[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services
Tom Ritter
tom at ritter.vg
Fri Jun 7 14:17:14 UTC 2013
On Jun 6, 2013 9:56 AM, "Matthew Finkel" <matthew.finkel at gmail.com> wrote:
> I suppose the followup question to this is "is there really a need for
> backwards compatability n years in the future?" I completely understand
> the usefulness of this feature but I'm unsure if maintaining this
> ability is really necessary. The other issue arises due to the fact that
> the HSDir are not fixed, so caching this mapping will be non-trivial.
>
> Also, I may not be groking this idea, but which entity is signing the
> timestamp: "and received back a signature of the data and a timestamp."?
> is it the HS or the HSDir? And is this signature also created using a 1024
> bit key?
The HS proves key ownership, and receives the time-stamped assertion
"Key1024 and Key2048 were proven to be owned by the same entity on June 6,
2013". They will provide that assertion to clients contacting them
post-Flag Day. The assertion can be signed with whatever key you like, ECC,
2048, 4096,etc.
But who is the timestamper? I originally imagined the Directory
Authorities, but they don't want to have records of all HS. I wasn't as
familiar with HS workings when I wrote that. I don't think HSDir's are
long lived enough, or trustworthy enough, to be time stampers.
So now I'm not sure.
-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130607/49481de8/attachment.html>
More information about the tor-dev
mailing list