[tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

George Kadianakis desnacked at riseup.net
Wed Nov 23 16:24:16 UTC 2016


Nick Mathewson <nickm at torproject.org> writes:

> [ text/plain ]
> Hi!  I thought I'd write this up while it was fresh in my mind.  It
> could be used as an alternative method to the current proposed client
> authentication mechanism.  We could implement both, or just this, or
> just the other.
>
> My description here will be a bit terser than we'd want in a proper
> proposal, but I wanted to share it.
>
> This design is based on George Kadianakis's client authentication
> design; it won't make sense unless you've read it.
>

OK people,

I have a more mature torspec branch now for your eyes and only.  Please
see branch `prop224_client_auth_4` in my torspec repo:
       https://gitweb.torproject.org/user/asn/torspec.git/log/?h=prop224_client_auth_4

The changes are based on the feedback and discussion on this thread.

The only real changes from `prop224_client_auth_3` is that it increases
the max descriptor size to 50k, and it removes the username/password
intro-level authorization.

Please let me know of anything that seems off, or anything that can make
the proposal more readable. Otherwise, we should merge this upstream and
move forward with fixing the already merged prop224 HSDir code.

Thanks!


More information about the tor-dev mailing list