* Introduce the notion of Argument, which is relied on in the
rest of the document, but not defined here formally.
Spec changes implied by this diff:
* Forbid the arguments from containing form feeds, carriage returns,
and vertical tabs.
* Forbid trailing whitespace after the last argument. I'm not sure
whether this is correct, but it seems anomalous to permit it for
only for keyword lines with arguments, and not anywhere else.
We have never actually generated an Item with multiple Objects.
What's more, neither the C tor implementation nor Arti actually
supports parsing such and item.
This NL isn't so easy to remove in Tor, since some older
control-port code depends on it IIRC. But not having documented it
caused arti#637: let's explain that, so that the next unfortunate
implementor doesn't hit it.
Corresponds to the bugfixes for bugs 40698 and 40700.
Also, document our MeasuredButAuthority= keyword that we include instead
(but that nothing uses).
The descriptor format uses a curve25519->ed25519 conversion
algorithm to cross-certify descriptors with their ntor onion keys.
This patch clarifies two aspects of the algorithm:
1. When deriving a private key, how to derive the part of the
private key that _isn't_ a point on the curve.
2. That there are two algorithms here, one for private->private and
one for public->public.
Since the authorities can produce a signed consensus as soon as
`ValidAfter` minus `DistSeconds`, and since they serve a signed
consensus as soon as it has enough signatures, it's possible that a
client or relay that's starting late in the hour can get an "early"
consensus. Back in tor#25756, we fixed this issue in Tor, but we
didn't document the behavior in the spec.
A keyword may not begin with '-'. Otherwise, "-----BEGIN" would be
a keyword, and the grammar would be ambiguous.
A beginline or endline may have multiple words in its tag.
