torproject/torspec
1
0
Fork 0
mirror of https://github.com/torproject/torspec.git synced 2025-02-19 08:08:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify who sends certs and chains

Browse Source 
svn:r3462
This commit is contained in:
Nick Mathewson 2005-01-30 00:20:15 +00:00
parent 247bef6241
commit 522fdb65de
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tor-spec.txt
View File

@ -71,11 +71,10 @@ TODO: (very soon)
support any suite without ephemeral keys, symmetric keys of at
least 128 bits, and digests of at least 160 bits.
[what kind of cert does an OP send? -RD]
An OR always sends a two-certificate chain, consisting of a self-signed
certificate containing the OR's identity key, and a second certificate
using a short-term connection key. The commonName of the second
certificate is the OR's nickname, and the commonName of the first
An OP or OR always sends a two-certificate chain, consisting of a
self-signed certificate containing the OR's identity key, and a second
certificate using a short-term connection key. The commonName of the
second certificate is the OR's nickname, and the commonName of the first
certificate is the OR's nickname, followed by a space and the string
"<identity>".
@ -85,6 +84,10 @@ TODO: (very soon)
EXTEND cell, the expected identity key is the one given in the cell.) If
the key is not as expected, the party must close the connection.
All parties SHOULD reject connections to or from ORs that have malformed
or missing certificates. ORs MAY accept connections from OPs with
malformed or missing certificates.
Once a TLS connection is established, the two sides send cells
(specified below) to one another. Cells are sent serially. All
cells are 512 bytes long. Cells may be sent embedded in TLS