[tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Tue Aug 13 18:54:57 UTC 2013


13.08.2013 Nick Mathewson:
> 6. Naming nodes in the interface
> 
>    Anywhere in the interface that takes an $identity should be able to
>    take an ECC identity too.  ECC identities are case-sensitive base64
>    encodings of Ed25519 identity keys. You can use $ to indicate them as
>    well; we distinguish RSA identity digests length.
> 
>    When we need to indicate an Ed25519 identity key in an hostname
>    format (as in a .exit address), we use the lowercased version of the
>    name, and perform a case-insensitive match.  (This loses us one bit
>    per byte of name,

Did you plan to use a closing bracket or is something missing?

>    Nodes must not list Ed25519 identities in their family lines; clients
>    and authorities must not honor them there.

Why not including them in their family lines? Clients and Authorities
still can ignore them.

>    Clients shouldn't accept .exit addresses with Ed25519 names on SOCKS
>    or DNS ports by default, even when AllowDotExit is set.

Do you suggest a new torrc option or extending AllowDotExit, with 2?

Regards,
Sebastian G.


More information about the tor-dev mailing list