs_intro_ntor`)
+          the introduction request to service. (`KP_hss_ntor`)
 
         "enc-key" SP KeyType SP key.. NL
 
@@ -1458,7 +1458,7 @@ Table of contents:
           For "ntor" keys, certificate is a proposal 220 certificate
           wrapped in "-----BEGIN ED25519 CERT-----" armor.  The subject
           key is the the ed25519 equivalent of a curve25519 public
-          encryption key (`KP_hs_intro_ntor`), with the ed25519 key
+          encryption key (`KP_hss_ntor`), with the ed25519 key
           derived using the process in proposal 228 appendix A.  The
           signing key is the descriptor signing key (`KP_hs_desc_sign`).
           The certificate type must be [0B], and the signing-key
@@ -1468,7 +1468,7 @@ Table of contents:
           constructed the other way around.  However, for compatibility
           with C tor, implementations need to construct it this way.  It
           serves even less point than "auth-key", however, since the
-          encryption key `KP_hs_intro_ntor` is already available from
+          encryption key `KP_hss_ntor` is already available from
           the `enc-key` entry.
 
         "legacy-key" NL key NL
diff --git a/tor-spec.txt b/tor-spec.txt
index e522135..b94add7 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -252,7 +252,7 @@ see tor-design.pdf.
       longer advertised.  Because of this, relays MUST retain old keys for a
       while after they're rotated. (See "onion key lifetime parameters" in
       dir-spec.txt.)
-      KP_onion_ntor, KS_onion_ntor.
+      KP_ntor, KS_ntor.
 
    These are Ed25519 keys:
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tor-commits mailing list