George Kadianakis <desnac...@riseup.net> writes: > George Kadianakis <desnac...@riseup.net> writes: > >> Hello haxxpop and David, >> >> here is a patch with an alternative directory format for v3 client auth >> crypto key bookkeeping as discussed yesterday on IRC: >> https://github.com/torproject/torspec/pull/23 >> >> Thanks for making me edit the spec because it made me think of various >> details that had to be thought of. > > Hello again, > > there have been many discussions about client auth since that last email > a month ago. Here is a newer branch that we want to get merged so that > we proceed with implementation: https://github.com/torproject/torspec/pull/33 > > The first commit is the same as in the original post, and all subsequent > commits are improvements on top of it. > > Here are a few high-level changes that were made after discussion: > > - Ditched intro auth for now, since descriptor auth is sufficient for > our threat model, and trying to support two different auth types would > complicate things. > > - Opted for a KISS design for now where we don't ask Tor to generate > client auth keys neither on the client side or on the service side. > For now we assume that client/service-side generated their keys with > an external tool, and we will build such tools in the future, instead > of spending too much time bikeshedding about it right now. > > - Client auth is enabled if the client auth directory is populated with > the right files, instead of relying on torrc switches etc. > > Furthermore, the last three commits are quick mainly-cosmetic changes I > did alone before posting this here. Inform me if you don't like those. > > I'll let this simmer here for a few days before merging it in torspec. > Let me know if you have questions! Thanks for reading! >
FWIW, the above spec branch has been merged upstream to torspec.git! Feedback is still welcome and we will patch upstream if needed! :) _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev