[tor-dev] Proposal 347: Domain separation for certificate signing keys
Alexander Færøy
ahf at torproject.org
Thu Oct 19 17:08:54 UTC 2023
On 2023/10/19 12:49, Nick Mathewson wrote:
> To see this rendered, go to
> https://spec.torproject.org/proposals/347-domain-separation.html
>
> ```
> Filename: 347-domain-separation.md
> Title: Domain separation for certificate signing keys
> Author: Nick Mathewson
> Created: 19 Oct 2023
> Status: Open
> ```
>
> ## Our goal
>
> We'd like to be able to use the "family key" from proposal 321 as a
> general purpose signing key, to authenticate other things than the
> membership of a family. For example, we might want to have a
> challenge/response mechanism where the challenger says, "If you want
> to log in as the owner of the account corresponding to this family,
> sign the following challenge with your key. Or we might want to
> have a message authentication scheme where an operator can
> sign a message in a way that proves key ownership.
>
> We _might_ also like to use relay identity keys or onion service
> identitiy keys for the same purpose.
Very nice work here. This is exactly what we need for some of the
experiments we want to do under Sponsor 112.
Cheers,
Alex
--
Alexander Færøy
More information about the tor-dev
mailing list