Re: [tor-dev] How do Ed25519 relay IDs look like?
> Isn't using "fingerprint" not a bit misleading since it is not the output of > a hash function but the ed25519 master public key itself? Hi nusenu, that's fair. We've begun to conflate a couple concepts here... * Relay operators, controllers, DirPorts, etc all require a canonical relay identifier. They don't care how it's derived as long as it's unique to the relay. * Relays publish a public ed25519 key. This is an implementation detail that isn't of interest to the above populations. I'd advise against attempting to rename "fingerprint". That hasn't gone well for hidden services [1]. But with that aside, relay identifiers and the representation of ed25519 public keys don't necessarily need to be one and the same. [1] https://trac.torproject.org/projects/tor/ticket/25918 ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
> First, I'd advise that we call these 'v2 fingerprints' so it's clear > that we intend to substitute these anywhere traditional fingerprints > are used. Isn't using "fingerprint" not a bit misleading since it is not the output of a hash function but the ed25519 master public key itself? > Second, I would advise against truncated base64 identifiers. > Fingerprints are 40 character hex. master-key-ed25519's base64 value > can include slashes (such as > "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI") which will be > problematic for DirPort urls, GETINFO commands, etc. > > The simplest solution would be to simply hexify these values. This > will raise our fingerprint length from 40 to 64 characters to avoid increasing the length to 64 characters, how about using urlsafe base64 that does not make use of the "/" character? https://tools.ietf.org/html/rfc4648#section-5 https://docs.python.org/3/library/base64.html#base64.urlsafe_b64encode -- https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
> The way I understand it is this: Relay fingerprints are based on the > RSA key, which will go away eventually. The canonical identifier will > be the identity. We should start that transition Thanks Sebastian. In that case we should put more thought into this because fingerprints are foundational to our control and directory specifications. Commands, events, descriptors... really everything reference relays by fingerprint (or optionally sometimes nickname). Migrating to a new identifier is no small task. First, I'd advise that we call these 'v2 fingerprints' so it's clear that we intend to substitute these anywhere traditional fingerprints are used. Second, I would advise against truncated base64 identifiers. Fingerprints are 40 character hex. master-key-ed25519's base64 value can include slashes (such as "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI") which will be problematic for DirPort urls, GETINFO commands, etc. The simplest solution would be to simply hexify these values. This will raise our fingerprint length from 40 to 64 characters which will slightly impact DirPorts [1], but otherwise I don't anticipate a problem with such a replacement. import base64 def hexify_id(ed25519_identifier): binary_id = base64.b64decode(ed25519_identifier + ((len(ed25519_identifier) % 4) * '=')) return bytes.hex(binary_id).upper() identifier = 'yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI' print('the hex id of "%s" is "%s"' % (identifier, hexify_id(identifier))) % python3.7 demo.py the hex id of "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI" is "CA9D1FC2DA7869AFD53326491B3F2F37B2A6DF361EB75601670A99124D42C072" Cheers! -Damian [1] At most 96 server or extrainfo descriptors can be downloaded from DirPorts via their fingerprint due to a limitation on the url length by squid proxies... https://gitweb.torproject.org/stem.git/commit/?id=871a957f Maybe this is no longer relevant? If it is then raising the fingerprint length from 40 to 64 will reduce this maximum to 60 (which seems fine to me). ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
Hi Damian, > On 2. Aug 2020, at 00:04, Damian Johnson wrote: > >> I'd like to use "ed25519 identity" or even just "identity" here going >> forward. > > Gotcha. The name of 'identity' makes me wonder how this relates to > relay fingerprints, which are the canonical identifier we use. > > Regardless, the more we can standardize the terminology we use the > less confusing these fields will be. The way I understand it is this: Relay fingerprints are based on the RSA key, which will go away eventually. The canonical identifier will be the identity. We should start that transition Cheers Sebastian ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
> I was wondering why the base64 string is 43 characters long for a 32byte > Ed25519 key. > 32*8/6=42 That is because tor drops trailing '=' from base64 encoded values within descriptors. Some fields indicate this within the spec, others don't. https://gitweb.torproject.org/stem.git/tree/stem/util/str_tools.py#n98 > I'd like to use "ed25519 identity" or even just "identity" here going > forward. Gotcha. The name of 'identity' makes me wonder how this relates to relay fingerprints, which are the canonical identifier we use. Regardless, the more we can standardize the terminology we use the less confusing these fields will be. Cheers! -Damian ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
