[tor-dev] [tor-assistants] Python metrics-lib
Beck Chen
csybeck at gmail.com
Tue May 8 02:17:58 UTC 2012
I observed some inconsistency, if not errors, in the directory server specs
[1]:
1. Outline
Every authority has a very-secret, long-term "Authority Identity Key".
This is stored encrypted and/or offline, and is used to sign "key
certificate" documents. Every key certificate contains a medium-term
(3-12 months) "authority signing key", that is used by the authority to
sign other directory information.
2.1. Router descriptor format
"fingerprint" fingerprint NL
[At most once]
A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in
hex, with a single space after every 4 characters) for this router's
identity key. A descriptor is considered invalid (and MUST be
rejected) if the fingerprint line does not match the public key.
"signing-key" NL a public key in PEM format
[Exactly once]
The OR's long-term identity key. It MUST be 1024 bits.
According to the outline, the long-term identity key should be different
from the
signing key, which changes every 3-12 months. Then why should the signing
key
become the identity key in the descriptor format, and fingerprint become
the hash
of the identity key?
Cheers,
Beck
[1]
https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=dir-spec.txt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120508/92d3e359/attachment-0001.html>
More information about the tor-dev
mailing list