[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

Tom Ritter tom at ritter.vg
Fri Jun 7 14:17:14 UTC 2013


On Jun 6, 2013 9:56 AM, "Matthew Finkel" <matthew.finkel at gmail.com> wrote:
> I suppose the followup question to this is "is there really a need for
> backwards compatability n years in the future?" I completely understand
> the usefulness of this feature but I'm unsure if maintaining this
> ability is really necessary. The other issue arises due to the fact that
> the HSDir are not fixed, so caching this mapping will be non-trivial.
>
> Also, I may not be groking this idea, but which entity is signing the
> timestamp: "and received back a signature of the data and a timestamp."?
> is it the HS or the HSDir? And is this signature also created using a 1024
> bit key?

The HS proves key ownership, and receives the time-stamped assertion
"Key1024 and Key2048 were proven to be owned by the same entity on June 6,
2013".  They will provide that assertion to clients contacting them
post-Flag Day. The assertion can be signed with whatever key you like, ECC,
2048, 4096,etc.

But who is the timestamper? I originally imagined the Directory
Authorities, but they don't want to have records of all HS.  I wasn't as
familiar with HS workings when I wrote that.  I don't think HSDir's are
long lived enough, or trustworthy enough, to be time stampers.

So now I'm not sure.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130607/49481de8/attachment.html>


More information about the tor-dev mailing list