>> base64 encoding (parts of) the ed25519_master_id_public_key >> file, provides the same output as in master-key-ed25519 descriptor lines >> but I didn't find a spec for that key file to confirm the try and error >> approach >> or a tor command to simply output the ed25519_master_key public key in >> base64 format. I was wondering why the base64 string is 43 characters long for a 32byte Ed25519 key. 32*8/6=42 > I'd like to add such a command great, thanks! > as well as support for using ed25519 > keys in more places in the UI and the control API. maybe add a file similar to the datadir/fingerprint file containing the base64 representation of the Ed25519 public key? maybe datadir/ed25519_identity ? -- https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] IANA well-known URI suffix registration for tor-relay-fingerprints file
I've put together the text, if you have any comments please let me know. I'm planning to submit it soon-ish. https://nusenu.github.io/tor-relay-well-known-uri-spec/ I'll also send it to the tor-relays mailing list. kind regards, nusenu -- https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
On Sat, Aug 1, 2020 at 6:10 AM nusenu wrote: > > nusenu: > >> The only question that came up was: Will there be two types of relay > >> fingerprints > >> in the future (Ed25519)? > > > > I assume the correct proposal for the Ed25519 keys is this: > > https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt > > > > I'm wondering what kind of format is used for a relay's Ed25519 ID in tor? > > > > The spec says base64: > > > >>When an ed25519 signature is present, there MAY be a > >> "master-key-ed25519" > >>element containing the base64 encoded ed25519 master key as a single > >>argument. If it is present, it MUST match the identity key in > >>the certificate. > > > > examples: > > grep master-key-ed 2020-07-28-19-05-00-server-descriptors |head -2 > > > > master-key-ed25519 clT/2GWmTY/qU5TBGaudAIjOUUxUdKhMY/Q5riK6G2E > > master-key-ed25519 qDI9PbwtiKzpR9phLnWI99uimdwNW8+l9c7hDoWV9dQ > > > > Is this the canonical format you use when referring to a relay's Ed25519 > > identity? > > I looked at what stem does in this area [1]. > It uses the more accurate name "ed25519_master_key" instead of Ed25519 ID > and contains the above mentioned base64 encoded Ed25519 public master key > so I assume this is the canonical format since I didn't see any other > representation. I'd like to use "ed25519 identity" or even just "identity" here going forward. While it might make sense to use other names when describing it in relation to other keys, when talking about the relay, it is an identity key. The base64-encoded form is the best one we have; whenever we output a key, we use that format. > > What command does a relay operator need to run to find out > > his relay's Ed25519 ID on the command line? > > base64 encoding (parts of) the ed25519_master_id_public_key > file, provides the same output as in master-key-ed25519 descriptor lines > but I didn't find a spec for that key file to confirm the try and error > approach > or a tor command to simply output the ed25519_master_key public key in base64 > format. I'd like to add such a command, as well as support for using ed25519 keys in more places in the UI and the control API. I'm not going to have time for a while, though, but if anybody would be interested in hacking this together, I can point to some of the places in the code you'd need to change. best wishes, -- Nick ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How do Ed25519 relay IDs look like?
nusenu: >> The only question that came up was: Will there be two types of relay >> fingerprints >> in the future (Ed25519)? > > I assume the correct proposal for the Ed25519 keys is this: > https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt > > I'm wondering what kind of format is used for a relay's Ed25519 ID in tor? > > The spec says base64: > >>When an ed25519 signature is present, there MAY be a "master-key-ed25519" >>element containing the base64 encoded ed25519 master key as a single >>argument. If it is present, it MUST match the identity key in >>the certificate. > > examples: > grep master-key-ed 2020-07-28-19-05-00-server-descriptors |head -2 > > master-key-ed25519 clT/2GWmTY/qU5TBGaudAIjOUUxUdKhMY/Q5riK6G2E > master-key-ed25519 qDI9PbwtiKzpR9phLnWI99uimdwNW8+l9c7hDoWV9dQ > > Is this the canonical format you use when referring to a relay's Ed25519 > identity? I looked at what stem does in this area [1]. It uses the more accurate name "ed25519_master_key" instead of Ed25519 ID and contains the above mentioned base64 encoded Ed25519 public master key so I assume this is the canonical format since I didn't see any other representation. > What command does a relay operator need to run to find out > his relay's Ed25519 ID on the command line? base64 encoding (parts of) the ed25519_master_id_public_key file, provides the same output as in master-key-ed25519 descriptor lines but I didn't find a spec for that key file to confirm the try and error approach or a tor command to simply output the ed25519_master_key public key in base64 format. kind regards, nusenu [1] https://stem.torproject.org/api/descriptor/server_descriptor.html#stem.descriptor.server_descriptor.RelayDescriptor https://gitweb.torproject.org/torspec.git/tree/cert-spec.txt These are the file paths I would suggest for the well-known registry: .well-known/tor-relay/rsa-fingerprints .well-known/tor-relay/ed25519-pubkeys -- https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev