nit-picky spec questions about connection protocol please....

Nick Mathewson nickm at freehaven.net
Wed Jan 3 20:06:59 UTC 2007 

On Wed, Jan 03, 2007 at 02:32:56PM -0500, chris at seberino.org wrote:
> I'm studying section 2 of the spec on connections
> and just wanted to confirm some items with the good people of Tor....
> 
> * The 'short-term connection key' mentioned in third paragraph is an AES key
>   right?

No; it's a short term RSA key.  We don't say that, because you can't
(sanely) stick symmetric keys in a certificate.  I'll fix the spec so
it's (hopefully) readable without assuming the reader knows so much
about TLS.

> * The 'identity key' is the RSA public key associated with a router right?

Yes.

> * Spec says this identity key is self-signed but did not say the 'short-term
>   connection key' is signed.  The 'short-term connection key' is signed by
>   encrypting its hash with router's RSA private key right?

The identity key certificate is self-signed.

The certificate with the short term connection key is signed by the
identity key.

> * Spec introduced the terms digital signature and certs in section 2 without
>   mentioning all the boring details like what standard is used for these two
>   things...e.g. X509?

X.509 is the only certificate standard supported by TLS (at least, in
any implementation I've seen).

> * Are all the aforementioned certs and keys mentioned above sent in
> 'cells'?  Which cell types?  This was not specified.

No.  This is part of the TLS handshake.  I'll try to make that clear
if I can.

> * It appears each onion router has a RSA public key that can be
> acquired from a directory server or EXTEND cells.  The begs the
> question how do the Onion Routers safely get the public keys of
> directory servers?  I assume routers talk to them over HTTS / SSL
> right?

Directory servers are specified in dir-spec.txt.  Directory _authority_
locations and keys ship with the tor source; clients learn about
caches from the authorities.

HTH,
-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070103/dce33da1/attachment-0001.pgp>

More information about the tor-dev mailing list