[tor-dev] Proposal 347: Domain separation for certificate signing keys

Alexander Færøy ahf at torproject.org
Thu Oct 19 17:08:54 UTC 2023


On 2023/10/19 12:49, Nick Mathewson wrote:
> To see this rendered, go to
> https://spec.torproject.org/proposals/347-domain-separation.html
> 
> ```
> Filename: 347-domain-separation.md
> Title: Domain separation for certificate signing keys
> Author: Nick Mathewson
> Created: 19 Oct 2023
> Status: Open
> ```
> 
> ## Our goal
> 
> We'd like to be able to use the "family key" from proposal 321 as a
> general purpose signing key, to authenticate other things than the
> membership of a family.  For example, we might want to have a
> challenge/response mechanism where the challenger says, "If you want
> to log in as the owner of the account corresponding to this family,
> sign the following challenge with your key.  Or we might want to
> have a message authentication scheme where an operator can
> sign a message in a way that proves key ownership.
> 
> We _might_ also like to use relay identity keys or onion service
> identitiy keys for the same purpose.

Very nice work here. This is exactly what we need for some of the
experiments we want to do under Sponsor 112.

Cheers,
Alex

-- 
Alexander Færøy


More information about the tor-dev mailing list