On 2023/10/19 12:49, Nick Mathewson wrote: > To see this rendered, go to > https://spec.torproject.org/proposals/347-domain-separation.html > > ``` > Filename: 347-domain-separation.md > Title: Domain separation for certificate signing keys > Author: Nick Mathewson > Created: 19 Oct 2023 > Status: Open > ``` > > ## Our goal > > We'd like to be able to use the "family key" from proposal 321 as a > general purpose signing key, to authenticate other things than the > membership of a family. For example, we might want to have a > challenge/response mechanism where the challenger says, "If you want > to log in as the owner of the account corresponding to this family, > sign the following challenge with your key. Or we might want to > have a message authentication scheme where an operator can > sign a message in a way that proves key ownership. > > We _might_ also like to use relay identity keys or onion service > identitiy keys for the same purpose.
Very nice work here. This is exactly what we need for some of the experiments we want to do under Sponsor 112. Cheers, Alex -- Alexander Færøy _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev