George Kadianakis <desnac...@riseup.net> writes: > Hello haxxpop and David, > > here is a patch with an alternative directory format for v3 client auth > crypto key bookkeeping as discussed yesterday on IRC: > https://github.com/torproject/torspec/pull/23 > > Thanks for making me edit the spec because it made me think of various > details that had to be thought of.
Hello again, there have been many discussions about client auth since that last email a month ago. Here is a newer branch that we want to get merged so that we proceed with implementation: https://github.com/torproject/torspec/pull/33 The first commit is the same as in the original post, and all subsequent commits are improvements on top of it. Here are a few high-level changes that were made after discussion: - Ditched intro auth for now, since descriptor auth is sufficient for our threat model, and trying to support two different auth types would complicate things. - Opted for a KISS design for now where we don't ask Tor to generate client auth keys neither on the client side or on the service side. For now we assume that client/service-side generated their keys with an external tool, and we will build such tools in the future, instead of spending too much time bikeshedding about it right now. - Client auth is enabled if the client auth directory is populated with the right files, instead of relying on torrc switches etc. Furthermore, the last three commits are quick mainly-cosmetic changes I did alone before posting this here. Inform me if you don't like those. I'll let this simmer here for a few days before merging it in torspec. Let me know if you have questions! Thanks for reading! _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev