commit 009fd7195a0a302d04b4d7d98b213c69a3d76a7f
Author: George Kadianakis <desnac...@riseup.net>
Date: Tue Jan 31 14:57:14 2017 +0200
prop224: Specify rough directory format of hidden services.
---
proposals/224-rend-spec-ng.txt | 80 ++++++++++++++++++++++++++++--------------
1 file changed, 53 insertions(+), 27 deletions(-)
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 814fd74..4a685e5 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -2096,15 +2096,46 @@ Appendix E. Reserved numbers
Note: The value "0A" is skipped because it's reserved for the onion key
cross-certifying ntor identity key from proposal 228.
-Appendix F. Managing authorized client data [CLIENT-AUTH-MGMT]
+Appendix F. Hidden service directory format [HIDSERVDIR-FORMAT]
+
+ This appendix section specifies the contents of the HiddenServiceDir
directory:
+
+ - "hostname" [FILE]
+
+ This file contains the onion address of the onion service.
+
+ - "private_key_ed25519" [FILE]
+
+ This file contains the private master ed25519 key of the onion service.
+ [TODO: Offline keys]
+
+ - "client_authorized_pubkeys" [FILE]
+
+ If client authorization is _enabled_, this is a newline-separated file of
+ "<client name> <pubkeys> entries for authorized clients. You can think of it
+ as the ~/.ssh/authorized_keys of onion services. See [CLIENT-AUTH-MGMT] for
+ more details.
+
+ - "./client_authorized_privkeys/" [DIRECTORY]
+ "./client_authorized_privkeys/alice.privkey" [FILE]
+ "./client_authorized_privkeys/bob.privkey" [FILE]
+ "./client_authorized_privkeys/charlie.privkey" [FILE]
+
+ If client authorization is _enabled_ _AND_ if the hidden service is
+ responsible for generating and distributing private keys for its clients,
+ then this directory contains files with client's private keys. See
+ [CLIENT-AUTH-MGMT] for more details.
+
+Appendix E. Managing authorized client data [CLIENT-AUTH-MGMT]
Hidden services and clients can configure their authorized client data either
using the torrc, or using the control port. This section presents a suggested
- scheme for configuring client authorization.
+ scheme for configuring client authorization. Please see appendix
+ [HIDSERVDIR-FORMAT] for more information about relevant hidden service files.
- F.1. Configuring client authorization using torrc
+ E.1. Configuring client authorization using torrc
- F.1.1. Hidden Service side
+ E.1.1. Hidden Service side
A hidden service that wants to perform client authorization, adds a
new
option HiddenServiceAuthorizeClient to its torrc file:
@@ -2115,29 +2146,24 @@ Appendix F. Managing authorized client data
[CLIENT-AUTH-MGMT]
section [CLIENT-AUTH]. The rest of the line is a comma-separated list
of
human-readable authorized client names.
- Let's consider that one of the listed client names is "alice". In
this case,
- Tor checks the directory at
"DataDirectory/hidden_service/client_auth/" for
- any files with filename alice.key or alice.pub .
-
- Files ending in .key contain private keys for authorized clients,
whereas
- .pub files contain public keys for authorized clients. In general,
authorized
- clients should send their public keys to the hidden service operator,
and the
- operator should place them in the filesystem as .pub files. Only .pub
files
- are useful to the hidden service, whereas .key files are there only
if the
- hidden service had to generate its client's keypairs as described
below.
+ Let's consider that one of the listed client names is "alice". In this
+ case, Tor checks the "client_authorized_pubkeys" file for any entries
+ with client_name being "alice". If an "alice" entry is found, we use
the
+ relevant pubkeys to authenticate Alice.
- If no alice.key or alice.pub files exist, Tor is tasked with
generating
- client keys for Alice. To do so, Tor generates x25519 and ed25519
keypairs
- for Alice, then makes an alice.key file and writes the private keys
inside;
- it also makes an alice.pub file and writes the public keys inside.
- [XXX what format? it should be convenient so that client can just
copy-paste]
+ If no "alice" entry is found in the "client_authorized_pubkeys" file,
Tor
+ is tasked with generating public/private keys for Alice. To do so, Tor
+ generates x25519 and ed25519 keypairs for Alice, then makes a
+ "client_authorized_privkeys/alice.privkey" file and writes the private
+ keys inside; it also adds an entry for alice to the
+ "client_authorized_pubkeys" file.
- In this case, the hidden service operator has the responsibility to
pass the
- .key file to Alice in a secure out-of-band way. After the file is
passed to
- Alice, it can be shredded from the filesystem, as only the public
keys are
- required for the hidden service to function.
+ In this last case, the hidden service operator has the responsibility
to
+ pass the .key file to Alice in a secure out-of-band way. After the
file
+ is passed to Alice, it can be shredded from the filesystem, as only
the
+ public keys are required for the hidden service to function.
- F.1.2. Client side
+ E.1.2. Client side
A client who wants to register client authorization data for a hidden
service
needs to add the following line to their torrc:
@@ -2150,9 +2176,9 @@ Appendix F. Managing authorized client data
[CLIENT-AUTH-MGMT]
In the former case, the client is also tasked with transfering the
public
keys to the hidden service in a secure out-of-band way.
- F.2. Configuring client authorization using the control port
+ E.2. Configuring client authorization using the control port
- F.2.1. Service side
+ E.2.1. Service side
A hidden service also has the option to configure authorized clients
using the control port. The idea is that hidden service operators can
use
@@ -2167,7 +2193,7 @@ Appendix F. Managing authorized client data
[CLIENT-AUTH-MGMT]
Hidden services who use the control port interface for client auth
need
to perform their own key management.
- F.2.2. Client side
+ E.2.2. Client side
There should also be a control port interface for clients to register
authorization data for hidden services without having to use the
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
